Biometric, Visual Analysis & AI Matching Consent

Last Updated: June 4, 2026 · Effective Date: June 4, 2026 · Version 1.0

This Biometric, Visual Analysis, Image Processing, and AI Beauty Matching Consent Policy is issued by Constella AI Technologies, Inc. ("Constella," "Constella AI," "Company," "we," "us," or "our"). It explains how Constella may collect, capture, receive, possess, store, process, analyze, use, disclose, protect, retain, destroy, de-identify, or otherwise handle photographs, videos, selfies, face images, eye images, lash images, brow images, skin images, before-and-after images, treatment images, portfolio images, visual analysis data, image-derived data, and, where applicable, biometric identifiers or biometric information.

This Policy applies to all Constella websites, applications, dashboards, AI tools, matching tools, marketplace features, client profiles, provider profiles, booking flows, image upload features, review features, and recommendation engines — including Constella AI, Constella Orbit, Beauty Passport, Constella Match AI, LashMatch AI, BrowMatch AI, WaxMatch AI, SkinMatch AI, GlowMatch AI, MedSpaMatch AI, BridalMatch AI, and any other current or future Constella product.

1. Plain-English Summary

Constella AI uses visual information to make beauty, wellness, aesthetics, and personal-care discovery smarter. Clients may upload selfies, eye, lash, brow, skin, or goal photos so Constella can recommend a better provider, service, product, or beauty plan. Providers may upload portfolio and before-and-after images. Some visual analysis involves AI and may produce observations, measurements, labels, scores, or feature maps that — depending on jurisdiction — may be treated as biometric information, biometric identifiers, sensitive personal information, or consumer health data. Constella is a technology platform and does not provide medical diagnosis, treatment, emergency care, or licensed healthcare services.

2. Core Consent Statement

By using Constella's visual analysis, image upload, Beauty Passport, provider matching, before-and-after, portfolio, or AI recommendation features, you authorize Constella AI Technologies, Inc. to collect, capture, receive, possess, store, process, analyze, use, disclose, retain, destroy, and otherwise handle your Visual Data, Image-Derived Data, and, where applicable, biometric identifiers or biometric information for the purposes described in this Policy. You understand that AI may be inaccurate, that Constella does not guarantee any beauty, wellness, skincare, or aesthetic result, that Constella does not provide medical advice, and that you may withdraw consent for future processing.

3. Definitions

Visual Data means any photograph, video, selfie, facial image, eye image, lash image, brow image, skin image, hair image, hand image, body image, before-and-after image, treatment image, provider portfolio image, inspiration image, product result image, screenshot, image metadata, or other visual content uploaded, captured, submitted, received, stored, or processed through Constella.

Image-Derived Data means any measurement, observation, inference, template, vector, embedding, landmark, label, annotation, segmentation, score, tag, analysis, comparison, match factor, recommendation input, or other data derived from Visual Data.

Biometric Identifier means information defined as a biometric identifier under applicable law, including retina/iris scan, fingerprint, voiceprint, hand-geometry scan, face-geometry scan, or other legally defined biometric identifier.

Biometric Information means information based on or derived from a Biometric Identifier used to identify, authenticate, verify, recognize, analyze, or characterize an individual, as defined by applicable law.

Beauty Passport, Constella Match AI, Constella Orbit, Provider, Client, and Sensitive Visual Data are defined as set forth in the full Policy.

4. Scope

This Policy applies whenever Constella collects or processes Visual Data or Image-Derived Data through client photo uploads, provider photo uploads, Beauty Passport, Constella Match AI, LashMatch AI, BrowMatch AI, WaxMatch AI, SkinMatch AI, GlowMatch AI, MedSpaMatch AI, BridalMatch AI, Constella Orbit, provider portfolio tools, before-and-after galleries, treatment-result uploads, review and testimonial features, product recommendation tools, AI beauty plan tools, skin/lash/brow/eye/face/style analysis tools, fraud detection and platform safety systems, customer support workflows, marketing content approved by users, and analytics and product improvement systems. This Policy supplements — and does not replace — the Privacy Policy.

5. Data We May Collect

Depending on the feature: selfies; profile photos; facial, eye-area, lash, brow, skin, hair, or scalp photos; before-and-after and treatment-progress photos; provider portfolio images; inspiration and product-result photos; photos in reviews or testimonials; captions, labels, tags; upload date and time; device and technical metadata; image-quality metadata; consent records; user ID; provider ID; booking/service ID; AI-generated visual observations, feature tags, match scores, provider-fit factors, product recommendation inputs, Beauty Passport attributes, portfolio insights, and fraud/authenticity indicators; image moderation outputs; and de-identified or aggregated analytics. Constella does not intentionally collect biometric identifiers unless a feature clearly requires it and you've provided the required consent. Because some jurisdictions treat face geometry or facial landmarks as biometric information, Constella applies heightened safeguards to those categories.

