Privacy Policy

1. Introduction

This Privacy Policy describes how Hairmage ("we," "us," or "our") collects, uses, stores, shares, and protects information when you use the Hairmage mobile application and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create a Hairmage account, we collect:

• Name and display name
• Email address
• Profile photo (if provided via Google or Apple Sign-In)
• Authentication credentials (managed securely through Firebase Authentication)
• Subscription status and plan details

2.2 Salon & Business Data

To provide our salon management services, we store information you enter, including:

• Salon name and business details
• Working hours and schedule configuration
• Services offered and pricing information
• Staff member information (names, roles, commission rates)
• Revenue and financial data you enter into the system

2.3 Client Data (Entered by You)

Client data you may enter includes:

• Client names and phone numbers
• Visit history and service records
• Color recommendation history and formulas used
• Notes and preferences
• Image-based color detection results (e.g., detected level/undertone)
• Blacklist status

2.4 Photos & Images

When you use image-based color detection features:

• Photos are captured via camera or selected from your device's photo library.
• Hairmage does not store or retain uploaded photos. Photos are used only for real-time color detection and are discarded by Hairmage after processing. For image-based color detection, the legal basis for processing client photographs is the salon professional's legitimate interest or explicit client consent, depending on applicable law.
• Photos may be transmitted to third-party AI providers (e.g., OpenAI) solely to detect hair color; their processing is subject to the provider's terms and privacy practices. We do not intentionally use or permit the use of photos for model training, marketing, or any purpose other than detecting hair color.

2.5 Usage & Technical Data

We collect limited technical and usage data to operate and improve the Service:

• Feature usage counts (e.g., number of color recommendations used) for subscription management and abuse prevention
• Device type and operating system (for compatibility and support)
• App version information
• Crash reports and error logs (to improve stability)
• Subscription and billing events (managed through RevenueCat)

Note: Hairmage does not use third-party analytics SDKs (such as Google Analytics or Facebook SDK) for tracking or advertising purposes.

3. How We Use Your Information

We do not use your data for targeted advertising, behavioral profiling, or selling to third parties.

4. Third-Party Services & Data Sharing

Service Providers

We use the following third-party services to operate Hairmage. Each provider receives data necessary to perform its function:

• Firebase (Google Cloud): Authentication, cloud database (Firestore), and backend functions. Your account data and salon data are stored in Firebase. Firebase Privacy Policy
• OpenAI: Photos may be transmitted to OpenAI solely for the purpose of detecting hair color. Hairmage does not store or retain uploaded photos. Processing by OpenAI is subject to their applicable terms and privacy practices. OpenAI Privacy Policy
• RevenueCat: Subscription management and billing processing. Receives subscription-related data only. RevenueCat Privacy Policy
• Apple App Store / Google Play Store: Payment processing for subscriptions. We do not directly access or store your payment card information.
• SendGrid / EmailJS / Email Services: Used for sending transactional emails (e.g., account-related communications). Receives the data necessary to send emails (such as email address and message content).

Other Disclosure

We may disclose your information only in these specific circumstances:

• Legal Requirements: When required by law, court order, subpoena, or government request
• Safety: To protect the rights, property, or safety of Hairmage, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)
• With Your Consent: When you explicitly authorize specific data sharing

5. Data Storage & Security

We implement reasonable security measures to protect your data:

• Data is transmitted using encrypted connections (TLS/SSL)
• Cloud data is stored in Google Cloud / Firebase infrastructure with industry-standard safeguards (including access controls and encryption where supported by the provider).
• Local data on your device is stored using Hive encrypted storage for offline access
• Authentication is managed through Firebase Authentication with support for Google Sign-In, Apple Sign-In, and email/password
• Access to salon data is restricted by user roles (owner, admin, editor, viewer) and business isolation
• Abuse prevention and rate limiting protect against unauthorized access

6. Data Retention

We retain your data as follows:

• Account Data: Retained for as long as your account is active. Deleted upon account deletion request (within 30 days).
• Salon & Client Data: Retained for as long as your account is active or until you delete specific records.
• Photos for Image-Based Color Detection: Not stored or retained by Hairmage. Photos are processed in real-time and discarded after color detection is complete.
• Usage & Technical Data: Retained for the purpose of subscription management and abuse prevention for the duration of your account.
• Billing Records: Managed by Apple App Store, Google Play Store, and RevenueCat in accordance with their respective retention policies and legal requirements.

