Privacy
Effective date: July 15, 2026
Dermis Health Inc (“Ester,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, join our waitlist, communicate with us, or use any Ester product, application, connected device, prototype, beta experience, or related service that links to this Privacy Policy (collectively, the “Services”).
This Privacy Policy is preliminary and will be updated as our product, website, and Services develop. If we materially change how we collect, use, or share personal information, we will update this Privacy Policy and, where appropriate, provide additional notice.
Important health and medical notice
Ester is developing consumer wellness technology related to skin analysis and personal skin insights. Unless we expressly state otherwise in a separate agreement or notice, the Services are not intended to diagnose, treat, cure, or prevent any disease or medical condition, and they are not a substitute for professional medical advice, diagnosis, or treatment.
Ester is not currently acting as a health care provider, health plan, or health care clearinghouse. Information you provide directly to Ester through consumer Services may not be protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), unless we separately tell you that HIPAA applies to a particular Service or relationship.
Information we collect
Depending on how you interact with us, we may collect the following categories of information.
Information you provide to us
- Contact information, such as your name, email address, phone number, company, mailing address, or other details you provide.
- Account information, such as login credentials, profile information, preferences, and communication settings.
- Waitlist, survey, and feedback information, such as your interest in Ester, product preferences, skin goals, research responses, beta feedback, support requests, and other information you choose to submit.
- Communications, including emails, messages, forms, interview notes, customer support interactions, and other correspondence with us.
- Payment and transaction information, if we offer purchases, subscriptions, reservations, deposits, or other paid Services. Payment card information may be processed by our payment providers rather than stored directly by Ester.
Information related to skin, images, and device use
If you use Ester products, prototypes, beta features, or research experiences, we may collect:
- Images, video, or scans you choose to capture or upload, including images of your face or skin.
- Skin and wellness information, such as skin concerns, routines, product usage, environmental factors, self-reported conditions, goals, and related observations.
- Analysis outputs, such as skin measurements, scores, trends, detected areas of interest, recommendations, or other insights generated by our Services.
- Device and sensor data, such as camera settings, lighting conditions, calibration data, timestamps, device identifiers, firmware or app version, diagnostic logs, and performance data.
- Biometric-related information, to the extent images, scans, measurements, or derived data are considered biometric information under applicable law.
We do not use facial images, skin scans, or biometric-related information to identify you as a unique person unless we clearly disclose that use and obtain consent where required by law.
Information collected automatically
When you use our website or digital Services, we and our service providers may automatically collect:
- Device and browser information, such as IP address, device type, operating system, browser type, language settings, and mobile identifiers.
- Usage information, such as pages viewed, links clicked, referring URLs, session times, feature interactions, error reports, and approximate location derived from IP address.
- Cookies and similar technologies, such as pixels, SDKs, local storage, and analytics tools that help us operate, secure, improve, and measure the Services.
Information from third parties
We may receive information from third parties, such as:
- Service providers that help us operate our website, analytics, payments, communications, research, recruiting, or customer support.
- Business partners, research partners, or beta program collaborators.
- Public sources, social media, or professional networks, if you interact with us there.
- App stores, device platforms, or authentication providers, if you connect them to the Services.
How we use information
We may use personal information for the following purposes:
- Provide and operate the Services, including accounts, product features, device functionality, app experiences, customer support, and communications.
- Develop skin analysis and wellness features, including generating insights, tracking changes over time, personalizing experiences, improving capture quality, and evaluating product performance.
- Research, test, and improve our technology, including debugging, analytics, model evaluation, quality assurance, safety testing, calibration, and product development.
- Communicate with you, including responding to inquiries, sending product updates, managing waitlists, inviting you to research or beta programs, and providing administrative notices.
- Personalize the Services, including tailoring content, recommendations, reminders, and user experience.
- Market our Services, including sending promotional communications where permitted by law. You can opt out of marketing emails by using the unsubscribe link or contacting us.
- Maintain security and prevent misuse, including detecting fraud, protecting accounts, debugging, enforcing our terms, and protecting the rights, safety, and property of Ester, users, and others.
- Comply with legal obligations, including recordkeeping, responding to lawful requests, and exercising or defending legal claims.
- With your consent, for any other purpose we disclose when you provide information.
How we disclose information
We may disclose personal information as described below.
- Service providers and vendors. We may share information with companies that provide hosting, cloud storage, analytics, security, communications, payment processing, customer support, research operations, testing, and other services on our behalf.
- Professional advisors. We may share information with lawyers, auditors, insurers, accountants, and other professional advisors.
- Business partners and research collaborators. If you participate in a research, pilot, beta, or partner program, we may share information as described in the applicable consent, study notice, or program terms.
- Corporate transactions. We may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.