6. What Constella Does Not Intend to Do

Unless expressly disclosed in a separate notice and consent, Constella does not intend to use biometric data to identify you across unrelated services, perform face recognition in public spaces, support law enforcement surveillance, sell/lease/trade biometric identifiers, determine creditworthiness, make employment or insurance eligibility decisions, substitute for a licensed provider's professional judgment, or knowingly collect images of minors without verified parental or legal-guardian consent.

7. Purposes of Processing

Constella may use Visual Data, Image-Derived Data, and biometric-related data to: create and improve Beauty Passport; personalize client experiences; match clients with providers, services, and products; generate AI-powered beauty, provider, rebooking, and style recommendations; support lash, brow, wax, skin, glow, medspa, bridal, and future verticals; identify client preferences and visual beauty goals; support provider portfolios, before-and-after galleries, and Constella Orbit analytics; detect fake or manipulated images, fake reviews, and fraudulent before-and-after content; prevent identity misuse, account abuse, spam, and platform manipulation; moderate unsafe or unlawful content; improve AI matching, image analysis, and recommendation systems; provide customer support; debug; maintain security; audit consent; comply with law; respond to lawful requests; enforce agreements; resolve disputes; protect rights, safety, and property of Constella, users, providers, partners, and the public; and create de-identified or aggregated analytics where permitted.

8. Beauty Passport Use

Beauty Passport may use Visual Data to help understand or organize eye shape, lash appearance, brow shape, skin appearance, face shape, visible preferences, preferred style categories, service history, product preferences, sensitivity preferences, provider preferences, before-and-after outcomes, personal beauty goals, event-based beauty planning, rebooking patterns, product compatibility, and service recommendation inputs. Beauty Passport is not a medical chart, diagnosis tool, dermatology tool, prescription tool, or emergency health service.

9. Constella Match AI

Constella Match AI may use Visual Data and Image-Derived Data to help recommend providers, services, products, timing, routines, or next steps based on client goals, preferences, location, budget, availability, provider specialty and portfolio, reviews, before-and-after examples, service history, Beauty Passport profile information, provider profile information, product preferences, rebooking behavior, availability, pricing, and safety/compatibility disclosures. It is an assistive recommendation tool, not a guarantee, warranty, professional diagnosis, licensed consultation, or promise of outcome.

10. Provider Portfolio & Constella Orbit

Providers using Constella Orbit must not upload client images without all legally required consents and releases, and represent and warrant they have permission to upload and use each image for portfolio, matching, marketing, or before-and-after purposes; that no image violates privacy, publicity, medical, biometric, consumer protection, intellectual property, or professional rules; that no image is deceptive, fake, stolen, or materially misleading; that no image involves a minor unless legally authorized; and that they can produce proof of consent on request. Constella may remove, restrict, blur, reject, or investigate any provider-uploaded image.

11. Client Upload Responsibilities

Clients may only upload images they own or have permission to use. Prohibited content includes images of another person without permission, images of minors without legal authority, sexually explicit or exploitative images, unlawfully obtained images, images violating privacy or publicity rights, images containing medical records or confidential documents, harassing or impersonating images, deepfakes, images containing passwords, IDs, or payment cards, and images that violate provider confidentiality or professional rules.

12. Consent Requirements

Constella will seek affirmative consent where required before collecting or processing Visual Data or biometric-related data. Consent records may include name, email, user ID, provider ID, date and time, IP address, device/session information, policy version, exact consent text presented, feature used, uploaded content ID, consent choices selected, withdrawal history, and related booking ID. Records are retained for legal, compliance, security, audit, and dispute-resolution purposes.

13. Withdrawal of Consent

You may withdraw consent for future visual analysis or biometric-related processing through account settings, by deleting uploaded images where available, by disabling visual analysis features, by emailing privacy@constellamatch.com, or by submitting a privacy request. Withdrawal may limit or disable features. Withdrawal does not automatically require immediate deletion where retention is required or permitted for legal compliance, security, fraud prevention, dispute resolution, accounting, tax, audit, backups, contract enforcement, consent recordkeeping, dispute investigation, or protection against legal claims. Constella honors deletion and withdrawal requests as required by applicable law.

