DermCheckHAUTKREBS-SCREENING
Legal NoticePrivacy PolicyTerms and Conditions
Back

Privacy Policy

1Privacy at a Glance

The protection of your personal data is particularly important to us — especially since DermCheck works with health-related image data. The following information provides an overview of what happens to your data when you use our website.

2Data Controller

Philipp Schmid
Steinenberg 10
88339 Bad Waldsee
Deutschland

E-Mail: [email protected]

3Data Collection on Our Website

Data processing on this website is carried out by the website operator. You can find out which data is collected in the following sections.

4Registration and User Account

When registering via Google or email, we collect:

  • Email address
  • Name (if provided via Google)
  • Profile picture URL (if provided via Google)

5Health-Related Data (Art. 9 GDPR)

Besondere Datenkategorie nach Art. 9 DSGVO

When using our scan service, the following special categories of personal data are processed:

  • Photographs of skin lesions/moles
  • AI-generated risk assessments and ABCDE analyses
  • Results of ensemble AI classification (HuggingFace models)
  • Assessments by registered dermatologists (for paid reviews)

Legal basis: Art. 9(2)(a) GDPR — your explicit consent when using the scan service. You can request deletion of your scan data at any time.

6Payment Data

Payments are processed through Stripe. We do not store any credit card or bank details. Only Stripe reference IDs (Session ID, Payment Intent ID) are stored to associate payments. For more information, see Stripe's privacy policy at https://stripe.com/privacy.

7AI-Powered Image Analysis

Your uploaded images are transmitted to the following third-party providers for analysis purposes:

  • Anthropic (Claude Vision) — for textual ABCDE dermoscopic analysis
  • HuggingFace — for numerical classification by specialized skin cancer detection models
  • Supabase Storage — for encrypted storage of your scan images

8Server Log Files

The website host automatically collects information in server log files:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Time of server request and IP address

9Cookies

Our website uses technically necessary cookies for authentication (Supabase session). These cookies are required for the operation of the website and cannot be disabled. We do not use tracking or analytics cookies.

10Third-Party Services

We use the following external services:

  • Supabase (Hetzner, EU) — Authentication and image storage
  • Anthropic (USA) — AI image analysis via Claude Vision
  • HuggingFace (USA/EU) — AI classification models for skin lesions
  • Stripe (USA, EU data processing) — Payment processing

11SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons. An encrypted connection can be recognized by the lock symbol in your browser bar and the address bar starting with 'https://'.

12Your Rights (GDPR)

You have the following rights at any time regarding your stored personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR) — including all scan images and analysis results
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

13Data Retention

Scan images and analysis results are stored as long as your user account exists. Upon account deletion, all associated data (images, analyses, reviews) are irrevocably deleted. Payment data is retained in accordance with statutory retention periods (10 years).

14Changes

We reserve the right to update this privacy policy to comply with current legal requirements or to reflect changes in our services.

Last updated: March 2026

Legal NoticeTerms and Conditions