pearl28

Privacy Policy

Last Updated: March 21, 2026

This Privacy Policy explains how KloudStep LLC, the operator of the Pearl28™ platform ("Company," "we," "our," or "us"), collects, uses, processes, and shares personal information when you access or use the Pearl28™ website, skin analysis platform, mobile or web applications, and related services (collectively, the "Service").

This Privacy Policy applies to individuals who visit the Service, create an account, upload images for analysis, purchase or use subscription services, or otherwise interact with the platform.

The purpose of this Privacy Policy is to help you understand:

  • what personal information we collect,
  • how we use and process that information,
  • how and when information may be shared,
  • how long information may be retained, and
  • the rights and choices available to you regarding your personal information.

The Service uses automated technologies, including machine learning systems, to analyze user-provided images and generate cosmetic skincare insights. This Privacy Policy describes how personal information and uploaded images are processed in connection with these features.

This Privacy Policy forms part of your use of the Service and should be read together with the Terms of Service, which govern your use of the platform. If you do not agree with this Privacy Policy, you should not access or use the Service.

1. Categories of Personal Information We Collect

We may collect several categories of personal information depending on how you interact with the Service.

1.1 Information You Provide Directly

We collect information that you voluntarily provide when creating an account, using the Service, or communicating with us.

When you register for an account, we may collect basic account information such as your name, email address, age or age range, gender, and login credentials.

When you use the platform's analysis tools, you may also provide profile or questionnaire information related to your skincare concerns, goals, lifestyle information, skincare routine preferences, or other information you choose to share in connection with the analysis process.

The Service also allows users to upload photographs of their faces or skin to generate skin analysis results. These uploaded images are collected as part of the Service's operation.

If you subscribe to a paid plan, payment information may be collected and processed by third-party payment processors on our behalf. While payment details are handled by those providers, we may receive limited information about your subscription, such as payment status and the type of subscription plan you selected.

We may also collect information when you communicate with us, including messages sent to customer support, feedback submitted through the platform, or other inquiries you send to the Company.

1.2 Information Collected Automatically

When you access or use the Service, certain technical and usage information may be collected automatically through system logs, cookies, and similar technologies.

This information may include your IP address, browser type and version, device type, operating system, and information about how you interact with the Service. For example, we may collect information about the pages you visit, the features you use, timestamps associated with platform activity, and referring URLs or session activity.

We use this information to operate and maintain the Service, monitor system performance, improve platform functionality, and better understand how users interact with the platform.

1.3 Information Generated Through the Service

When you use the platform's skin analysis features, the Service generates certain information based on your uploaded images and any related inputs you provide.

This information may include automated skin analysis results, skincare insights and recommendations generated by the system, and visible skin characteristics detected through image analysis. If you continue using the Service over time, the platform may also generate historical analysis information used to help track changes in skin characteristics and compare prior results.

1.4 Categories of Personal Information

Depending on how you interact with the Service, we may collect several categories of personal information for regulatory disclosure purposes. These categories may include identifiers such as your name, email address, and account identifier; commercial information relating to subscription plans or billing status; internet or network activity information related to how you interact with the platform; visual data consisting of images uploaded for skin analysis; and user-provided content such as questionnaire responses, feedback, or support communications.

We collect this information directly from users, automatically through the operation of the Service, and from service providers that support the platform's functionality.

2. Sensitive Personal Information

Certain information collected through the Service may be considered sensitive personal information under applicable privacy laws.

In particular, the Service may process facial images or photographs of a user's skin that users voluntarily upload to generate skin analysis results. These images may reveal visible characteristics of a user's skin and are therefore treated with heightened care within the operation of the Service.

Certain jurisdictions regulate the collection and use of biometric identifiers or biometric information derived from images. Examples include the Illinois Biometric Information Privacy Act (BIPA) and similar laws in states such as Texas and Washington.

