Hair Explained - Personalized Hair Care, Coming Soon

Background

This Privacy Policy explains how Hair Explained INC ("we", "our", "us") processes your personal data when you access our website, mobile applications, or related digital services (together, the "Service").

This Policy is drafted to comply with:

EU General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA/CPRA)
U.S. privacy protection laws and FTC transparency principles
EU–US Data Privacy Framework (DPF) for cross-border transfers
Other applicable international privacy regulations.

1. Who We Are (Data Controller)

The controller responsible for your personal data is:

Hair Explained INC Address: 200 Winchester Circle G24, Los Gatos, CA 95032 Email: privacy@hairexplained.io

If you are located in the EU/EEA, you may additionally contact our EU Representative appointed pursuant to Articles 3(2) and 27 GDPR:

Hair Explained EU Representative Address: Rua Almirante Barroso 18, Apt 2, 1000-013 Lisbon, Portugal Email: privacy@hairexplained.io

2. What Data We Collect

We collect only the data necessary to operate and improve the Service. This includes:

2.1 Account Information

Your name (or nickname)
Email address
Credentials you use to sign up to the services

2.2 Payment Information

Your payment details to process subscription payments.

2.3 Hair Care Data You Provide

Hair Photos you upload (photos of your hair). We ask you not to upload your face or other identifiable details.
Hair care products you use if you provide bar-codes or other details of these products.
Hair-care questionnaire data: your answers to our questionnaire about hair habits and conditions, hair care routines, and other related information.

We do not use your data for medical or health-related purposes.

2.4 Technical and Usage Data

Automatically collected information:

Device and browser information
IP address (truncated or pseudonymized where possible)
Cookies and usage analytics
Interaction logs needed to maintain the Service, detect errors, and personalize content

We do not access Apple's Identifier for Advertisers (IDFA) or any advertising identifiers. We do not perform cross-app or cross-site tracking for advertising purposes.

More details are contained in our Cookie Policy.

2.5 No Intentional Collection of Sensitive or Health Data

The Service does not provide medical advice and does not intentionally collect health or biometric data. However, because hair photos may accidentally contain sensitive features, we obtain your explicit consent before processing images.

3. For What Purposes We Process Your Data

We use your data for the following purposes:

Account registration and authentication (your name or nickname, credentials, and email)
Analyzing hair photos and questionnaire responses, and generating personalized, non-medical hair-care recommendations (your hair care data)
Operating and improving AI/ML models used to provide the Service (usage data, pseudonymized hair care data)
Processing subscription payments (your payment details)
Providing customer and technical support, and other service-related communications (your name or nickname, your email)
Ensuring security, preventing fraud, and complying with legal obligations
Service analytics, performance monitoring, and product development (usage data)

4. Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. The basis for processing depends on the services you use and the jurisdiction you are in.

4.1 For Users in the European Union (EU) / European Economic Area (EEA), UK, and Switzerland

If you are located in the EEA, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

Performance of a Contract (Article 6(1)(b) GDPR): We process personal data such as your account details, payment information, and questionnaire responses because it is necessary to deliver the Service you have requested and to fulfill our contractual obligations to you.
Explicit Consent (Article 9(2)(a) GDPR): We process your uploaded hair photos, only after you provide your explicit consent because your hair photos may include elements of sensitive data which we do not intentionally collect or process in any manner. You can withdraw your consent at any time; however, doing so will prevent us from providing the core recommendation feature of our Service.
Legitimate Interests (Article 6(1)(f) GDPR): We process technical and usage data for our legitimate interests, which include ensuring the security and integrity of our platform, preventing fraud, troubleshooting technical issues, and improving our Service. We conduct a balancing test to ensure these interests do not override your rights and freedoms.

4.2 For Users in the United States

For users in the United States, we process your personal information for "business purposes" as defined by applicable U.S. privacy laws, including the California Privacy Rights Act (CPRA). These purposes include:

Operating and maintaining the Service;
Processing your payments and managing subscriptions;
Protecting against security incidents and preventing fraudulent activity;
Debugging to identify and repair errors that impair functionality;
Conducting internal research to improve our Service;
Complying with our legal and regulatory obligations.

In accordance with the CPRA, we do not "sell" your personal information or "share" it for cross-context behavioral advertising.

4.3 Other Jurisdictions

For all users, we process personal data based on your informed consent when you agree to our Terms of Service and this Privacy Policy. This consent allows us to provide the Service, maintain platform security, and comply with legal requirements. We are committed to upholding recognized global privacy standards and respecting your rights, as well as our rights and those of other users and our partners.

5. Use of AI & Machine Learning

The recommendations are primarily generated by our proprietary, science-based Hair-Care Recommendation System. We use automated processing, including artificial intelligence (AI) and machine learning (ML) models, to analyze your data and generate personalized recommendations. This means that:

Your data (including pseudonymized hair photos and questionnaire responses) is analyzed by algorithms to generate personal hair care recommendations
Results are automatically generated
Qualified personnel may review samples of inputs and outputs for quality assurance, safety, and model improvement, but do not manually review every individual recommendation.

Where available, you may disable history storage in your account settings. This will prevent us from using your past interactions to refine recommendations or auto-fill questionnaires, though data processing for the current service will continue.

