Tonebook

Biometric Information Policy

BIPA · CUBI · CCPA-CPRA

Effective: May 2, 2026 · Last updated: May 6, 2026

Controller: Ty Horton, sole proprietor (Texas, USA), operating Tonebook independently.

Why this page exists

This page satisfies the publicly available retention schedule requirement of the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the California Consumer Privacy Act / Consumer Privacy Rights Act (CCPA/CPRA) treatment of facial geometry and undertone as biometric / sensitive personal information.

What Tonebook captures

Tonebook captures and processes the following from a selfie you choose to upload:

Skin tone read
Skin undertone (warm / cool / neutral)
Hair color and value
Eye color
Overall contrast and depth read

These reads are derived computationally and are used solely to determine your color season (one of 12) and to generate your palette, hair, and makeup recommendations.

How the processing happens

By default, Tonebook runs in mock mode — no photo leaves your device. If you enable Live AI in Settings, your selfie + onboarding answers are sent through our Supabase Edge Function to OpenAI's image-vision API (current model: gpt-5.4-mini) for inference. OpenAI processes the image once per analysis under their API data-retention policy and does not use it for model training. Tonebook never stores the raw selfie or any face embedding off-device.

What Tonebook keeps and for how long

Data	Stored	Retention
Raw selfie	On your device only (Photos library if you tap Save)	Until you delete it
Face embedding / geometry	Never stored. Processed in-flight only.	0 (never persisted)
Derived data: season name, palette colors, undertone label, contrast, depth	Tonebook server (Supabase, US-East-1) tied to your account	Until you delete your account
Closet items (optional)	Your device (App Group container)	Until you delete each item or your account
Style Check log entries	Your device	Until you delete each entry or your account

What Tonebook does not do

We do not perform facial recognition or identity verification.
We do not sell, lease, trade, or otherwise disclose your biometric data to any party other than the AI processor named above.
We do not use your selfie or derived biometric data for advertising, profile targeting, model training, or any commercial purpose unrelated to generating your color analysis.
We do not share your biometric data with employers, insurers, healthcare providers, or law enforcement absent a valid court order or subpoena.
We do not store biometric data outside the United States.

Your rights

Under BIPA, CUBI, and CCPA/CPRA, you have the right to:

Know — what biometric data we have processed about you
Delete — all derived data + any device-local copies
Correct — your color analysis result if it doesn't feel right (use the Adjacent-Season comparison or retake flow)
Opt out of sale or sharing — Tonebook does not sell biometric data, so this right is automatically honored
Non-discrimination — exercising these rights does not change pricing or feature access

How to delete your data

In Tonebook: Settings → Delete my data — removes all derived data, closet items, style check log, and the device-local selfie.
By email: support@tonebook.app — we'll respond within 14 days with verified deletion confirmation. Include the email address tied to your account.

Disclosure on data we receive from third parties

We do not receive biometric data from any third party. The selfie comes from you, and only you, via the iOS Photos library or camera capture.

Updates to this policy

We will post any material changes here at tonebook.app/biometric with a new effective date. We will not retroactively expand processing scope on existing user data — any expansion requires a fresh consent gate inside the app.

Contact

Questions or to exercise any of the rights above: hello@tonebook.app. Postal address available on written request to the same email.

This policy is provided in good faith and reflects our actual practices as of the effective date. It is not legal advice and does not waive any rights you may have under federal, state, or local law.