To the extent that facial images or information derived from those images constitute biometric data under applicable law, by uploading images through the Service, you provide informed written consent for the Company to collect, store, process, and use such information solely for the purposes described in this Privacy Policy.

The Company does not sell biometric data. Users may withdraw consent and request deletion of uploaded images or associated data at any time by contacting support@28clear.com, subject to applicable data retention practices.

The Company processes uploaded images solely to provide skin analysis features, generate cosmetic skincare insights, improve the functionality and accuracy of the Service, and maintain user accounts that enable historical analysis and progress tracking.

The Service does not use uploaded images for facial recognition, biometric identification, identity verification, or similar purposes. The platform does not attempt to identify users from uploaded images, nor does it collect biometric identifiers for identification purposes.

Where required by applicable law, the Company processes sensitive personal information only as reasonably necessary to provide the Service requested by users, maintain the functionality and security of the platform, and comply with legal obligations.

3. Legal Bases for Processing Personal Information

For users located in jurisdictions where applicable law requires a legal basis for processing personal information, including the European Economic Area, the United Kingdom, and certain other regions, the Company processes personal information under one or more of the following legal bases.

3.1 Performance of a Contract

We process personal information when necessary to provide the Service requested by users, including creating and maintaining user accounts, processing uploaded images for skin analysis, generating skincare insights, providing subscription services, and delivering platform functionality.

3.2 Consent

In certain circumstances, we process personal information based on user consent. For example, users provide consent when they choose to upload images for analysis or provide information through questionnaires and other interactive features of the Service.

3.3 Legitimate Interests

We may process personal information where it is reasonably necessary for the Company's legitimate interests, provided that such interests are not overridden by users' rights and freedoms. These legitimate interests may include improving the accuracy and performance of the Service, maintaining platform security, preventing fraud or misuse, and developing new features and functionality.

3.4 Legal Obligations

We may process personal information when necessary to comply with applicable laws, regulations, legal processes, or governmental requests.

4. How We Use Personal Information

We use personal information for several purposes related to operating, maintaining, and improving the Service.

First, we use personal information to provide and operate the platform. This includes creating and managing user accounts, processing uploaded images to generate skin analysis results, delivering skincare insights and recommendations, and providing access to features associated with subscription plans.

Personal information is also used to improve the functionality and performance of the Service. For example, information generated through user interactions with the platform, including uploaded images and analysis results, may be used to improve the accuracy of the automated analysis systems, enhance system performance, and develop new features or capabilities.

We may use personal information to communicate with users about the Service. This includes sending service-related notifications, responding to support requests or inquiries, providing information about account activity, and notifying users about important updates to the platform or related policies.

Where permitted by applicable law, users may also receive marketing or promotional communications. Users may opt out of marketing emails at any time by using the unsubscribe link included in those communications or by contacting support@28clear.com. Opting out of marketing communications will not affect service-related or transactional communications.

Personal information may also be used to maintain the security and integrity of the Service. This may include detecting and preventing fraud, unauthorized access, or misuse of the platform, enforcing the Terms of Service, and protecting the rights, property, or safety of the Company, its users, or others.

Finally, we may use personal information as necessary to comply with applicable laws, regulations, legal processes, or governmental requests.

5. Use of Uploaded Images and AI Analysis

The Service allows users to upload photographs of their faces or skin to receive automated skin analysis results and cosmetic skincare insights. This section explains how uploaded images are processed and used within the platform.

5.1 Purpose of Image Uploads

Users may voluntarily upload photographs of their faces or skin when using the Service's analysis features. These images are used to analyze visible skin characteristics and generate cosmetic skincare insights and recommendations to help users better understand their skin.

Uploaded images are processed only for purposes related to the operation and improvement of the Service, including generating analysis results and supporting features such as historical comparison and progress tracking.

The Company may also use uploaded images and related analysis data in aggregated or de-identified form to improve and train the underlying artificial intelligence systems that power the Service. Where images are used for system improvement or AI model training, the Company implements reasonable measures designed to remove or reduce personal identifiers associated with those images.