We do not use automated individual decision-making for profiling that produces legal or similarly significant effects on you. Our AI/ML processing is used solely to provide the Service. Where required by applicable law (e.g., GDPR, CPRA), we provide your right to request human review.

We share your personal data only with trusted service providers necessary to operate and improve the Service. These providers act as data processors under our instruction and are bound by contractual obligations to protect your data and limit its use.

Categories of Recipients:

AI/ML Providers: OpenAI (USA) and similar providers process pseudonymized data as a step of the workflow of recommendation generating.
Cloud Hosting Providers: Secure storage and infrastructure services.
Analytics Tools: PostHog (US cloud) — usage and performance analytics (usage data only, no photos, no advertising identifiers).
Payment Processors: Secure payment and subscription management.
Customer Support Tools: To respond to your inquiries and resolve issues.
Professional Consultants: Legal advisors, auditors, and privacy consultants who assist us with compliance, security assessments, and business operations.
Affiliates: Corporate affiliates and subsidiaries that support our business operations under the same data protection standards.

All service providers, consultants, and affiliates are contractually required to comply with applicable data protection laws (including GDPR and CPRA), implement appropriate security measures, and process data only as instructed by us.

7. International Data Transfers

If you are a resident of the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK), please be advised that your Personal Data may be transferred to, stored in, and processed in the United States. We take reasonable efforts to ensure that your Personal Data receives an adequate level of protection, and implement one or more of the following:

EU Standard Contractual Clauses (SCCs)
EU–US Data Privacy Framework (DPF) certifications (when applicable)
Additional safeguards, including pseudonymization, encryption, and strict access controls

8. How We Protect Your Data

We use industry-standard technical and organizational security measures, including:

Encryption in transit and at rest
Access control restrictions
Regular security audits
Secure pseudonymization of user-uploaded images and other hair care data
Data isolation measures for AI processing
Logging and monitoring for abnormal behavior

9. Data Retention

We keep personal data only as long as necessary for the purposes described in this Policy:

Account data — until your account is deleted or terminated
Hair photos & questionnaire data — until your subscription expires or is terminated
Payment identifiers — retained for the period required by applicable financial, tax, and anti-money laundering regulations
Technical logs — retained for limited, reasonable periods for security and performance purposes

Following the expiration of the applicable retention period, or upon a valid request for erasure or withdrawal of consent, we will securely erase or irreversibly anonymize your Personal Data, unless a longer retention period is required or permitted by law (e.g., for the establishment, exercise, or defense of legal claims).

10. Your Rights

10.1 Rights of All Users

You may contact us at privacy@hairexplained.io to:

Request access to your data
Request deletion of your data
Request correction of inaccurate data
Ask questions about our privacy practices
Withdraw consent (for image processing)

Under the GDPR, you also have the right to:

Data portability
Restrict processing
Object to certain processing activities
Lodge a complaint with your local Data Protection Authority
Contact our EU Representative for inquiries

10.3 Rights for California Residents

Under CCPA/CPRA, California residents may:

Request to know what personal information is collected
Request deletion or correction of personal information
Request information about automated decision-making
Opt out of "sale" or "sharing" of personal information (we do not sell or share data)
Exercise rights without discrimination

Instructions are provided in the "How to Exercise Your Rights" section.

11. Children and Minors

The Service is intended only for individuals 18 years or older. We do not knowingly collect personal data from individuals under 18. If you believe data was collected from a minor, contact us immediately at privacy@hairexplained.io.

12. How to Exercise Your Rights

12.1 Submitting a Request

You may submit any privacy request by emailing: privacy@hairexplained.io

We may need to verify your identity before fulfilling your request to protect your personal data from unauthorized access. Requests will be handled within the timeframe required by applicable law (typically up to 30 days, with possible extensions if your request is complex).

12.2 EU Representative (For EU/EEA Residents)

If you are located in the European Union or European Economic Area, you may also contact our designated EU Representative regarding any matters related to the processing of your personal data:

EU GDPR Representative: Hair Explained EU Representative Rua Almirante Barroso 18, Apt 2, 1000-013 Lisbon, Portugal Email: privacy@hairexplained.io

Our EU Representative acts on our behalf to address data protection inquiries.

12.3 Right to Lodge a Complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority:

For EU/EEA Residents: You may contact your local supervisory authority. A full list of EU data protection authorities is available at: European Data Protection Board
For UK Residents: Information Commissioner's Office (ICO)
For California Residents: California Privacy Protection Agency (CPPA)

Lodging a complaint with a supervisory authority does not affect any other legal remedies you may have.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes significantly affect your rights or the way we process data, we will notify you (e.g., via email or in-app notice). The "Last Updated" date at the top of this document indicates when it was last revised.

14. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact:

Hair Explained INC Email: privacy@hairexplained.io Address: 200 Winchester Circle G24, Los Gatos, CA 95032

If located in the EU/EEA, you may also reach our EU Representative: Hair Explained EU Representative, Rua Almirante Barroso 18, Apt 2, 1000-013 Lisbon, Portugal — privacy@hairexplained.io

This site uses cookies to perform analytics and improve your online experience