How does Vereme's AI beauty analysis work?

Vereme uses AI to analyze over 250,000 skincare and haircare products worldwide, considering your specific skin type, concerns, budget, and time constraints to provide personalized recommendations backed by scientific research.

What skin types does Vereme support?

Vereme supports all skin types including normal, oily, dry, combination, sensitive, acne-prone (teenage, adult, cystic, hormonal, fungal), mature skin (early, mid, late), eczema-prone, and specialized needs like pregnancy and baby skin.

How much does Vereme cost?

Vereme offers personalized beauty analysis for $27 (founding member price; regularly $49). This one-time fee provides comprehensive skincare and haircare recommendations with product prices and retailers.

What countries does Vereme support?

Vereme provides product pricing and availability for the United States, Canada, United Kingdom, Australia, Singapore, UAE, Philippines, India, New Zealand, and Mexico.

Does Vereme recommend professional treatments?

Yes, Vereme recommends professional skincare treatments, at-home devices, prescription options, and supplements in addition to skincare and haircare products, providing a comprehensive beauty solution.

Privacy policy

Last updated: April 20, 2026

Vereme, Inc. (a Delaware C-corp), with operations supported by ES5 Pte Ltd (Singapore), explains here how we process personal data when you use Vereme.

Counsel: confirm which entity is the data controller for each launch market (US, EU/EEA, UK), and name it here. Confirm whether an EU/UK representative and/or a DPO is required, and add contact details if so.

Data we process

Account. Email address, authentication data, and optional profile details you provide.
Chat. Messages you send to Vereme and Vereme's replies. We use these to operate the service and, as described below, to understand the emotional context of what you tell us.
Emotional context. How you're feeling, as you describe it to us or as we infer it from the words in your messages. See "How Vereme understands how you're feeling."
Photos. Images you upload for analysis (for example, skin, wardrobe, or styling photos), processed to deliver recommendations.
Voice (if you use voice input). When you speak to Vereme, your speech is converted to text by your device's own browser before it reaches us. We receive and store only the resulting text. We do not receive, process, or store audio recordings of your voice.
Payments. Billing-related data handled by Stripe. We do not store full card numbers on our servers.
Technical. IP address, device and browser metadata, approximate location derived from IP, and cookies or similar technologies used for security and analytics (subject to your consent where required).

Counsel: photo-based skin and appearance analysis may involve processing of a facial image. Confirm whether this constitutes biometric or special-category processing under GDPR Art 9 (and equivalent US state law), and whether explicit consent is required. If so, reflect the lawful basis here and ensure the consent flow matches.

How Vereme understands how you're feeling

Vereme is designed to recognize the emotional context of what you share, so it can respond with care and tailor its suggestions to where you are. We do this in two ways: from what you tell us directly (for example, when you log a mood or use emotion-tracking features), and by analyzing the text of your messages to infer how you're feeling.

This inference is based on your words — the text of what you write or, for voice input, the text your browser produces before it reaches us. It is not based on your face, your voice, or any physical or physiological measurement. You can review and delete your emotion history in settings.

Counsel: data revealing emotional or mental state may be special-category data under GDPR Art 9. Confirm the lawful basis (likely explicit consent) and that the in-app consent and controls match what is stated here.

Keeping you safe

Vereme reviews conversations for signs of crisis, acute distress, or disordered eating, so it can respond appropriately and point you toward support. We treat this safety signal as our most protected category of data: it is pseudonymized using a one-way process that obscures your identity, it is accessible only to Vereme's internal safety systems, and it is never licensed, sold, aggregated for licensing, or used to influence any product recommendation.

Interaction patterns you can opt into

Separately from your account and chat content, you can choose to share optional information about how you use the app — not what you look like and not what you say. You can turn each type off in settings, which deletes the stored history for that type. For your first 14 days after sign-up we only collect these (we do not use them to change your recommendations) so the picture settles before it informs anything.

How you take your photos — attempts before you submit, whether you use adjustment tools, and time spent before sending. This is metadata about the capture flow.
How quickly you answer — how long you take to choose when Vereme shows a short list of options.
When you open the app — session start (local hour) and session length.
Where you linger — the coarse on-screen areas (such as a section of a page) where you spend time while viewing a result. This is scroll and viewport position, not camera-based gaze or eye tracking.
How you write to Vereme — aggregate measures such as backspace frequency and pauses before sending, taken from the text field only.