5.2 Automated Image Analysis

The Service uses automated technologies, including machine learning systems, to analyze visual patterns in uploaded images. These systems may evaluate visible features such as texture patterns, pigmentation variations, and other skin-related characteristics to generate analysis results.

The analysis performed by the Service is automated and based on algorithmic processing of image data combined with user-provided inputs. The results generated by the system are intended to provide cosmetic skincare insights rather than medical or dermatological evaluation.

5.3 External AI Providers

The Service may rely on external artificial intelligence service providers to support certain analysis or recommendation features. These providers may include organizations that operate large language models or other machine learning systems to process user inputs and generate insights.

Information shared with such providers may include questionnaire responses, skin-related information, routine preferences, or other inputs necessary to generate recommendations through the Service.

The Company works with providers that maintain security and confidentiality safeguards and, where appropriate, enters into data processing agreements governing the handling of personal information. However, the Company does not control the internal infrastructure or independent practices of third-party providers, and users are encouraged to review those providers' privacy policies, where applicable.

5.4 Use of Images to Improve the Service

Uploaded images and information derived from image analysis may be used to improve the accuracy, reliability, and performance of the Service. This may include improving automated analysis models, refining system outputs, and enhancing the platform's overall functionality.

Where possible, information used for these purposes may be aggregated, de-identified, or otherwise processed in a manner designed to reduce the likelihood of identifying individual users.

5.5 Image Storage and Retention

Images uploaded by users may be temporarily stored to process analysis results and provide the functionality of the Service.

If a user uploads images but does not subscribe to a paid plan, those images are generally deleted from the system approximately fourteen (14) days after analysis is completed.

If a user subscribes to a paid plan, images may be retained for longer periods to support platform features such as tracking skin changes over time, comparing previous analysis results, and providing historical insights through the Service.

Users may request deletion of stored images or related data by contacting support@28clear.com.

5.6 No Biometric Identification

Uploaded images are not used for biometric identification, facial recognition, or identity verification purposes. The Service does not attempt to determine or confirm users' identities based on uploaded images, and the Company does not collect or store biometric identifiers for identification purposes.

5.7 Image Security

The Company implements technical and organizational safeguards designed to protect uploaded images and related data. These safeguards may include access controls, encryption, and other security practices intended to protect the confidentiality and integrity of user data.

6. Cookies and Tracking Technologies

The Service may use cookies and similar tracking technologies to operate the platform, analyze usage of the Service, and improve user experience.

Cookies are small data files that are stored on a user's device when visiting a website or using an online service. These technologies allow the Service to recognize returning users, maintain user sessions, and collect information about how the platform is used.

The Service may use cookies and similar technologies for several purposes. Certain cookies are necessary for the platform to operate and to allow users to access secure areas of the Service, maintain login sessions, and use core functionality. Other cookies may be used to understand how users interact with the platform, such as which pages are visited or which features are used, so that the Company can improve the performance and usability of the Service. Cookies may also be used to remember user preferences and settings, enhancing the overall user experience.

Users can control or disable cookies through their browser settings. However, disabling certain cookies may affect the functionality of the Service and may limit a user's ability to access certain features of the platform.

In some cases, third-party service providers that support the platform's operation may also use cookies or similar technologies for analytics or infrastructure services. These services may include tools such as Google Analytics for usage analytics, Meta Pixel for advertising performance measurement, Klaviyo for customer communications, Supabase for database infrastructure, and cloud infrastructure providers used for hosting and storage.

These services may collect limited technical information, such as device type, browser type, IP address, pages visited, and interaction events, to monitor platform performance and understand how users interact with the Service. Additional information on how these technologies operate may be available in the respective providers' privacy policies.

Some web browsers transmit "Do Not Track" signals indicating that a user prefers not to be tracked across websites. Because there is currently no widely accepted standard for responding to Do Not Track signals, the Service does not currently respond to these signals. If industry standards evolve or our practices change, we will update this Privacy Policy accordingly.