- Legal and safety purposes. We may disclose information if we believe it is necessary or appropriate to comply with law, legal process, or government requests; enforce our terms; protect the rights, privacy, safety, or property of Ester, users, or others; or detect, prevent, or address fraud, security, or technical issues.
- With your direction or consent. We may share information when you ask us to do so or consent to the disclosure.
We do not sell your personal information for money. We also do not knowingly sell or share personal information of individuals under 16 years old. Some analytics or advertising technologies may be considered “sharing” or “targeted advertising” under certain privacy laws; where required, we will provide a way to opt out.
Sensitive information, images, and biometric-related data
Some information we collect may be considered sensitive under applicable law, including health-related information, precise characteristics derived from images, or biometric-related information.
Where required by law, we will obtain your consent before collecting or using sensitive information, biometric identifiers, or biometric information. We use sensitive information only for disclosed purposes, such as providing the Services, improving and testing our technology, maintaining security, complying with law, and other purposes you authorize.
If we collect biometric identifiers or biometric information subject to a specific biometric privacy law, we will provide any required notices and obtain any required consents. We will retain biometric-related information only for as long as reasonably necessary for the purposes described in this Privacy Policy or as otherwise required or permitted by law.
De-identified and aggregated information
We may create de-identified, anonymized, or aggregated information from personal information. We may use and disclose this information for research, analytics, product development, benchmarking, publication, business, or other lawful purposes. We will not attempt to re-identify information that we maintain as de-identified except as permitted by law, such as to test whether our de-identification processes work.
Cookies and analytics
We may use cookies, pixels, SDKs, and similar technologies to operate the Services, remember preferences, understand usage, improve performance, secure the Services, and measure marketing.
You may be able to control cookies through your browser settings. If you disable cookies, some parts of the Services may not function properly. If we use technologies that are considered “sale,” “sharing,” or “targeted advertising” under applicable privacy laws, we will provide legally required opt-out choices.
Data retention
We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business needs.
Retention periods may vary depending on the type of information, the context in which it was collected, your choices, and applicable law. For example, we may retain account information while your account is active, diagnostic logs for a shorter period, and certain records for longer where needed for legal, tax, accounting, security, or compliance purposes.
Data security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information. However, no method of transmission or storage is completely secure. We cannot guarantee that information will be completely secure, and you use the Services at your own risk.
Your choices and rights
Depending on where you live, you may have rights to:
- Access or know the personal information we collect, use, disclose, sell, or share.
- Request a copy of your personal information.
- Correct inaccurate personal information.
- Delete personal information.
- Restrict or object to certain processing.
- Withdraw consent where processing is based on consent.
- Opt out of marketing communications.
- Opt out of certain sales, sharing, targeted advertising, or profiling where applicable.
- Limit the use or disclosure of sensitive personal information where applicable.
- Appeal a decision we make about your privacy request, where required by law.
To exercise privacy rights, contact us at hello@ester.health. We may need to verify your identity before fulfilling a request. You may also designate an authorized agent to submit certain requests on your behalf where permitted by law.
We will not discriminate against you for exercising privacy rights.
California privacy notice
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), may provide specific rights regarding your personal information.
Categories of personal information we may collect
In the past 12 months, or once our Services are live, we may collect the following categories of personal information:
Sources of personal information
We may collect personal information from you, your devices, our service providers, business partners, research collaborators, and public or third-party sources.
Purposes for collection, use, and disclosure
We collect, use, and disclose personal information for the business and commercial purposes described in the “How we use information” and “How we disclose information” sections above.
Sale and sharing
We do not sell personal information for money. If we use advertising or analytics technologies that are considered a “sale” or “sharing” under the CCPA, we will provide a “Do Not Sell or Share My Personal Information” mechanism where required.
Sensitive personal information
We use sensitive personal information for the purposes described in this Privacy Policy, including providing and improving the Services, security, legal compliance, and purposes you authorize. Where required, we will provide a way to limit certain uses of sensitive personal information.
Children’s privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us at hello@ester.health, and we will take appropriate steps to delete the information.
If we offer Services intended for teens or collect information from users under the age of majority, we will provide additional notices and obtain consent where required by law.
International users
Ester is based in the United States. If you access the Services from outside the United States, your information may be processed in the United States and other countries where privacy laws may differ from those in your location.
Third-party links and services
The Services may link to third-party websites, apps, platforms, or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing information to them.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date. If we make material changes, we may provide additional notice, such as by email, in-app notice, or other means.
Contact us
If you have questions or requests about this Privacy Policy or our privacy practices, contact us at:
Dermis Health Inc
Email: hello@ester.health
Because this is a preliminary policy, we recommend having privacy counsel review it before launch, before collecting sensitive information at scale, and before using any biometric, health-related, analytics, advertising, research, or AI training data in production.