SSC Formula Builder Back to Home
Legal

Privacy Policy

Effective date: 17 March 2026

1. Introduction

Skin Science Australia Pty Ltd T/A The Skin Science Company (ABN 79 567 634 491) ("we", "us", or "our") operates SSC Formula Builder (the "Service"), accessible at https://sscformula.com. We are committed to protecting the privacy of our users in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains what personal information we collect, why we collect it, how we use and disclose it, and how you can access or correct it. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

When you register or log in via Manus OAuth, we receive your name and email address from the authentication provider. We store this information to identify your account and deliver the Service.

2.2 Payment Information

Payments are processed by Stripe, Inc. We do not store your full card number, CVV, or expiry date on our servers. We retain only the Stripe Customer ID and Subscription ID necessary to manage your subscription. Stripe's privacy practices are governed by Stripe's Privacy Policy.

2.3 Usage Data

We collect information about how you interact with the Service, including pages visited, features used, and session duration. This data is used in aggregate to improve the Service and is not sold to third parties.

2.4 Formula and Content Data

Formulas, ingredient selections, batch notes, and other content you create within the Service are stored in our database and associated with your account. This data is used solely to deliver and improve the Service.

2.5 Cookies, Local Storage, and Tracking

We use the following browser storage mechanisms solely to operate the Service:

  • Session cookie (strictly necessary): A signed, HttpOnly, secure session cookie is set when you log in. It maintains your authenticated state and is required for the Service to function. It expires after one year or when you log out.
  • localStorage — theme preference: Stores your light/dark display preference. Contains no personal information and is never transmitted to our servers.
  • localStorage — session cache: Temporarily caches your login state client-side to reduce server requests. This data mirrors what is already stored on the server and is cleared on logout.
  • sessionStorage — formula handoff: Used to pass formula data between the Builder and Cost Calculator pages within a single browser session. This data is cleared immediately after use and is never transmitted to third parties.

We do not use advertising trackers, analytics cookies, or any third-party tracking technologies. We do not sell your data to advertising networks. Disabling cookies in your browser settings will prevent you from logging in, but will not affect your ability to view public pages.

3. How We Use Your Information

We use the personal information we collect to:

  • Create and manage your account
  • Process subscription payments and manage billing
  • Deliver the features of the Service (formula builder, cost calculator, batch sheet generation)
  • Send transactional emails (subscription confirmation, payment receipts)
  • Respond to your support enquiries
  • Improve the Service through aggregate usage analysis
  • Comply with our legal obligations under Australian law

We will not use your personal information for direct marketing without your explicit consent. If you provide consent, you may withdraw it at any time by contacting us at [email protected].

4. Disclosure of Your Information

We may share your personal information with the following third parties:

  • Stripe, Inc. — for payment processing
  • Manus (authentication provider) — for OAuth login
  • Cloud hosting providers — for database and server infrastructure (data is stored in encrypted form)

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

We may disclose your information if required to do so by law, or in response to a valid request from a government authority, court, or law enforcement agency.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (for example, financial records required under Australian tax law).

6. Security

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include encrypted data transmission (TLS), encrypted database storage, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  • Contain the breach and assess the risk of harm as quickly as possible
  • Notify affected individuals as soon as practicable, with a description of the breach, the type of information involved, and recommended steps they should take
  • Notify the Office of the Australian Information Commissioner (OAIC) by submitting a statement at www.oaic.gov.au

We aim to complete our assessment and issue notifications within 30 days of becoming aware of a potential eligible data breach. If you suspect your account has been compromised, please contact us immediately at [email protected].

8. Access and Correction

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate, out-of-date, or incomplete information
  • Request deletion of your account and associated data

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Overseas Disclosure

Some of our third-party service providers (including Stripe and our cloud infrastructure providers) may store or process data outside Australia. We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at [email protected]. We will investigate and respond within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Contact Us

For any privacy-related enquiries, please contact:

Skin Science Australia Pty Ltd T/A The Skin Science Company

ABN 79 567 634 491

Email: [email protected]

Website: https://theskinsciencecompany.com.au