14. Sharing With Providers

Constella may share relevant Visual Data, Beauty Passport information, Image-Derived Data, or client-preference information with providers when you ask to be matched, contact a provider, request a consultation, book an appointment, authorize sharing, or when sharing is needed to support a service request, booking, support, safety, or dispute issue. Providers are independent third parties governed by their own policies, consents, professional duties, and applicable laws.

15. Sharing With Vendors

Constella may share data with cloud hosting, database, image storage, AI processing, image moderation, security, fraud prevention, customer support, analytics, consent management, payment, communications, and legal/compliance/audit/insurance vendors, who are required to process data only as instructed, use reasonable safeguards, restrict unauthorized use, and comply with applicable contractual obligations. Additional restrictions apply for vendors processing biometric, sensitive, or consumer health data.

16. Disclosure to Authorities

Constella may disclose Visual Data, Image-Derived Data, biometric-related data, or consent records to comply with law, respond to subpoenas/court orders/warrants/lawful requests, protect rights and safety, investigate fraud or abuse, enforce agreements, resolve disputes, defend legal claims, protect providers or clients, respond to emergencies, or comply with regulatory inquiries.

17. No Sale, Lease, or Trade of Biometric Identifiers

Constella will not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information as biometric data. Constella may receive revenue from subscriptions, bookings, marketplace fees, product recommendations, affiliate relationships, brand partnerships, advertising, verification, software, and provider tools; such revenue is not intended to constitute a sale of biometric identifiers.

18. Product Recommendations, Affiliate Relationships & Sponsored Content

Product recommendations may be based partly on Visual Data, Beauty Passport, provider input, service history, product preferences, AI analysis, affiliate relationships, sponsorships, or brand partnerships. Constella may receive compensation. Constella does not guarantee that any product will be safe, suitable, effective, or appropriate for every user. Review labels, ingredients, warnings, contraindications, instructions, allergy information, and professional guidance before use.

19. Reviews, Testimonials & Before-and-After Content

Reviews, testimonials, or before-and-after content must be truthful and not materially misleading. Fake reviews, fake before-and-after images, stolen images, AI-generated fake client results, materially altered results without disclosure, undisclosed paid endorsements, and misleading claims are prohibited. Constella may remove, label, reject, or investigate deceptive, unsupported, manipulated, unlawful, or unsafe content.

20. Medical, MedSpa, Skincare & Consumer Health Data Disclaimer

Visual analysis is not medical advice, medical diagnosis, dermatology diagnosis, emergency care, prescription advice, clinical screening, treatment planning, or a substitute for a licensed professional. For skin conditions, allergies, eye conditions, infections, injuries, pregnancy-related concerns, medication interactions, medspa treatments, injectables, lasers, peels, microneedling, or other regulated services, consult a qualified licensed professional.

21. AI Limitations & Human Judgment

AI may be affected by lighting, camera angle, image resolution, makeup, filters, editing, skin tone representation, hair coverage, eyelash extensions, contact lenses, brow styling, prior procedures, poor image quality, incomplete profile information, provider data quality, training-data limitations, and algorithmic bias. AI outputs may be wrong. Constella does not guarantee accuracy, suitability, availability, safety, satisfaction, or outcomes.

22. Data Security

Constella uses reasonable administrative, technical, and physical safeguards including encryption in transit, encryption at rest where appropriate, role-based access controls, limited employee access, authentication controls, secure cloud infrastructure, vendor due diligence, logging and monitoring, consent recordkeeping, security reviews, secure deletion workflows, incident response, data minimization, access restrictions for sensitive data, internal policy controls, training, and contractual protections for vendors. No system is completely secure.

23. Retention & Destruction Schedule

Active Beauty Passport images: retained while the account is active or while needed for the requested feature. Provider portfolio images: retained while the provider profile, listing, or portfolio remains active, unless removed earlier. Before-and-after images: retained while authorized for portfolio, educational, marketing, review, verification, or platform purposes, unless withdrawal or deletion is required by law. Consent records: retained as long as needed for legal compliance, audit, dispute resolution, and proof of consent. Security and fraud records: retained as long as needed to protect the platform and comply with law. Backups: retained for limited periods under ordinary backup and disaster recovery cycles. De-identified or aggregated data: may be retained indefinitely. For biometric identifiers or biometric information, Constella targets deletion no later than (a) one year after the purpose for collection has been satisfied where Texas-style rules apply; (b) three years after the user's last interaction where Illinois-style BIPA rules apply; or (c) any shorter period required by applicable law.