7. How We Share Personal Information

The Company does not sell personal information to third parties. However, we may share personal information in certain circumstances as described below.

We may share personal information with service providers that support the operation of the Service. These providers perform functions on behalf of the Company, such as hosting infrastructure, payment processing, analytics services, customer support systems, and other technical services necessary to operate and maintain the platform. These service providers are permitted to process personal information only as necessary to provide services to the Company and are expected to maintain appropriate confidentiality and security protections.

Personal information may also be shared in connection with a business transaction involving the Company. For example, if the Company undergoes a merger, acquisition, sale of assets, financing transaction, or other corporate restructuring, personal information may be transferred as part of that transaction in accordance with applicable law.

We may disclose personal information as required by law or in response to valid legal requests from governmental authorities, courts, or regulators. This may include situations where disclosure is necessary to comply with legal obligations, respond to subpoenas or court orders, or cooperate with lawful investigations.

Personal information may also be disclosed where necessary to protect the rights, property, or safety of the Company, the Service, its users, or others. This may include enforcing the Terms of Service, detecting or preventing fraud or misuse of the platform, or addressing security or technical issues affecting the Service.

8. Data Retention and Deletion

The Company retains personal information for as long as reasonably necessary to provide the Service, maintain user accounts, comply with legal obligations, resolve disputes, and enforce applicable agreements.

The length of time that personal information is retained may vary depending on the type of information and the purposes for which it was collected. In general, personal information is retained for as long as a user maintains an account with the Service and for a reasonable period thereafter as necessary to support operational, legal, and security requirements.

Retention periods may vary depending on the type of information and the purposes for which it was collected. For example:

  • User account information is generally retained while your account remains active.
  • Uploaded images from free users are typically deleted approximately fourteen (14) days after analysis is completed.
  • Uploaded images associated with paid subscriptions may be retained longer to support progress tracking and historical analysis features and may be deleted upon account closure or user request.
  • Routine and personalization data may be retained as long as necessary to provide ongoing platform functionality.
  • Analytics or usage data may be retained according to the retention practices of third-party analytics providers.

Upon account deletion, the Company will delete or anonymize personal information within a reasonable period, except where retention is required by law or necessary for legitimate security or compliance purposes.

Users may request deletion of stored images or associated personal information by contacting support@28clear.com. In certain circumstances, the Company may retain limited information where necessary to comply with legal obligations, resolve disputes, or enforce agreements.

9. Data Security

The Company implements reasonable technical and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

These safeguards may include administrative controls, access restrictions, encryption technologies, secure infrastructure practices, and other security measures intended to protect the confidentiality and integrity of personal information processed through the Service.

While the Company takes reasonable steps to protect personal information, no system for transmitting or storing information over the internet can be guaranteed to be completely secure. As a result, the Company cannot guarantee the absolute security of personal information.

Users are responsible for maintaining the confidentiality of their account credentials and should take appropriate precautions to protect access to their accounts.

In the event of a security incident involving personal information that is reasonably likely to result in a risk to users' rights or interests, the Company will notify affected individuals and, where required, relevant regulatory authorities in accordance with applicable law. In jurisdictions where specific notification timelines apply, such as the European Union's General Data Protection Regulation, notifications will be made within the timeframes required by law.

10. Privacy Rights

Depending on where you reside, you may have certain rights regarding your personal information under applicable privacy laws. The Company provides users with the ability to exercise applicable privacy rights as described below.

10.1 Privacy Rights for U.S. Residents

Residents of certain U.S. states, including California, as well as other jurisdictions with similar privacy laws, may have rights regarding the personal information collected about them.

These rights may include:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it may be shared.
  • Right to Delete — request deletion of personal information collected about you, subject to certain legal exceptions.
  • Right to Correct — request correction of inaccurate personal information maintained by the Company.
  • Right to Opt-Out of Sale or Sharing — request that we stop selling or sharing personal information. The Company does not sell personal information for monetary consideration.
  • Right to Limit Use of Sensitive Personal Information — request that we limit the use of sensitive personal information where applicable.
  • Right to Non-Discrimination — you will not be discriminated against for exercising your privacy rights.

