Summer Privacy Policy

Summer Jib LLC, a Wyoming limited liability company, operates Summer. This policy explains how we collect, use, share, and protect information when you use Summer, related website pages, support channels, and app services.

Summer is intended for users who are at least 13 years old and is not directed to children under 13. If you are under the age of majority where you live, you should use Summer only with consent and supervision from a parent or guardian.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 provided personal information to Summer, contact us and we will take appropriate steps.

Summer requires explicit AI scan analysis sharing consent before user scan data is sent to third-party AI services. If you do not grant or later revoke this consent, manual typed ingredient checks remain available where supported, but AI scan/photo upload, product identity, Korean label analysis, Summer Insights, and smart compare narratives may be unavailable or limited.

When enabled, Summer may send scan photos, OCR or label text, barcode/UPC and product context, ingredient lists, selected skin profile details such as skin type, skin goals, concerns and fragrance sensitivity, compatibility context, request identifiers, account or subscription identifiers, device or App Check signals, and processing status to Summer's secure backend on Firebase/Google Cloud and to Google AI services, including Gemini API and Google Cloud Vertex AI fallback.

We use this data to extract ingredients, translate labels, identify products, enforce membership limits and quotas, prevent abuse, troubleshoot requests, provide Korean label analysis, generate Summer Insights, and create smart compare narratives. Summer does not sell this data, does not use it for cross-context behavioral advertising, and does not use sponsors or paid ingredient rankings.

You can withdraw AI scan analysis sharing consent in Profile > Preferences. Revoking consent clears queued local AI processing tasks, but it does not automatically remove previously processed account data. You can request deletion through account controls or by contacting us.

Summer shares user-submitted AI analysis inputs with Google AI services only after explicit in-app consent. The current third-party AI providers are Google Gemini API and Google Cloud Vertex AI as a fallback when needed for reliability. These providers process the submitted data to return ingredient extraction, label translation, product identification, analysis, and narrative outputs for Summer features.

We require service providers that receive user data, including cloud and AI providers, to protect user data with the same or equal protection described in this policy and required by applicable App Store privacy requirements. We configure these services for app functionality, security, troubleshooting, quota enforcement, and product improvement, not for selling user data or advertising.

Summer may store scan history, profile settings, cached product catalog data, downloaded ingredient rules, notifications, consent status, trial reminder scheduling state, and app preferences locally on your device. Some data may remain on your device until you delete it in the app, delete your account, clear app data, or uninstall the app.

Summer may use barcode/UPC-backed scan observations, normalized ingredient lists, ingredient hashes, completeness signals, timestamps, confidence scores, region or locale context, and request identifiers to improve product matching and reduce repeated backend extraction for the same verified product.

No-UPC observations may be used for internal quality review and ingredient-library improvement, but they are not treated as a reliable product identity shortcut for future users. If UPC-backed formulas conflict, Summer may keep multiple versions while evaluating possible reformulation, regional formula differences, or extraction error.

Summer provides educational skincare and ingredient context, not medical care. Skin profile preferences, skin concerns, scan notes, photos, and product reactions may be considered health-related or sensitive information in some places.

Do not submit medical records, diagnoses, prescription information, drug-interaction questions, emergency health information, or information about another person unless you have permission and it is appropriate to do so.

We collect the categories of information described in this policy directly from you, from your device and app activity, from your account and subscription status, from support communications, and from service providers that you authorize or that help us operate the services.

We collect and use information for the purposes described in this policy, including app functionality, personalization, security, fraud prevention, troubleshooting, analytics, customer support, legal compliance, and enforcing our terms and membership limits.

The app-specific sections below identify the main categories of personal information we collect. We use those categories for the purposes listed in this policy and may disclose them to service providers, processors, contractors, platform providers, professional advisers, regulators, or transaction counterparties only as described here or as otherwise permitted by law.

We retain each category only as long as reasonably necessary for the purpose collected, including active account use, feature delivery, support, legal compliance, security, fraud prevention, billing, dispute handling, backups, and legitimate internal records. Specific retention periods may vary by category, legal requirement, provider configuration, and whether you delete your account or request deletion.

No sale or targeted-advertising sharing: we do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We may share information with service providers that help us operate the apps and website, including cloud hosting, authentication, analytics, crash reporting where configured, payments, app security, email delivery, and customer support.

We may disclose information if required by law, to protect users or the services, to investigate abuse or security issues, or as part of a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate protections.

We use reasonable technical and organizational safeguards designed to protect personal information, including encryption in transit and access controls. Some sensitive credentials, such as Plaid access tokens used by PerkTrack, are encrypted before storage.

We keep information for as long as reasonably needed to provide the services, comply with law, resolve disputes, maintain security, and support legitimate business records. When you delete an account, we delete or de-identify account data unless retention is required or permitted by law, security, fraud prevention, backup integrity, billing records, or dispute handling.

We may process account, device, request, entitlement, usage, diagnostic, security, and support information to enforce membership limits, apply fair-use controls, rate limit requests, prevent automated or abusive activity, protect service reliability, troubleshoot issues, and investigate suspected fraud or security incidents.

When needed to protect users or the services, we may retain limited records related to security, fraud prevention, abuse investigations, chargebacks, billing, disputes, legal compliance, or enforcement even after an account deletion request, where permitted or required by law.

The services may use automated systems to parse labels, match products, score compatibility, organize transactions, estimate benefit usage, detect abuse, or personalize app experiences. These outputs are informational and may be reviewed, corrected, limited, or overridden by product logic, support review, provider data, or user choices.

We do not use Summer or PerkTrack outputs to make high-impact automated decisions about medical treatment, credit, lending, employment, housing, insurance, legal rights, government benefits, or similar eligibility decisions.

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or additional information about how we process personal information. You may also have the right to complain to a privacy regulator.

California residents may request to know, access, delete, or correct personal information, opt out of sale or sharing, limit certain uses of sensitive personal information where applicable, and exercise privacy rights without discrimination. Because we do not sell personal information or share it for cross-context behavioral advertising, we do not provide a separate sale/share opt-out link.

Residents of other U.S. states may have similar privacy rights, including rights to access, delete, correct, obtain a portable copy of personal information, opt out of targeted advertising or sale where applicable, and appeal certain request decisions.

EEA and UK users may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is based on consent. Where we rely on legitimate interests, you may object to processing based on your particular situation.

To exercise privacy rights, contact admin@summerjib.com. We may need to verify your request before acting on it. Authorized agents may contact us using the same email address, and we may request proof of authorization and identity verification where permitted by law.

If we deny a privacy request and your law gives you an appeal right, reply to our decision email or contact admin@summerjib.com with "Privacy Appeal" in the subject line.

We maintain safeguards designed for the type of information we process, but no system is perfectly secure. If we determine that a security incident requires notice under applicable law, we will provide notices to users, regulators, service providers, or other parties as legally required.

For Summer, some skin profile or scan-related information may be health-related consumer information. If a consumer health data incident triggers a specific notice law, including the FTC Health Breach Notification Rule where applicable, we will follow the applicable notice process without implying that Summer is covered by HIPAA unless that status is separately confirmed.

We operate from the United States and may process information in the United States and other countries where our service providers operate. Those countries may have different data protection laws than your place of residence.

We may update this policy as our apps, vendors, or legal requirements change. The updated version will be posted with a new last updated date. If changes are material, we will provide additional notice where required.