24. Deletion, De-Identification & Anonymization

Constella may delete data by permanently deleting source files, deleting biometric templates or derived identifiers, removing account association, de-identifying, anonymizing, aggregating, overwriting or cryptographically deleting, purging from active systems, or allowing backup copies to expire through normal cycles. Deletion may not immediately remove data from backups, archived logs, legal-hold systems, fraud-prevention records, consent records, dispute records, third-party systems, or materials already published under a valid release.

25. User Privacy Rights

Depending on your location, you may have rights to know, access, receive a copy, correct, delete, withdraw consent, opt out of sale or sharing, limit use of sensitive personal information, restrict processing, appeal, request information about disclosures, and request deletion of biometric-related data. To exercise rights, email privacy@constellamatch.com. Constella may verify your identity before fulfilling requests.

26. Minors

Constella's visual analysis and biometric-related features are intended for adults. Images of minors may not be uploaded unless Constella expressly allows the use case, you have legal authority, verifiable parental or guardian consent is obtained where required, content complies with all applicable laws, and Constella's minor-specific consent or release (if required) is completed.

27. Sensitive Categories & Protected Classes

Constella does not intentionally use Visual Data to make decisions based on protected characteristics, and does not intend to use Visual Data to discriminate based on race, color, religion, national origin, sex, sexual orientation, gender identity, disability, age, citizenship, pregnancy, veteran status, or other protected status. Constella may restrict, suppress, audit, or avoid certain categories of inference, and uses fairness, safety, and quality measures to reduce discriminatory or misleading outcomes.

28. Automated Decision-Making

Constella may use automated systems to rank, recommend, personalize, moderate, or match. Visual AI outputs are not intended to make legally significant decisions about employment, credit, housing, insurance, education, healthcare eligibility, or government benefits.

29. International Users

Constella is operated from the United States; information may be processed in the U.S. or other countries where Constella or its service providers operate. You are responsible for ensuring lawful use of visual analysis features in your jurisdiction. Constella may restrict features in jurisdictions with additional biometric, health, privacy, AI, or image-processing requirements.

30. Business Transfers

Constella may disclose or transfer Visual Data, Image-Derived Data, consent records, and related information in connection with mergers, acquisitions, financing, investment, restructuring, sale of assets, bankruptcy, due diligence, change of control, or assignment to an affiliate or successor. Any successor will handle data in accordance with applicable law and materially consistent protections unless otherwise disclosed and legally permitted.

31. Incident Response

If Constella becomes aware of unauthorized access to Visual Data, Image-Derived Data, biometric-related data, or sensitive personal information, Constella will investigate and respond according to applicable law and may notify affected users, regulators, law enforcement, vendors, providers, or other parties where required or appropriate.

32. HIPAA & Provider Relationships

Constella is generally a technology platform and may not be a HIPAA-covered entity. Some providers (medical spas, healthcare providers, regulated aesthetic practices) may be subject to HIPAA, state medical privacy laws, professional confidentiality rules, or consumer health data laws. Providers are responsible for determining whether a business associate agreement, data processing agreement, patient authorization, medical record consent, or additional compliance measures are required. Users should not upload medical records or PHI unless expressly requested through an approved feature.

33. Provider Compliance Duties

Providers must obtain all required client consents before uploading images, maintain proof of consent, avoid uploading PHI unless authorized, avoid uploading minor images without proper consent, avoid misleading before-and-after content, avoid fake results, comply with licensure rules, comply with professional advertising rules, comply with privacy and biometric laws, comply with consumer protection laws, remove content on lawful request, and promptly notify Constella of any unauthorized image upload or consent dispute.

34. Prohibited Uses

You may not use visual analysis features to identify or track someone without consent, harass or shame, generate fake before-and-after results, impersonate, upload stolen or exploitative images, analyze minors without authorization, create discriminatory profiles, make employment/credit/insurance/housing/legal eligibility decisions, train a competing system, scrape visual datasets, reverse engineer Constella's AI, or violate biometric, privacy, medical confidentiality, or professional licensing rules.

35. Policy Updates

Constella may update this Policy. Material changes may be communicated by email, in-app notice, website notice, consent screen, or other reasonable means. Where required, Constella will obtain renewed consent before applying materially different uses to previously collected biometric-related data.

36. Contact

Constella AI Technologies, Inc. — Attn: Privacy, Biometric Compliance, and Visual Analysis Requests
Privacy: privacy@constellamatch.com
Legal: legal@constellamatch.com
Support: support@constellamatch.com
Website: constellamatch.com