Privacy Policy

Yvelune is a clinical facial exercise platform that uses your device's camera to guide you through prescribed facial exercises. It is designed to be used under the direction of a licensed aesthetic provider (your clinic).

Yvelune is a wellness support tool for informational purposes only. It is not a medical device and does not provide medical advice, diagnosis, or treatment.

During exercise sessions, Yvelune accesses your device's front-facing camera to detect facial landmarks (468 numerical coordinate points) and hand positions. This is how we provide real-time guidance.

Critical privacy facts:

• Your camera feed is processed entirely on your device. No video or images are transmitted, stored, or recorded.
• We use Google MediaPipe, an open-source AI library that runs locally in your browser. It converts your camera feed into numerical coordinates only — not photographs.
• No facial images ever leave your device. Not to us, not to any third party, not to any cloud service.
• When you close the session or navigate away, camera access stops immediately.

We store the following in our secure database (hosted by Supabase, a SOC 2 compliant provider):

• Account information: Your email address, name (provided by your clinic), and encrypted password.
• Session data: When you completed an exercise session, how many reps, your form score (a number, not an image), and duration.
• Scan geometry: Numerical facial landmark coordinates from your biometric scan (468 points — not a photograph). These are used to detect zones that may benefit from targeted exercises.
• Treatment intake: Information you provide about recent aesthetic treatments (Botox, filler, etc.) so exercises can be adjusted for safety.
• Notification preferences: Whether you've opted into exercise reminders.

We do NOT store:

• Photographs or video of your face
• Camera recordings of any kind
• Biometric identifiers (we cannot identify you from landmark coordinates)

• You can see your own session history, scan results, and protocol.
• Your clinic can see your session compliance (did you do your exercises), scan results, and exercise data. This is so your provider can monitor your progress.
• Yvelune staff may access data for technical support purposes only.
• No one else. Your data is never sold, shared with advertisers, or used to train AI models.

Each clinic's data is completely isolated. Clinic A cannot see Clinic B's patients, and vice versa. This is enforced at the database level using Row-Level Security (RLS) policies.

Your data is retained as long as your account is active. If you or your clinic requests deletion, we will remove your data within 30 days. Contact your clinic or email us at privacy@yvelune.com.

Yvelune uses essential cookies for authentication (keeping you logged in). We do not use tracking cookies, advertising pixels, or analytics services that profile your behavior.

Yvelune is not intended for use by anyone under 18 years of age.

If we make material changes to this privacy policy, we will notify affected users via email or in-app notification.

For privacy questions or data deletion requests:
Email: privacy@yvelune.com