Privacy Policy

Last updated: April 2026

Ralli is built by GoodSisters — a small team that genuinely cares about your skin and your privacy. We collect only what we need to make the app work, we never sell your data, and we try to be straight with you about everything we do.

What we collect

When you create an account and use Ralli, we collect:

• Account information — your name, email address, and profile photo if you choose to add one.
• Skin profile — skin type and concerns you select during onboarding. This is used to personalise your experience.
• Product interactions — products you scan, add to your routine, love, or flag as breaking you out.
• Posts and ratings — anything you share to the feed or rate, including ingredients you paste or photograph.
• Messages — direct messages you send to other users.
• Usage data — how you interact with the app (which features you use, how often) to help us improve it.

What we do not collect

• We do not collect payment information — we have no in-app purchases.
• We do not track your location.
• We do not access your camera roll beyond the specific photo you choose to share.
• We do not read your contacts.

How we use your data

• To run and improve the Ralli app.
• To show you personalised content — your feed, product scores, and recommendations — based on your skin profile and activity.
• To let other users follow you, see your public posts, and message you.
• To calculate community ratings on products.
• To identify you as an admin if applicable and provide access to admin tools.
• To send you notifications about activity on your posts (likes, comments, new followers).

Who we share your data with

We use the following third-party services to run the app:

• Firebase (Google) — database, authentication, and hosting. Your data is stored on Google's servers.
• Anthropic — when you photograph a product or ingredient label, the image is sent to Anthropic's Claude API for analysis. Images are not stored by Anthropic beyond the request.
• Open Beauty Facts — a public ingredient database we query to look up product information.
• Amazon — product links may include our affiliate tag. Clicking them and purchasing earns us a small commission at no extra cost to you.

We do not sell your personal data to advertisers or any third parties.

Your public profile

Your display name, profile photo, and any posts you make to the feed are visible to other Ralli users by default. You can set your product lists (Routine, Loved, Want to Try) to private in your profile settings at any time.

Data retention

We keep your data for as long as your account is active. If you delete your account, your profile and posts are removed. Some data — such as anonymised product ratings — may remain in aggregate form.

Children's privacy

Ralli is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us. You can also delete your account directly within the app under Profile → Settings.

Changes to this policy

We may update this policy from time to time. We'll update the date at the top when we do. Significant changes will be communicated in the app.