Privacy Policy

Last updated: May 4, 2026.

This Privacy Policy explains how Lagodish Tech, a company based in Warsaw, Poland ("Lagodish Tech," "we," "us," or "our"), the operator of the Macherre brand, the Macherre mobile application (the "App"), the website at www.macherre.appand related subdomains (the "Site"), and any related services we provide (together, the "Services") collects, uses, shares, and protects personal information, and the choices and rights you have. By using the Services you agree to this Policy. If you do not agree, please do not use the Services.

For purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR"), the UK GDPR, and the Polish Personal Data Protection Act of 10 May 2018, Lagodish Tech is the data controller of personal data processed through the Services, unless stated otherwise.

1. Information we collect

We collect the following categories of information:

1.1 Information you provide

  • Account & profile data — when you create an account we may collect your name or display name, email address, password (stored hashed), country, language, and authentication identifiers from sign-in providers (e.g. Apple, Google) you choose to use.
  • Skin profile & preferences — information you voluntarily add to improve recommendations, such as skin type, concerns, allergies/sensitivities, age range, and routine entries. You can edit or remove this data at any time from the App.
  • User content — saved products, scans, routines, reviews, ratings, comments, photos, support requests, and any other content you submit.
  • Communications — emails, chat messages, and feedback you send us.
  • Payment data — if you purchase a subscription or in-app purchase, the transaction is processed by Apple App Store, Google Play, or another payment processor. We receive a transaction identifier, status, and metadata; we do not receive or store your full payment card number.

1.2 Information collected automatically

  • Device & technical data — IP address, approximate location derived from IP, device identifiers, mobile network, operating system and version, browser type, App version, language, time zone, screen size, and crash logs.
  • Usage data — pages and screens visited, features used, search queries inside the Services, items scanned/saved/compared, referring URL, timestamps, and similar interaction data.
  • Cookies & similar technologies — see Section 5 (Cookies and Tracking).

1.3 Information from third parties

  • Sign-in providers when you connect an account (Apple, Google, etc.) — we receive only the information you authorize them to share (e.g. name, email, a stable user identifier).
  • Analytics, advertising, and attribution partners that help us measure how the Services are used.
  • Public sources or product databases used to maintain our ingredient and product information.

1.4 Camera, photos, and on-device processing

Some App features (for example product scanning) require access to your device camera and photo library. Where reasonable, image processing happens on your device and the raw image is not transmitted to our servers; only the recognized text or product identifier may be sent. Where server-side processing is required, the image is used to produce the result and deleted within a reasonable period unless you explicitly save it. We do not collect or store biometric identifiers (such as faceprints) and we do not perform facial recognition. You can revoke camera and photo permissions at any time in your device settings.

1.5 Sensitive information

Skin condition or sensitivity information you optionally provide may, under some laws, be treated as sensitive personal information / special category data. We process such data only with your consent and only to provide the personalization features you have chosen to use. You can withdraw your consent at any time by removing the data from your profile.

2. How we use information

We use information for the following purposes and on the following legal bases (where the GDPR or UK GDPR applies):

  • To provide the Services — create and manage accounts, deliver requested features, save your scans and routines, and operate basic functionality. Legal basis: performance of a contract.
  • To personalize results and recommendations based on your skin profile. Legal basis: consent (for sensitive data) and our legitimate interest in offering a useful product.
  • To improve the Services — analyze usage in aggregate, debug, prevent abuse, and develop new features. Legal basis: legitimate interests.
  • To communicate with you — service announcements, security notices, policy updates, and responses to your requests. Legal basis: performance of a contract and legitimate interests.
  • For marketing — newsletters, product updates, and similar messages, where you have subscribed or where allowed by law. Legal basis: consent (where required) or legitimate interests, with the right to opt out.
  • For payments and fraud prevention — process transactions, detect and prevent fraudulent activity, and meet financial-record obligations. Legal basis: performance of a contract, legal obligation, and legitimate interests.
  • To comply with law — respond to lawful requests and enforce our terms. Legal basis: legal obligation and legitimate interests.

We do not use your data to make solely automated decisions that produce legal or similarly significant effects on you.

3. How we share information

We do not sell your personal information for money. We may share information in the following limited circumstances:

  • Service providers (sub-processors) — cloud hosting, databases, analytics, customer support, email delivery, error tracking, payments, push notifications, and similar vendors. These providers process data on our behalf under contractual data protection terms.
  • Affiliates and corporate group — entities under common control with Lagodish Tech, who must apply this Policy.
  • App stores and platforms — for in-app purchases, subscriptions, refunds, and abuse handling, we may share limited transaction or usage data with Apple, Google, or similar platforms in line with their requirements.
  • Compliance, safety, and legal — when we believe disclosure is required by law, legal process, or governmental request, or necessary to protect the rights, property, or safety of Lagodish Tech, our users, or others, or to prevent or investigate fraud or security issues.
  • Business transfers — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, subject to reasonable confidentiality obligations.
  • With your direction or consent — when you ask us to share information, for example by using a sign-in provider or sharing a routine link.

Some U.S. state privacy laws (such as California's CPRA) define "sale" or "sharing" broadly to include certain analytics or advertising activities. We do not knowingly engage in sales of personal information for monetary consideration. To the extent any such transfer is treated as "sharing" under those laws, you may opt out as described in Section 9.

4. Analytics and advertising partners

We use analytics tools to understand how the Services are used. These tools collect device, usage, and approximate location data through cookies, SDKs, or similar technologies. We configure them to limit personal data collection where possible (for example, IP truncation).

