Privacy Policy

Last updated: April 24, 2026

1. Introduction

SalonReady AI ("we," "our," or "us") operates the SalonReady AI mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Photos You Provide

When you use SalonReady AI, you may provide:

• Selfies — captured directly with your device camera or selected from your photo library, used for face-shape analysis and AI hairstyle preview generation.
• Inspiration hairstyle images — selected from your photo library, used as style references for AI preview generation.

How we collect these photos: via your device camera (requires camera permission) or your photo library (requires photo library permission). You grant these permissions through the standard iOS permission prompts; you can revoke them at any time in iOS Settings.

Your original photos are transmitted over HTTPS to our servers for AI processing and are not retained on our servers after analysis is complete. Only the AI-generated result images are saved for your Look history (see Section 6).

2.2 Onboarding Preferences

During onboarding, you provide the following information via the in-app onboarding form:

• Gender preference (to tailor hairstyle recommendations)
• Current hair length
• Hair type and texture
• Styling goals and target style preferences

2.3 Purchase Information

If you make in-app purchases, we receive transaction information from Apple and our payment processor (RevenueCat). We do not directly collect or store your credit card or payment details.

2.4 Device and Usage Data

We may automatically collect:

• Device type and operating system version
• Anonymous usage analytics (features used, session duration)
• Crash reports and performance data
• A unique anonymous device identifier

3. How We Use Your Information

We use the information we collect to:

• Provide our core service: Analyze your facial features and generate personalized hairstyle recommendations and previews
• Improve the App: Understand how users interact with features to improve user experience
• Process transactions: Manage subscriptions, credits, and in-app purchases
• Provide support: Respond to your requests and troubleshoot issues
• Ensure security: Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate the App. Where a service processes your photos or personal data, we have data-processing agreements in place that require them to protect your data to a standard equivalent to our own — including prohibitions on using your data to train their AI models.

• Google LLC (Gemini API) — Powers our AI face-shape analysis, hairstyle recommendations, and AI hairstyle preview generation. Your photos are sent to Google's Gemini API. Google's API terms prohibit use of API data for model training and provide equal data-protection safeguards. Gemini API Terms · Gemini Data Use & Privacy · Google Privacy Policy
• OpenAI, LLC — Used for AI hairstyle analysis and preview generation. Your photos may be sent to OpenAI's API. OpenAI's API usage policies prohibit use of API inputs to train their models. OpenAI Usage Policies · OpenAI Privacy Policy
• Replicate, Inc. — Fallback image-generation models for AI hairstyle preview images. Your photos may be sent to Replicate's API. Replicate Privacy Policy
• Supabase, Inc. — Provides secure backend infrastructure including database and file storage (hosted on AWS us-east-1, Virginia, USA). Supabase Privacy Policy
• RevenueCat, Inc. — Manages in-app subscriptions and purchases. RevenueCat Privacy Policy
• Apple Inc. — Processes in-app purchases through the App Store. Apple Privacy Policy

These third-party service providers have their own privacy policies. We encourage you to review them to understand how they handle your data.

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS (TLS encryption)
• Photos are stored in private, access-controlled storage buckets
• API access is protected by authentication keys
• We do not sell your personal data to any third party

6. Data Retention

We retain your data as follows:

• Original uploaded photos (selfies & inspiration images): Not persistently stored. Your original photos are transmitted to our servers solely to perform AI analysis and generation. They are discarded from our servers once processing is complete and are never written to long-term storage.
• Generated preview images ("My Looks"): Stored in Supabase Storage (private generated-looks bucket) so you can revisit your Look history. These are retained until you delete them or request full data deletion.
• Onboarding preferences & analysis results: Stored in our database until you choose to delete them or request account deletion.
• Device identifier & usage analytics: Retained for the duration your app installation is active, or until you request deletion.

You can permanently delete all your data — including generated images and preferences — at any time from Settings → Delete My Data inside the App. Deletion is immediate on our infrastructure.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Delete all your data instantly via Settings → Delete My Data in the App, or by contacting us
• Withdraw consent at any time by revoking camera/photo-library permissions in iOS Settings or by deleting your data through the App — withdrawal does not affect the lawfulness of prior processing
• Opt out of optional data collection (analytics)
• Request a copy of your data in a portable format

To exercise any of these rights, contact us at support@hairmatchai.com.

8. Legal Basis for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR) and the UK GDPR:

• Consent (Art. 6(1)(a)): When you upload photos for analysis. You may withdraw your consent at any time by deleting your data through the App or contacting us.
• Performance of a Contract (Art. 6(1)(b)): To provide our core service (AI hairstyle analysis and preview generation), process in-app purchases, and manage your account.
• Legitimate Interests (Art. 6(1)(f)): For anonymous device identification (fraud prevention and account management), App improvement, and security. We balance our interests against your rights and freedoms.

9. Your Rights Under GDPR (EEA/UK Residents)

If you are located in the EEA or UK, you have the following additional rights under the GDPR:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate personal data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). You can also delete your data directly through the App's Settings.
• Right to Restriction of Processing (Art. 18): Request that we limit how we use your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint (Art. 77): You have the right to file a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@hairmatchai.com. We will respond within 30 days.

10. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete: You can request that we delete your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell or share your personal information as defined by the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.

