Privacy
Privacy Policy
This policy explains which personal data Scenthyra processes, why it is needed, and the choices available to you.
Last updated 28 June 2026
1. Controller and contact
The person responsible for deciding how personal data is processed through Scenthyra is:
Vladimir Donskoi
contact@scenthyra.comThe corresponding service information is available in the Legal Notice.
2. Data we process
The exact data depends on how you use Scenthyra. It may include:
- Technical access data: IP address, request time, requested page, referrer, browser, device, operating-system, and error or security information generated by the server and hosting infrastructure.
- Account and authentication data: email address, optional name and profile image, a password hash for password-based accounts, verification and password-reset tokens, session information, and OAuth account identifiers or tokens when you choose an external sign-in provider.
- Fragrance and profile data: perfumes in your collection, liked and disliked perfumes or notes, most-worn perfume, and optional profile answers such as mood, style, self-image, intensity, occasions, climate, sensitivities, gender expression, ethnicity, or worldview.
- Guide and settings data: guide prompts, generated options and reasoning, selected or discarded options, session history, composer drafts, timezone, and guide preferences.
- Communications: email address and message content when you contact us, request email verification, or reset a password.
Profile fields are optional unless the interface states otherwise. Please do not include unrelated sensitive personal information in free-text guide prompts.
3. Purposes and legal bases
We process personal data only where it is needed for the following purposes:
- To create and secure accounts, authenticate users, save collections and profiles, generate guide options, rank recommendations, and provide requested features. The legal basis is generally performance of the user relationship or steps requested before it under Article 6(1)(b) GDPR.
- To operate, troubleshoot, protect, and improve the service, prevent misuse, and maintain reliable technical systems. The legal basis is our legitimate interest under Article 6(1)(f) GDPR.
- Where processing relies on consent, the legal basis is Article 6(1)(a) GDPR. Where voluntarily supplied data constitutes special-category data, Article 9 GDPR may also apply. Consent can be withdrawn for future processing at any time.
- To comply with legal duties under Article 6(1)(c) GDPR when applicable.
4. AI-assisted perfume guidance
When you use the Layering Guide, Scenthyra sends your current request together with relevant collection data, perfume names and notes, and available profile context to OpenAI. OpenAI processes this information to return layering options and reasoning. Scenthyra then stores the request, generated result, and session state so that you can review and refine it.
OpenAI states that API inputs and outputs are not used to train its models by default unless the API customer opts in. OpenAI also documents that default abuse-monitoring logs may contain prompts and responses and may be retained for up to 30 days, unless a longer period is legally required.
You can review OpenAI's current API data controls. AI-generated suggestions and note-based recommendation scores are advisory. They do not produce legal or similarly significant effects about you.
5. Service providers and recipients
Personal data is shared only where necessary to operate a feature or meet a legal obligation:
- Hosting, database, and infrastructure providers process technical and stored application data.
- OpenAI processes the guide context described above when you request AI-assisted guidance.
- Resend processes your email address and email delivery data when verification or password-reset emails are enabled and sent. See the Resend Privacy Policy.
- If you select an external sign-in method, GitHub, Google, or LinkedIn processes the authentication request under its own privacy terms. Scenthyra receives the account information permitted by that provider and your settings.
- Authorities or professional advisers may receive data where disclosure is legally required.
The current application does not integrate advertising networks, affiliate tracking, payment processors, or behavioral analytics services.
6. Cookies and browser storage
Scenthyra uses storage needed to provide the service:
- Essential authentication cookies keep you signed in and protect account sessions.
- An invitation cookie may preserve an invitation while you complete authentication.
- Local browser storage remembers the selected visual theme.
- Session storage can retain an email address and optional name while moving between authentication forms.
These mechanisms support requested functionality. The current application does not set advertising cookies. Blocking essential cookies may prevent authentication from working.
7. Retention and deletion
Account, profile, collection, settings, and guide-session data is generally retained while your account remains active so that the service can provide saved and personalized features. You can delete your account from the Settings page; related application records are then deleted through the account-deletion process.
Session, verification, and password-reset data expires or is removed when it is no longer required. Technical logs and provider-side records may be kept for limited security, troubleshooting, contractual, or legal periods. Data may remain temporarily in protected backups until their normal rotation completes.
8. International data transfers
Some service providers, including OpenAI, Resend, and optional OAuth providers, may process data outside the European Economic Area. Where required, transfers are based on an adequacy decision, approved contractual safeguards, or another lawful transfer mechanism. Provider privacy notices contain further information about their locations and safeguards.
9. Your data-protection rights
Subject to the conditions in applicable law, you may have the right to:
- request access to and a copy of your personal data;
- correct inaccurate or incomplete data;
- request deletion or restriction of processing;
- receive data you provided in a portable format;
- object to processing based on legitimate interests;
- withdraw consent at any time for future processing; and
- complain to a competent data-protection supervisory authority.
To exercise a right, email contact@scenthyra.com. We may need to verify your identity before responding.
10. Security, changes, and contact
Scenthyra uses safeguards such as encrypted transport, hashed passwords, authenticated access controls, and restricted server-side credentials. No internet transmission or storage system can be guaranteed to be completely secure.
We may update this policy when the service, providers, or legal requirements change. The date at the top shows the latest revision. Questions or privacy requests can be sent to contact@scenthyra.com.