RU KK EN

Privacy Policy

Version 1.0 · Effective May 26, 2026

This policy explains what personal data Sheen collects, how we use it, and how you can control it. If anything is unclear — email support@sheen.style.

1. Data controller

The data controller is an individual — Bazarbayev Abylay (IIN 990707350094), registered at Almaty, Nauryzbay Batyra St 50, Republic of Kazakhstan. Contact email: bazarbayev.abylay@gmail.com.

For users in the European Union, the operator acts as the data controller under GDPR.

2. What data we collect

2.1. Account and session

2.2. Profile and quiz answers

2.3. Biometric data

When you use the Analyzer, Sheen processes selfies of your face — this is special-category biometric personal data. We do not create or store a permanent biometric template (face embedding). The full conditions of processing and revocation are in a separate document.

2.4. Subscriptions and payments

Payments are processed by Apple App Store or Google Play Store. Sheen does not receive or store payment details (card numbers, bank info). From App Store / Google Play we only receive:

2.5. Push notifications

If you opt in to push notifications, we store your device token (FCM / APNs) to deliver them. Without consent the token is not requested.

3. Legal basis

Under the Republic of Kazakhstan Personal Data Law and GDPR:

CategoryBasis
Email, name, quiz answersPerformance of the user agreement
Biometrics (selfies)Separate explicit consent (Art. 8 §4 of the KZ PD Law; GDPR Art. 9(2)(a))
Security log and IPLegitimate interest (security, compliance)
Marketing communicationsOnly with separate opt-in

4. How we use the data

5. Who we share data with

Sheen uses a limited list of sub-processors. They only receive what is needed to deliver the service and are bound by data protection agreements.

Sub-processorDataPurposeJurisdiction
ResendEmail address and OTP letter contentEmail deliveryUSA
Cloud Services Kazakhstan LLP (Yandex Cloud)All app data (encrypted), including selfie object storage (Yandex Object Storage)Servers, DB and selfie storageKazakhstan
Apple App Store / Google PlayPayment transactionsSubscription processingUSA / EU
RevenueCatSubscription ID, app_user_idSubscription managementUSA
AmplitudeAnonymized product analytics and events (no PII or selfies)Usage analyticsUSA
Google (Gemini)Selfies (anonymized where possible)AI face analysisUSA / EU
OpenAISelfies and quiz text (as fallback)AI analysis when Gemini is unavailableUSA

If you are located in the EU, data transfers to the US are made under Standard Contractual Clauses (SCCs).

Data of users in the USA is stored on servers in Kazakhstan (Yandex Cloud) and processed by sub-processors in the USA. By using Sheen, you acknowledge this cross-border storage and transfer.

6. How long we keep data

CategoryRetention
Account and profileUntil account deletion
Inactive anonymous accountDeleted after 90 days of inactivity
Selfies in S324 hours from upload
Permanent biometric template (face embedding)Not stored
Biometric data (for users in the USA)No longer than 3 years from last interaction, or until consent withdrawal — whichever is earlier
Security log (auth_events)3 years
DB backups30 days

After account deletion, data is marked for removal and physically erased within 30 days, except records we are legally required to keep (e.g. security logs).

7. Your rights

Under the KZ PD Law and GDPR you have the right to:

7.1. California (CCPA / CPRA)

If you are a California resident, you have the right to know which categories of personal data we collect, to access them, to delete them, and to correct them. Biometric data is "sensitive personal information." We do not sell or share your personal data for cross-context behavioral advertising.

You can submit a request to support@sheen.style. We confirm receipt within 10 business days and respond substantively within 45 days.

7.2. US state biometric laws (Illinois / Texas / Washington / Colorado)

Residents of these states have separate rights regarding biometric data (including the Illinois BIPA). These are detailed in the Biometric Consent document.

8. Security

9. Children

Sheen is intended for users 16 years and older. We do not knowingly collect data of persons under 16. See Children's Privacy.

Sheen is a general-audience service not directed at children under 13. We do not knowingly collect data from children under 13; if we learn we have, we delete it. In the USA, COPPA applies (a threshold of 13). Our own bar is stricter — 16 years.

10. Changes to this policy

For material changes we will notify you in the app and/or by email. The version and effective date are at the top of this page. Previous versions are available on request.

11. Contact

Privacy-related questions — support@sheen.style.