Categories of personal information collected in the past 12 months:

• Identifiers (anonymous device ID)
• Photos you upload for analysis
• Commercial information (purchase history through the App Store)
• Internet or electronic network activity (usage analytics, if enabled)

To exercise your rights, contact us at support@hairmatchai.com or use the in-app data deletion feature.

11. Children's Privacy

SalonReady AI is not intended for children under the age of 13 (or 16 in certain jurisdictions, including some EU member states and South Korea). We do not knowingly collect personal information from children under the applicable minimum age. If we discover that a child under the minimum age has provided us with personal information, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at support@hairmatchai.com.

12. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. These transfers are necessary to provide our service and are made using the following safeguards:

• Standard Contractual Clauses (SCCs): Where required, we rely on European Commission-approved Standard Contractual Clauses as the legal mechanism for data transfers from the EEA/UK to third countries.
• Data Processing Agreements: We enter into data processing agreements with our third-party service providers that include appropriate data protection obligations.

Our primary data infrastructure is hosted by Supabase on AWS in the United States (us-east-1, Virginia). AI processing is performed by Google LLC (United States, Gemini API), OpenAI LLC (United States), and Replicate Inc. (United States). Payment processing is handled by RevenueCat and Apple.

13. Face Data

SalonReady AI processes images of your face to provide hairstyle analysis and AI preview generation. Because face data is sensitive, we want to be explicit about what we do and do not do with it.

13.1 What face data we collect

• On-device face detection (not transmitted): Before any upload, the App uses Apple's on-device Vision framework (VNDetectFaceLandmarksRequest) solely to verify that your photo contains a single, well-lit, front-facing face. The facial landmark points, bounding box, and head-pose angles (yaw, roll) produced by Vision stay on your device and are never sent to our servers. This is a quality gate only.
• Server-side processing: The photo itself (a standard JPEG image of your face) is uploaded over HTTPS to our servers so our AI can classify your face shape (e.g., oval, round, square, heart) and generate AI hairstyle preview images on your own photo. We do not create, derive, or store face templates, face embeddings, facial recognition vectors, or any other biometric identifier that could be used to recognize or identify a specific individual.

13.2 How face data is used

• To determine a general face-shape category and facial proportions the AI uses to recommend suitable hairstyles.
• To generate AI hairstyle preview images that show you how a given haircut might look on you.
• Face data is never used for identity verification, authentication, device unlocking, advertising, profiling, or any purpose unrelated to hairstyle analysis.

13.3 Sharing of face data

To deliver the service, your uploaded photo is transmitted to the following third-party AI sub-processors. Each provider operates under contractual data-protection obligations — including prohibitions on using your data for their own model training — that provide a level of protection equivalent to our own:

• Google LLC — Gemini API, for face-shape analysis and hairstyle preview generation. (Gemini API Terms · Data Use & Privacy)
• OpenAI, LLC — for hairstyle analysis and preview generation. (OpenAI Usage Policies · OpenAI Privacy Policy)
• Replicate, Inc. — image-generation models, used as a fallback for AI hairstyle previews. (Replicate Privacy Policy)
• Supabase, Inc. — private cloud storage and backend infrastructure, hosted on AWS us-east-1 (Virginia, USA). (Supabase Privacy Policy)

We do not sell, rent, or share face data with any third party for advertising purposes. We do not use face data to train AI models.

13.4 Retention of face data

• Original uploaded selfies are not persistently stored. After your photo is transmitted over HTTPS to our servers, it is used solely to perform AI analysis and generation, then discarded. It is never written to long-term storage.
• Generated previews are stored in the private generated-looks Supabase Storage bucket, associated with your anonymous device identifier, so you can revisit your Look history.
• You can permanently delete all your generated previews and preferences at any time from Settings → Delete My Data inside the App. Deletion is immediate on our infrastructure.
• On the AI-provider side, inference inputs are retained only for the short operational windows described in Google's, OpenAI's, and Replicate's API terms (typically up to 30 days, for abuse monitoring) and are not used to train their models.

13.5 Your controls

You can revoke camera and photo-library permissions at any time in iOS Settings. You can also delete all face data associated with you via Settings → Delete My Data in the App, or by emailing support@hairmatchai.com.

14. AI-Specific Disclosures

SalonReady AI uses artificial intelligence to analyze facial features and generate hairstyle preview images. In compliance with Apple App Store requirements, we explicitly disclose the following about our use of third-party AI services:

• Third-party AI services used: Your photos and preferences are sent to Google LLC (Gemini API), OpenAI, LLC, and Replicate, Inc. to perform facial analysis and generate hairstyle preview images.
• Equal protection: All three AI providers operate under data-processing terms that provide a level of data protection equivalent to our own, including prohibitions on using API inputs to train their models. See Section 4 and Section 13.3 for links to each provider's data-use policies.
• No model training on your data: We do not use your photos to train AI models. Our API agreements with all AI providers prohibit the use of API data for model training.
• AI-generated preview images are clearly labeled as "AI Generated" within the App.
• AI analysis results are approximations and should not be considered professional advice.

15. Data Controller

SalonReady AI is the data controller for the personal data processed through the App. For any data protection inquiries:

• Email: support@hairmatchai.com
• Website: https://hairmatchai.com

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. For material changes affecting EEA/UK users, we will provide notice through the App. Continued use of the App after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: support@hairmatchai.com
• Website: https://hairmatchai.com