Privacy Policy

2. General Information

The protection of your personal data is very important to us. This Privacy Policy informs you about the processing of your personal data when using our "Hairu" app and about your rights under the GDPR.

Personal data means any information relating to an identified or identifiable natural person.

3. Data Processing When Using the App

3.1 Registration and Authentication

Processed Data:

• Email address
• Password (encrypted)
• Username (optional)
• Registration timestamp
• Login activities

Purpose of Processing:

• Provision and management of your user account
• Authentication and access control
• Communication with you
• Prevention of abuse

Legal Basis:

• Art. 6(1)(b) GDPR (contract performance)
• Art. 6(1)(f) GDPR (legitimate interest in preventing abuse)

Storage Duration: Until deletion of your account or expiration of legal retention periods.

Third-Party Providers:

We use Clerk for authentication services. Clerk processes your authentication data on our behalf. More information: https://clerk.com/privacy

3.2 Image Processing

Processed Data:

• Photos/images uploaded by you
• Text inputs for hairstyle wishes
• Generated preview images
• Metadata (upload timestamp, image format, etc.)

Purpose of Processing:

• Generation of hairstyle preview images using AI technology
• Provision of core app functionality
• Improvement of image quality and accuracy

Legal Basis:

• Art. 6(1)(b) GDPR (contract performance)
• Art. 6(1)(a) GDPR (consent upon upload)

Technical Processing: Image processing is performed by advanced AI models. Your images are processed exclusively for the purpose of generating your desired hairstyle preview images.

Storage Location: Images are stored in Cloudflare R2 Storage. Cloudflare acts as our data processor pursuant to Art. 28 GDPR. Servers are located in the EU.

Storage Duration:

• Uploaded original images: 90 days or until deleted by you
• Generated images: As long as you are a member or until deleted by you
• After account deletion: Automatic deletion within 30 days

3.2.1 Analysis of Facial Features for Hairstyle Recommendations

When you upload a photo to the app, it may contain visible facial features. These images are analyzed by AI technology to estimate general characteristics such as face shape, proportions, and hair-related attributes in order to recommend suitable hairstyles and generate preview images.

This processing:

• does not perform facial recognition
• does not identify individuals
• does not create biometric identifiers or facial templates
• does not compare faces against identity databases
• is used solely to provide hairstyle recommendations and preview images requested by the user

Images are processed only for the duration necessary to generate results and to provide the user with access to their generated content.

3.2.2 Processing by External AI Providers

To generate hairstyle previews and recommendations, uploaded images may be securely transmitted to external AI service providers acting as data processors on our behalf.

These providers:

• process images only to generate the requested output
• do not use the images for advertising
• do not use the images to identify users
• do not train their AI models on the images
• are contractually required to protect the data

Images are transmitted via encrypted connections and processed only for the time necessary to generate the requested result.

4. Analytics and Marketing

To continuously improve our app and measure the success of our advertising campaigns, we use analytics and marketing tools. These are only active if you have given us your explicit consent (e.g., via the app tracking dialog of your operating system).

AppsFlyer (Attribution and Analytics)

We use the service AppsFlyer (AppsFlyer Ltd.) to obtain statistical evaluations about app installations and the use of certain features. AppsFlyer processes pseudonymized session and interaction data to provide us with aggregated reports. This helps us understand through which channels users discover our app.

TikTok For Business

Additionally, we use features from TikTok (TikTok Information Technologies UK / TikTok Technology Limited Ireland) to measure the success of our advertisements placed on TikTok and to better align our campaigns with interested users. In this context, information about certain actions performed in the app (e.g., new installations or registrations) may be transmitted pseudonymously to TikTok. This serves exclusively to optimize our own ads ("Conversion Tracking").

Legal Basis and Withdrawal:

Data processing for these purposes is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time in your device's system settings (e.g., "Allow Apps to Request to Track" on iOS).

Summary

Key Points:

Contact