Privacy Policy

01 Who we are

Smylo is a personal oral health app developed and operated by:

Théo Louis Pottier
Independent developer, Denmark
Contact: smyloapp@gmail.com

For the purposes of the EU General Data Protection Regulation (GDPR), Théo Louis Pottier is the data controller for personal data collected through the Smylo app and website.

02 What data we collect

Information you provide

• Your first name (used to personalise your plan)
• Your age (used for age-appropriate product recommendations)
• Your region (used for regional product filtering)
• Oral health questionnaire answers (e.g. brushing habits, sensitivity, whitening goals)
• Allergy and medical condition disclosures (only what you choose to enter)

Optional photo data

• If you choose to use the Photo Analysis feature, your photo is processed entirely on your device. The image is never uploaded, stored on a server, or transmitted to any external service.

Data we do NOT collect

• We do not collect your email address, phone number, or any account credentials
• We do not collect location data
• We do not use advertising trackers or analytics SDKs
• We do not collect payment information

03 How we use your data

We use the information you provide solely to:

• Generate personalised oral care product recommendations
• Create a daily care routine tailored to your health profile
• Display your scan history and progress within the app
• Apply age and region-based safety filters to recommendations

The legal basis for processing under GDPR is Article 6(1)(b) — processing necessary to perform the service you have requested — and Article 6(1)(a) — your explicit consent given when you first launch the app.

We do not use your data for marketing, profiling, advertising, or any purpose beyond delivering the Smylo service to you.

04 On-device processing & AI

When you use the optional Photo Analysis feature:

• Your photo is passed to a machine learning model stored locally within the app
• The model runs on your iPhone or iPad using Apple's on-device CoreML technology
• The photo and all analysis results remain exclusively on your device
• No image data, pixel data, or scan results are transmitted externally

The recommendation engine that generates your product plan also runs entirely locally — no questionnaire answers or personal data are sent to any AI service, cloud API, or external server.

What "on-device" means for you

Your data never leaves your phone. Smylo has no backend server that stores your health data. If you delete the app, all your data is permanently gone.

05 Data sharing & third parties

We use the following third-party services in the app or on this website, none of which receive your health or personal data:

Apple App Store & iOS platform

Smylo is distributed via the Apple App Store. Apple may collect anonymous usage statistics under their own privacy policy. We have no access to individually identifiable data from Apple.

Amazon Associates

Product recommendation links in the app and on this website use Amazon affiliate links (smylo-20). If you click a link and visit Amazon, Amazon's own privacy policy applies. We do not share any personal data with Amazon, and clicking a link is entirely optional.

Google Fonts

This website uses Google Fonts to load typefaces. Google may log the request. No personal data from Smylo users is shared.

No advertising networks, analytics platforms, data brokers, or other third parties receive any data about you.

06 Data storage & retention

All data you enter into Smylo is stored locally on your device using iOS's standard local storage (SharedPreferences / UserDefaults). This includes:

• Your questionnaire answers and health profile
• Scan results and history
• Saved recommendations and care plans

This data is retained on your device until you:

• Delete individual records from within the app
• Uninstall the Smylo app (all data is permanently deleted)
• Reset your device

We have no copy of your data and cannot retrieve it if you lose your device or uninstall the app.

07 Your rights under GDPR

As a resident of the European Union (or European Economic Area), you have the following rights under the GDPR:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can correct inaccurate data directly in the app
• Right to erasure — you can delete your data at any time from within the app, or by uninstalling it
• Right to restriction — you can ask us to stop processing your data
• Right to data portability — you can request your data in a portable format
• Right to object — you can object to processing based on our legitimate interests
• Right to withdraw consent — you can withdraw consent at any time without affecting prior processing

Because all data is stored locally on your device, you can exercise most of these rights directly in the app without contacting us. For any requests you cannot fulfil yourself, contact us at smyloapp@gmail.com and we will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Denmark, this is the Datatilsynet.

08 Children's privacy

Smylo is designed for use by individuals of all ages, including children, under parental supervision. The app includes age-based safety filters that apply different product recommendations for users under 18 and under 6.

We do not knowingly collect personal data from children without parental consent. The app does not require account creation, and no data is transmitted externally. Parents can delete all data by uninstalling the app.

If you believe a child has provided data without appropriate consent, contact us at smyloapp@gmail.com.

09 Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will provide notice within the app.

Continued use of Smylo after changes are posted constitutes your acceptance of the updated policy.