Privacy policy

Mobile App

Note that this privacy policy applies to app versions 3.0.0 and above. If you are on an older version of the app, refer to the previous policy.

Last updated: 30 December 2025

ElementX Limited (“ElementX”, “we”, “us”, “our”) provides the UVLens mobile application (the “App”).

For the purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, ElementX Limited is the data controller for personal data processed via the App.

Privacy contact: support@uvlens.com

Postal address: Commercial Bay Tower Level 17/19 Customs Street West, Auckland Central, Auckland 1010

ElementX is not required to appoint a Data Protection Officer under Article 37 GDPR due to the nature and scale of its processing activities.

1. Personal data we collect

We collect the following categories of personal data:

  • Account data: email address, name (if provided), hashed password, and authentication identifiers processed via Firebase Authentication (including Google Sign-In).
  • App and backend data: account-related and app data stored using Firebase Realtime Database.
  • Device data: device identifiers, operating system and app version, language, crash reports, and performance logs.
  • Location data (optional): coarse or precise location used to show local UV index and forecasts.
  • Skin type information (optional): responses to an in-app skin type quiz (e.g. UV sensitivity categories), used only to personalise UV guidance and not as medical advice.
  • Usage data: in-app interactions, feature usage, session timestamps, and analytics events (e.g. Firebase Analytics).
  • Support data: information you provide when contacting support (via Zoho).
  • Marketing preferences: notification and email opt-in or opt-out choices.

2. How we use personal data

We use personal data to:

  • Provide and operate the App and its features
  • Authenticate users and secure accounts
  • Show local UV information where location access is enabled
  • Personalise UV guidance where skin type information is provided
  • Maintain, secure, and improve the App
  • Respond to support requests
  • Send service-related and permitted marketing communications
  • Meet legal and regulatory obligations

Legal bases

Processing is carried out as necessary to perform our contract with you, based on your consent, to comply with legal obligations, or in our legitimate interests (such as maintaining security and improving the App). Where we rely on consent, you may withdraw it at any time via device or App settings.

3. Sharing personal data

We may share personal data with:

  • Service providers (data processors):
    • Google Firebase (Authentication, Realtime Database, Analytics)
    • Google Cloud Platform (hosting and infrastructure)
    • Zoho (customer support)
    • Email and messaging providers
    These providers process data on our behalf under GDPR-compliant agreements.
  • Authorities: where required by law or to protect our legal rights.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell personal data.

4. International data transfers

Personal data may be processed outside the EEA or the UK. Where required, transfers are protected using appropriate safeguards such as Standard Contractual Clauses or equivalent protections.

5. Data retention

We retain personal data only for as long as necessary:

  • Account and app data: retained for the life of the account and deleted upon self-service account deletion, subject to limited legal retention.
  • Location data: used in real time and not stored longer than necessary.
  • Skin type information: retained until deleted, reset, or account removal.
  • Analytics and logs: retained for security and performance purposes, typically 12–24 months.
  • Support data: retained as needed to resolve enquiries and meet legal requirements.

6. Your rights (EEA and UK users)

You have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent at any time.

Self-service deletion:

You can delete your account and personal data directly within the App at any time. This is the fastest way to exercise your right to erasure and does not require contacting us.

You may also lodge a complaint with your local data protection authority. If you need assistance, you can contact us at support@uvlens.com.

7. Children’s privacy

The App is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 and will delete such data if identified.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and monitoring. No system is completely secure, but safeguards are regularly reviewed.

9. Analytics and app performance

We use analytics technologies (such as Firebase Analytics) to understand how the App is used, monitor performance and reliability, detect issues, and improve features.

This analytics processing is necessary for the operation, security, and improvement of the App and is therefore enabled by default and required to use the App.

Analytics data is used only for first-party purposes, is not used for advertising or cross-app tracking, and is not shared for marketing or profiling. Where available, controls may be provided via device or App settings.

10. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email where appropriate, and the “Last updated” date will be revised.

Contact Us

support@uvlens.com

© 2025 ElementX Limited, All Rights Reserved.

License AgreementPrivacy PolicyPress Kit