Privacy Policy

How HairCheck collects, uses, and protects your information.

Effective date: 17 May 2026
Last updated: 21 May 2026
Contents
  1. Who we are (Data Controller)
  2. What information we collect
  3. How we use your information
  4. Legal basis for processing (GDPR)
  5. Service providers & subprocessors
  6. Data retention
  7. International data transfers
  8. Data security
  9. Your rights
  10. Children's privacy
  11. Changes to this policy
  12. Contact

1. Who we are

HairCheck (the "App") is provided by:

Operator (Data Controller under Art. 4(7) GDPR)
Emil Arnold (sole proprietor)
Igoumenitsas 5
6037 Larnaca
Cyprus
Email: emilio.arnold99@gmail.com

We are responsible for the processing of personal data described in this Privacy Policy. References to "we", "us" or "our" mean the operator above.

2. What information we collect

We collect only the data necessary to provide the App's features. We do not require you to create an account, and we do not collect your name, address, phone number, or other contact details unless you choose to email us.

2.1 Photos you capture or upload

When you use a scan, before/after, or analysis feature, you capture or select a photo using your device. That photo may show your face, forehead, hairline, temples, scalp, crown, and hair. The photo is transmitted to our backend and to our AI processing provider (see Section 5) to generate scores, projections, and recommendations.

2.2 Face data / photos containing your face and hairline

Some scan photos may include your face, forehead, hairline, temples, scalp, and other visible facial or head features ("face data"). We do not collect face geometry, face maps, biometric templates, Face ID data, facial recognition identifiers, or data used to identify or authenticate you. We do not use face data for facial recognition, identity verification, advertising, or profiling across apps or websites.

We use photos that may contain face data only to provide the App's requested features: hairline and scalp analysis, scan scores, before/after visual projections, scan history, and personalised informational routine recommendations.

2.3 Hair and scalp profile data

Information you enter such as age range, gender, hair type, perceived concerns, and routine answers. This data informs analysis and recommendations.

2.4 Generated analysis results

AI‑generated scores (e.g., density, recession, overall hair score), AI‑generated before/after images, and recommended routines that are produced from your inputs.

2.5 Device and technical information

An anonymous device identifier (generated locally by the App), device model, iOS version, App version, language/region, crash and error logs, and basic request metadata (timestamps, IP address as received by our hosting provider).

2.6 Subscription and purchase information

If you purchase a subscription, our payments partner RevenueCat (see Section 5) receives a pseudonymous identifier and your Apple transaction receipt in order to verify your subscription status. We do not receive your credit card details, your Apple ID, your name, or your billing address — these remain with Apple.

2.7 Information you provide directly

If you email us for support, we receive the contents of your message and your email address.

2.8 What we do not collect

3. How we use your information

PurposeData used
Generate hair analysis scoresPhotos, including photos that may contain face data, profile data
Generate AI before/after projectionsPhotos, including photos that may contain face data, profile data
Provide personalised routine recommendationsProfile data, analysis results
Save your scan history and progress over timeAnalysis results, anonymous device ID
Manage and validate your subscriptionAnonymous purchase token (via RevenueCat)
Diagnose crashes and improve reliabilityError logs, device/OS info
Respond to your support requestsEmail content, email address
Comply with legal obligationsAs required by applicable law

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under Art. 6 GDPR:

5. Service providers & subprocessors

To operate the App we rely on a small number of third‑party processors. They process data on our behalf and only for the purposes described below.

ProviderPurposeData processedRegion
OpenAI, L.L.C. (USA) AI vision analysis (GPT‑4o) and AI image generation (GPT Image) Photos you submit, including photos that may contain face data, hair profile inputs USA
Railway Corporation (USA) Backend application hosting and request processing Photos, including photos that may contain face data, requests, error logs USA / Singapore
RevenueCat, Inc. (USA) Subscription validation and management (App Store receipt verification) Pseudonymous subscription identifier, Apple receipt USA
Apple Inc. (USA) App distribution, in‑app purchases, crash reporting (if enabled by you) Per Apple's privacy policy USA / EU

According to OpenAI's enterprise data policy, data submitted via its API is not used to train OpenAI's models. We do not enable any opt‑in data sharing features.

6. Data retention

We retain your data only for as long as necessary to provide the App's features:

You may request earlier deletion at any time (see Section 9).

7. International data transfers

Because our subprocessors (OpenAI, Railway, RevenueCat, Apple) are based in the United States and may process data in the United States, Singapore, or other regions, your personal data may be transferred outside the European Economic Area.

Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) and on data protection frameworks adopted by the relevant providers (e.g. the EU‑U.S. Data Privacy Framework) as the legal basis for such transfers.

8. Data security

We use industry‑standard technical and organisational measures to protect your data, including HTTPS/TLS encryption for all data in transit, access controls on our backend, and minimum‑privilege credentials for subprocessor access. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Your rights

If you are in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

If you are in California, you have similar rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross‑context behavioural advertising.

How to delete your data: Because HairCheck does not require account creation, the simplest way to delete locally stored data is to uninstall the App. To delete photos and analysis results stored on our backend, email emilio.arnold99@gmail.com with the subject "Data Deletion Request" from any device. We will confirm and complete the deletion within 30 days at no cost.

10. Children's privacy

HairCheck is not directed to children. You must be at least 13 years old (or 16 years old in the EEA) to use the App. We do not knowingly collect personal data from children below these ages. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be highlighted in the App and/or on this page. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

12. Contact

Privacy & Data Protection
emilio.arnold99@gmail.com
Operator
Emil Arnold, Igoumenitsas 5, 6037 Larnaca, Cyprus