Deleted data may persist in backups for a limited period. We may retain certain information where required by law.

7. Your Privacy Rights

To exercise any of these rights, contact us at support@hairmageapp.com. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests. If required, we can provide a Data Processing Addendum (DPA) upon request.

8. For Users in the EEA/UK (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the following additional provisions apply:

• Legal Bases: We process your data based on: (a) your consent; (b) the necessity to perform our contract with you (providing the Service); (c) our legitimate interests (improving the Service, preventing abuse); and (d) compliance with legal obligations.
• International Transfers: Your data may be transferred to and processed in the United States and other countries where our service providers operate. When data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable law.
• Privacy Contact: For GDPR-related inquiries, contact us at support@hairmageapp.com.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.

9. For California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected
• Right to Delete: You may request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• No Sale of Data: We do not sell personal information as defined under the CCPA
• Authorized Agent: You may use an authorized agent to submit a request on your behalf, where permitted by law

10. International Availability & Cross-Border Transfers

Hairmage is available only in the countries and regions where we officially offer the Service (as determined by App Store and Google Play availability). By using the Service, you acknowledge that:

• You are responsible for ensuring that your use of the Service complies with all applicable local laws and regulations in your jurisdiction.
• Your data may be processed in countries other than your own, including the United States and other locations where our service providers (cloud, AI, billing) operate.
• If you access the Service from outside a supported region, the Service is provided "as-is" and certain features may be limited or unavailable.

For users in the EEA/UK, cross-border transfer safeguards are described in Section 8 above.

11. Country-Specific Rights

Your privacy rights and obligations may vary depending on your location. Where mandatory local data protection or consumer protection law applies, it takes precedence over conflicting provisions of this Privacy Policy. We encourage you to review any country-specific guidance provided in Sections 8 and 9 above, or to contact us if you have questions about your rights in your jurisdiction.

12. Children's Privacy

Hairmage is a professional tool intended for licensed adults only. The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete such information. If you believe a child has provided personal information to us, please contact us at support@hairmageapp.com.

13. Camera & Photo Library Permissions

Hairmage requests access to your device's camera and photo library for the following purposes only:

• Camera: To capture photos of hair for image-based color detection
• Photo Library: To select existing photos for image-based color detection

These permissions are optional and can be revoked at any time through your device settings. The app will function without these permissions, but image-based color detection features will be unavailable. Photos are used exclusively for detecting hair color and are not stored or retained by Hairmage, shared with other users, or used for any other purpose.

14. Local Data Storage

Hairmage stores data locally on your device to enable offline functionality. This includes client information, appointments, services, and other salon data. Local data is synchronized with our cloud servers when an internet connection is available. If you uninstall the application, local data will be removed from your device. Cloud data remains accessible if you reinstall the app and sign in to the same account.

15. Third-Party Links & Services

The Service may contain references or links to third-party websites, products, or services. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party service before providing your information.

16. Cookies & Tracking Technologies

Website: Hairmage's website may use cookies or similar technologies to provide core functionality and security, remember preferences, and improve performance. Where required by applicable law (e.g., in the EEA/UK), optional cookies (analytics/marketing) will only be used after you provide consent.

Mobile App: The Hairmage mobile app does not use browser cookies. It may use device identifiers or local storage strictly for functionality and security (e.g., keeping you signed in, managing subscription status).

• Essential cookies: We may use strictly necessary cookies required to operate the website and Service (e.g., security, session management, load balancing, and fraud prevention). These are used only as needed for core functionality.
• Optional cookies (analytics/marketing): From time to time, we may use analytics or marketing cookies to understand usage and improve our website and communications. Where required by applicable law (including in the EEA/UK), these optional cookies will be used only after you provide consent through a cookie banner or settings.
• Managing your choices: You can manage or withdraw your consent at any time using the cookie settings (where available) and/or your browser/device settings. You can also delete cookies via your browser settings. Disabling cookies may affect certain website features.

Some browsers offer a "Do Not Track" (DNT) signal. Hairmage does not currently respond uniformly to DNT signals, as there is no industry-wide standard for compliance. Third-party services embedded on our website may set their own cookies or similar technologies, subject to their own policies. If we publish a separate Cookie Policy, it will form part of this Privacy Policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email, through the Hairmage app, or by posting the updated policy on our website, at least 30 days before they take effect. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

18. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about your data, contact us: