Fragrance Engine

Privacy Policy

Effective date: April 29, 2026

1. Scope

This policy describes the personal data matelier collects, the purposes for which we use it, and the third-party processors who help us deliver the Service. It applies to anyone using matelier, including visitors in the European Economic Area and United Kingdom.

2. Data we collect

  • Account data: email address, hashed password (or OAuth identifier), display name, and optional public handle if you opt in.
  • Shelf and activity data: the fragrances you add, ratings, notes, wear events, layering recipes, and feedback you give to the recommender.
  • Device and session data: session tokens required to keep you signed in, browser type, and approximate location when you grant geolocation for weather lookups.
  • Diagnostic data: error reports and performance traces when our error monitoring is enabled.

3. How we use it

  • To operate and improve the Service.
  • To produce recommendations grounded in your shelf, weather, and context.
  • To authenticate your sessions and prevent abuse.
  • To process payments if you subscribe to a paid plan (planned).
  • To meet legal obligations.

4. Third-party processors

The following third parties process data on our behalf. Each integration is gated to its stated purpose.

  • Supabase (in use): Authentication and database hosting (Postgres + auth tokens).
  • Open-Meteo (in use): Weather lookups when you grant geolocation, to ground recommendations.
  • OpenAI (in use): Server-side embedding generation used to compute fragrance similarity.
  • Stripe (planned for future use): Subscription billing and payment processing.
  • Sentry (planned for future use): Error monitoring and crash reporting.
  • Computer-vision provider (planned for future use): Bottle and shelf scanning to identify fragrances from photos.

5. Cookies and local storage

We use a small amount of essential storage (browser localStorage and httpOnly session cookies) to keep you signed in and remember your shelf state. Optional preferences and analytics storage stay off until you opt in through the cookie banner. You can change your choice at any time by clearing site data and reloading.

6. Your rights

If you are in the EEA, UK, or another jurisdiction with similar rules, you have the right to access, correct, delete, or export your personal data, and to object to or restrict processing. You can exercise these rights through the contact channel listed below.

7. Retention

We keep account data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations. You can request deletion at any time.

8. International transfers

Some processors are based outside your country of residence. When we transfer personal data internationally, we rely on standard contractual clauses or equivalent safeguards.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16.

10. Changes

We will update this policy to reflect material changes. When material processors are added or removed, we will bump the consent banner so you can re-confirm your choices.

11. Contact

Privacy requests can be sent through the contact channel listed on the support page.