The Company does not sell personal information to third parties. Users may submit privacy rights requests by contacting the Company using the contact information provided in this Privacy Policy. The Company will respond to verifiable requests within the timeframe required by applicable law.

10.2 Privacy Rights for Canadian Users

Users located in Canada may have rights under applicable Canadian privacy laws, including the right to request access to personal information held by the Company and the right to request correction of inaccurate or incomplete information.

Users may also withdraw consent for certain processing activities, subject to legal or contractual restrictions. Requests to access or correct personal information may be submitted using the contact information provided in this Privacy Policy.

10.3 Privacy Rights for Users in the European Economic Area and the United Kingdom

Users located in the European Economic Area or the United Kingdom may have rights under applicable data protection laws, including the General Data Protection Regulation and the UK GDPR.

These rights may include:

  • Right of Access — You may request confirmation of whether we process your personal data and obtain a copy of the personal data we hold about you.
  • Right to Rectification — You may request correction of inaccurate or incomplete personal data that we maintain about you.
  • Right to Erasure — You may request deletion of your personal data in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing — You may request that we limit the processing of your personal data in certain situations, for example, while a dispute about accuracy is being resolved.
  • Right to Data Portability — You may request to receive certain personal data in a structured, commonly used, and machine-readable format and may request that it be transmitted to another controller where technically feasible.
  • Right to Object — You may object to the processing of personal data where the processing is based on legitimate interests or used for direct marketing purposes.
  • Right to Withdraw Consent — Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted before the withdrawal.

Requests to exercise applicable rights may be submitted using the contact information provided in this Privacy Policy. You also have the right to lodge a complaint with your local data protection authority if you believe your personal data has been processed in violation of applicable law.

11. International Data Transfers

The Company operates in the United States and may process personal information in the United States or in other jurisdictions where the Company or its service providers maintain operations.

If you access or use the Service from outside the United States, your personal information may be transferred to and processed in the United States or other countries that may have data protection laws that differ from those in your jurisdiction.

Where required by applicable law, the Company implements appropriate safeguards designed to protect personal information transferred across international borders. These safeguards may include contractual protections or other mechanisms intended to ensure that personal information remains protected in accordance with applicable data protection laws.

When personal information is transferred from the European Economic Area, the United Kingdom, or other jurisdictions with cross-border transfer restrictions, the Company implements appropriate safeguards to protect it.

These safeguards may include the use of Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms, as well as contractual obligations imposed on service providers that process personal information on the Company's behalf.

By using the Service, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside of your country of residence.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18.

The Company does not knowingly collect personal information from children under the age of 18. If the Company becomes aware that personal information has been collected from a child under the age of 18 without appropriate authorization, the Company will take reasonable steps to delete that information.

If you believe that a child under the age of 18 may have provided personal information through the Service, please contact the Company using the contact information provided in this Privacy Policy so the Company can investigate and take appropriate action.

13. Changes to This Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or data processing practices.

When the Privacy Policy is updated, the revised version will be posted on the Company's website, and the "Last Updated" date at the top of the Privacy Policy will be revised accordingly.

If the Company makes material changes to this Privacy Policy, the Company may provide additional notice to users, such as through the Service interface or by email, where appropriate.

Your continued use of the Service after any updates to this Privacy Policy constitutes your acknowledgment of the updated terms.

14. Contact Information

If you have questions about this Privacy Policy, the Company's data practices, or requests regarding your personal information, you may contact the Company using the information below:

KloudStep LLC
Email: support@28clear.com
Contact Form: https://28clear.com

KloudStep LLC is the data controller responsible for the collection and processing of personal information described in this Privacy Policy.

The Company will make reasonable efforts to respond to privacy-related inquiries and requests in accordance with applicable law.