Counsel: some of these (typing rhythm, timing) can be characterized as behavioral signals. Confirm they are used only for personalization and do not feed any emotional or psychological-state inference. If any of them do, that processing must be disclosed here and assessed for biometric/special-category status — it would materially change the analysis.

How we use data

We use this information to provide and secure the service, understand your emotional context, personalize recommendations, process payments, communicate with you, comply with law, and improve Vereme. Our recommendations and personalization are generated automatically from your own data; they are there to help you decide and do not by themselves produce legal or similarly significant effects. We do not sell your personal data.

Counsel: confirm whether any automated personalization — particularly where emotional context informs it — triggers GDPR Art 22 safeguards, and add the required language if so.

Aggregated insights

We may combine anonymised, aggregated patterns across users (for example cohort benchmarks and peer comparisons) to improve guidance. You can opt out of contributing to new aggregates in Settings → Privacy & data. Opting out does not remove you from aggregates already computed; it stops new contributions going forward. See our methodology page for detail.

Your rights to access, export, and request deletion remain as described below.

Editorial data licensing — three-tier model

Vereme operates a three-tier data model and licenses only the middle tier to third-party partners.

Tier 1 — operational safety signals. Crisis, distress, and eating-disorder telemetry. Pseudonymized via a one-way HMAC. Never licensed, never aggregated for licensing, never used to drive any recommendation. Visible only to Vereme's internal operational systems.
Tier 2 — anonymized, cohort-floored product-experience aggregates. Mean dimension scores, retention curves, and repurchase rates per product. This is the only tier that may be licensed. Every aggregate enforces a minimum cohort of 100 distinct users; no row traceable to fewer than 100 users is ever published. Freeform notes, cycle data, and any safety-flag content are excluded by construction.
Tier 3 — internal product analytics. De-identified usage statistics that drive product decisions inside Vereme. Not licensed, not exported.

Buying licensed access to Vereme's data does not change the products Vereme recommends to anyone. Recommendations are computed from your own experience data only. The recommendation engine has no read access to data-partner contracts, and the data-licensing pipeline has no read access to recommendation-engine code. The separation is structural and verified daily by a brand-neutrality audit; aggregate results are published at /data-partners/audit-summary.

You can opt out of contributing to Tier 2 aggregates at any time. The opt-out also removes you from future aggregates; aggregates already published are not recallable, but the cohort floor of 100 means no single record can be recovered from any historical aggregate.

Counsel: confirm whether contributing personal data to a licensable aggregate requires opt-in (rather than the opt-out stated here) for EU/UK users, and whether any special-category data could reach Tier 2 despite the exclusions. Adjust the mechanism to match.

Processors and infrastructure

We rely on subprocessors that may process data on our behalf, including: Anthropic, OpenAI, Google (cloud and AI services), Together AI, Pinecone, Mem0, Stripe, Google Cloud Storage, Sentry, BetterStack, Mixpanel, Resend, Loops, and our IP-geolocation provider. Where photos are analyzed, specialist image-analysis providers may process those images. Contracts and safeguards appropriate to the processing apply.

Counsel / Emilie: confirm this list against the vendors actually wired in production before launch — a policy that names a processor you don't use, or omits one you do, is itself a compliance problem. In particular, name the specific image-analysis providers (e.g. those handling skin/appearance photos) rather than the generic phrase. Voice providers are intentionally absent because audio is not currently sent to the server; add them only if/when voice features that transmit audio launch.

International transfers

Vereme operates across the United States, Singapore, and the markets where you use it, so your data may be transferred internationally.

Counsel: specify the transfer mechanism (e.g. Standard Contractual Clauses, UK IDTA/Addendum) for EU/UK→US and any →Singapore transfers, and describe it here.

Data retention

We retain data only as long as needed for the purposes above or as required by law. You may request deletion subject to legal and contractual exceptions (e.g. billing records). For lifecycle stages (active, paused, cancelled, dormant, and erasure), see our data retention policy.

Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or object to certain processing, and to withdraw consent where processing relies on it. You can exercise these through the in-app contact flow or our support email. We will not discriminate against you for exercising these rights.

Children

Vereme is not directed to children, and we do not knowingly collect data from anyone below the minimum age for their market.

Counsel: set the minimum age per market (e.g. 13 under US COPPA; 13–16 across EU member states; UK 13) and the age-assurance approach, and reflect the threshold here. Coordinate with the age-gate work.

Changes to this policy

We may update this policy as Vereme changes. When we make material changes, we will update the date above and, where appropriate, notify you in the app.

Contact

Questions about this policy can be sent through Vereme's contact page or support email.