Google Analytics.Provided by Google LLC (and Google Ireland Limited in the EU/UK). Google may set cookies and process information about how you use the Site. You can review Google's practices at policies.google.com/privacy and opt out using the Google Analytics Opt-out Browser Add-on.

We may use additional analytics, attribution, error-monitoring, push-notification, and marketing partners. The list of sub-processors is available on request via [email protected].

We do not knowingly serve interest-based advertising to children, and we do not allow partners to use information we share with them for their own independent marketing purposes.

5. Cookies and tracking

Cookies, local storage, SDKs, pixels, and similar technologies ("Cookies") help the Services work, remember your preferences, secure sign-in, and measure performance. We use the following categories:

  • Strictly necessary — required to operate the Services (e.g. session, security, load balancing). These cannot be turned off.
  • Preferences — remember settings such as language or theme.
  • Analytics & performance — help us understand how the Services are used so we can improve them.
  • Marketing — used only where we engage in marketing activities and only with your consent where consent is required.

Where required by law (for example in the EU/UK), non-essential Cookies are loaded only after you give consent through our consent banner. You can change or withdraw your consent at any time through the cookie settings link in the footer or your browser settings.

6. International data transfers

Lagodish Tech may transfer, store, and process your information in countries other than your own, including outside the European Economic Area, United Kingdom, or your country of residence. Where we transfer personal data internationally, we use lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK's International Data Transfer Agreement / Addendum, adequacy decisions, or equivalent safeguards. A copy of the relevant safeguards is available on request via [email protected].

7. Data retention

We keep personal information only for as long as needed for the purposes described in this Policy, unless a longer period is required or allowed by law. As a general rule:

  • Account and profile data — for the life of your account plus a limited period after deletion to comply with legal obligations and resolve disputes.
  • Scans, routines, and saved items — until you delete them or your account.
  • Support and email correspondence — typically up to 36 months after the last contact.
  • Payment, tax, and accounting records — as required by applicable financial and tax law (typically up to 10 years).
  • Aggregated or de-identified data that can no longer be associated with you may be kept indefinitely.

8. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), access controls, least-privilege principles, hashed passwords, and regular review of our infrastructure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for any activity under your account.

If we become aware of a personal-data breach affecting you, we will notify the relevant supervisory authority and, where required, you, in accordance with applicable law.

9. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding personal information we hold about you:

  • Access & portability — request a copy of your personal information in a portable format.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion / erasure — ask us to delete your personal information, subject to legal exceptions.
  • Restriction & objection — restrict or object to certain processing, including processing based on legitimate interests and direct marketing.
  • Withdraw consent — withdraw any consent you previously gave, without affecting the lawfulness of prior processing.
  • Opt out of "sale" or "sharing" (California, Colorado, Connecticut, Virginia, Utah, and similar U.S. states) — request that we not sell or share your personal information for cross-context behavioral advertising. As stated above, we do not sell personal information for money; you may still opt out of any sharing through the contact details below or by enabling Global Privacy Control (GPC) in your browser, which we recognize where required.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.
  • Authorized agents — you may use an authorized agent to submit a request on your behalf, subject to verification.

To exercise your rights, contact us at [email protected]. You can also delete most information directly from your account settings inside the App, including your full account. We may need to verify your identity before completing your request, and we will respond within the timeframes required by applicable law.

If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with a data-protection authority, you have the right to lodge a complaint with your local supervisory authority. Because Lagodish Tech is established in Poland, our lead supervisory authority is the Urząd Ochrony Danych Osobowych (UODO). We would, however, appreciate the chance to address your concerns directly first.

10. Children

The Services are intended for users aged 16 and older (or such higher age as required by your local law, for example 18 in some jurisdictions). We do not knowingly collect personal information from children under 16, and the Services are not directed to children under 13 in the United States (COPPA). If you believe a child has provided personal information to us, please contact [email protected] and we will take appropriate steps to delete it.

11. Third-party services and links

The Services may contain links to third-party websites, retailers, and services that we do not own or control, including affiliate retailers (see our Affiliate Disclosure). Their information practices are governed by their own privacy policies. We encourage you to read them. We are not responsible for the practices of third parties.

12. California-specific disclosures

For California residents under the CCPA/CPRA, the categories of personal information we collected in the last 12 months are described in Section 1. We collect this information directly from you, automatically through your use of the Services, and from limited third-party sources described in Section 1. We use it for the business and commercial purposes described in Section 2 and disclose it to the categories of recipients described in Section 3. We do not knowingly sell personal information for money. California residents may also request information under the "Shine the Light" law (Cal. Civ. Code §1798.83); we do not share personal information with third parties for their own direct-marketing purposes.

13. Notice to users outside the United States

If you access the Services from outside the country where Lagodish Tech operates, your information may be processed in countries that may not provide the same level of data protection as your home country. We take reasonable steps and use lawful transfer mechanisms as described in Section 6.

14. Do Not Track

Some browsers send a "Do Not Track" signal. Because no consensus standard has emerged, we do not currently respond to DNT signals. We recognize the Global Privacy Control (GPC) signal where required by applicable law as an opt-out preference for sharing.

15. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you (for example by posting a notice on the Site or App, or by email) and update the "Last updated" date above. Your continued use of the Services after the changes take effect means you accept the revised Policy.

16. Contact us

Lagodish Tech is the controller responsible for your personal information. For privacy questions, requests, or complaints, contact:

Lagodish Tech
Warsaw, Poland
Email: [email protected]
Web: Contact us