whatsinthat

Let's get you a shelf.

Drop your email and we'll send a one-time welcome note with two quick instructions. From then on, any photo or link you email us gets scored, priced, and saved.

By signing up you accept our Terms and Privacy Policy. We'll set up a shelf at this email address. You can delete everything with one click from any email we send.

Privacy Policy

Last updated: May 2026

Who we are

whats@inthat (“we”, “us”, “our”) operates whats.inth.at, a consumer transparency platform that scores beauty and skincare products on safety, ethics, and value. This policy describes what data we collect, how we use it, and your rights.

What we collect

  • Account information. Email address you sign up with or scan from. Optional: name, skin profile (skin type, concerns, allergens).
  • Scan data. Photos, URLs, or links you send us for analysis. We use these to identify the product and score its ingredients.
  • Shelf data. Products you save, routine preferences, and any notes you add.
  • Usage data. Pages you visit, features you use, clicks on buy links. We use privacy-respecting analytics (no cross-site tracking, no ad networks).
  • Payment information. If you subscribe to a paid plan, payment is processed by Stripe. We never see or store your full card number.

How we use your data

  • To process your scans and deliver product scores.
  • To personalize your experience (Personal Fit pillar, shelf conflicts, routine advice).
  • To send transactional emails (scan results, account notifications).
  • To improve our scoring algorithms and product catalog.
  • To generate anonymous, aggregated insights about product safety trends.

Third-party services

  • OpenAI. We use AI models to identify products from photos and enrich product data. Your scan photos may be processed by OpenAI's API. OpenAI does not use API inputs for training.
  • LMK (pricing partner). We query product prices and generate affiliate links through LMK. Your personal information is never shared with LMK.
  • Supabase. Our database and authentication infrastructure. Data is stored in the US.
  • SendGrid. Transactional email delivery.
  • Vercel. Hosting and edge delivery.

Affiliate disclosure

We earn commissions when you click a “Where to buy” link and make a purchase. This revenue never influences product scores. Scoring is computed algorithmically from ingredient safety data, certifications, and pricing before any links are generated. See our methodology page for details.

What we never do

  • Sell your personal data to third parties.
  • Share your data with brands or advertisers.
  • Use your data for cross-site ad targeting.
  • Display third-party advertisements.

Data retention

We retain your account data for as long as your account exists. Scan photos are retained for up to 90 days after processing, then deleted. You can delete your account and all associated data at any time from Settings.

Your rights

  • Access. Export all your data from Settings.
  • Deletion. Delete your account and all data from Settings. No support-ticket gauntlet.
  • Correction. Update your profile or flag incorrect product data at any time.
  • Portability. Your data is exportable in standard formats.

Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

Contact

Questions about this policy? Email us at privacy@inth.at.