Use boundary
NOCTIS analyzes cosmetic appearance signals from a user-provided scan and context. It does not diagnose, treat, cure, prevent disease, or replace professional advice.
Post-scan account flow
NOCTIS starts with the public scan. This account step saves the result privately, then unlocks onboarding, saved reports, preferences, goals, payments, notifications, and the member area.
Private account
Use the email you want linked to your NOCTIS member area. After confirmation, your report metrics, preferences, goals, and consent choices are saved to your private account. Face image history stays off unless you explicitly opt in.
Secure verification
We use this email for sign-in, report access, and essential account messages. NOCTIS stores report scores and metrics, not face images by default.
Minimal onboarding
Full report
Terms of use
NOCTIS analyzes cosmetic appearance signals from a user-provided scan and context. It does not diagnose, treat, cure, prevent disease, or replace professional advice.
NOCTIS uses a secure authentication provider for sign-in and email verification. Users are responsible for keeping account credentials secure and notifying us of unauthorized access.
Reports are informational baselines for personal comparison. Scores depend on lighting, camera quality, timing, and user context and should not be treated as clinical facts.
Paid memberships, invoices, refunds, and customer portal actions should be handled through Stripe once enabled and displayed before purchase.
Do not use NOCTIS to identify other people, evaluate employees, make insurance or lending decisions, or infer protected characteristics.
Deleting an account should remove account-linked reports and preferences unless retention is legally required for security, billing, or audit integrity.
Privacy policy
We store account identifiers, email, score, report metrics, selected objective, preferences, consent records, support/admin audit events, and billing references when enabled.
Raw camera frames, face images, biometric templates, medical diagnoses, and unnecessary special-category data are not stored by default.
Face image history is off by default and requires separate explicit consent. Users must be able to revoke this consent.
Authentication, infrastructure, payments, and email providers should be listed here once production vendor agreements are finalized.
Users may request access, export, correction, erasure, restriction, portability, and objection where applicable. Consent can be withdrawn without affecting prior lawful processing.
Reports should be retained only while the account is active or until the user deletes them, except limited security, billing, and legal retention.
Authentication is handled by a dedicated identity provider, access is role-gated, admin actions are audited, and secrets remain server-side.
Production launch should list the controller, contact email, data protection contact, subprocessors, and regional transfer safeguards.
Data policy
We store account identity, email, report score, report metrics, context selections, preferences, consent records, billing references, and admin audit events where required.
Raw frames, face images, and image history are not stored by default. Image history requires a separate explicit opt-in and can be revoked.
Product tiers may control report depth, scan limits, history, exports, progress tracking, notifications, and optional image history.
Report and account data should be retained only while useful to the user or required for billing, security, audit, or legal obligations.
Account deletion should remove account-linked reports, preferences, and entitlements unless limited retention is required for security, billing, or audit integrity.
Users should be able to export report metrics, consent history, preferences, and account records. Face images only appear in exports if image history was explicitly enabled.