Privacy Policy
Effective date: May 12, 2026 | Last updated: May 24, 2026
AI Hairstyle: Hair Color & Cut ("AI Hairstyle", "the App", "we", "us", or "our") is developed and operated by Cuneyt Emir. We are committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy describes what data we collect, why we collect it, how it is processed, and your rights regarding your personal data.
By downloading, installing, or using AI Hairstyle, you acknowledge that you have read and understood this Privacy Policy.
1. Information We Collect
1.1 Device Information
When you first open the App, we generate and store the following:
- Device Identifier (identifierForVendor): A unique identifier assigned by Apple to your device for our app. This ID is not your Apple ID, UDID, or advertising identifier. It is used solely to identify your device within our system for usage tracking and credit management. This identifier resets if you uninstall and reinstall the app.
- App Identifier: The internal identifier of the specific application you are using (e.g., "sac-ai"). This allows our shared backend to distinguish between different apps.
- Selected Gender: A "female" or "male" preference you choose during onboarding, stored locally on your device. Used to personalize hairstyle recommendations and the visual theme.
- Preferred Language: Your device's language, used to localize the app and AI-generated text labels.
1.2 Photos and Images You Provide
The core functionality of AI Hairstyle requires you to upload photographs of your face/hair. Here is exactly what happens to your photos:
Photo Processing Lifecycle: - You select or capture a photo on your device.
- The photo is converted to JPEG format and encoded as base64 data.
- The encoded photo is transmitted over HTTPS to our secure server.
- Our server forwards the photo to a third-party generative AI image-processing service for hairstyle generation.
- Once AI processing is complete, the temporary photo file on our server is deleted.
- The generated result image is downloaded to your device and stored locally in the App's private storage (SwiftData).
We do not permanently store your original photos on our servers. Temporary files are deleted immediately after processing. We do not use your photos for training AI models, marketing, analytics, or any purpose other than fulfilling your specific generation request.
1.3 Generated Images
AI-generated hairstyle images are:
- Temporarily stored on our server for download (automatically deleted within 1 hour).
- Downloaded and stored locally on your device within the App's private storage.
- Not accessible to us after you download them.
1.4 Usage Data
We store the following usage information on our server:
- Number of remaining photo generation credits
- Job history: job ID, status (pending/processing/done/failed), feature used, timestamps
- We do NOT store the actual image content in job records — only metadata
1.5 Purchase Information
All in-app purchases are processed entirely by Apple through the App Store. We use RevenueCat as a purchase validation platform. Through RevenueCat, we receive:
- The product identifier you purchased (e.g., basic5, popular15, bestvalue40)
- Transaction timestamps
- Purchase receipt validation status
We never receive, process, or store your payment card details, Apple ID credentials, or billing address.
1.6 Information We Do NOT Collect
- Your name, email address, or phone number
- Your location data (GPS, IP-based geolocation)
- Your contacts, calendar, or other personal data
- Device advertising identifier (IDFA)
- Browsing history or data from other apps
- Biometric data (Face ID/Touch ID is handled by iOS, not our app)
2. Face Data
Because the App processes selfies for cosmetic hairstyle visualization, we provide the following explicit disclosures regarding face data:
Face data is NOT retained. AI Hairstyle does not store, persist, archive, or otherwise retain any face data after a generation request has been completed. We do not build, maintain, or update any face-data database, profile, embedding, template, or biometric record at any time.
- No face recognition. The App does not perform face recognition, face identification, face matching, face verification, or any other biometric identification on any image you provide.
- No face tracking. The App does not use Apple's Vision framework face detection, ARKit face tracking, TrueDepth camera APIs, or any third-party face-tracking SDK.
- No face embeddings or landmarks. We do not extract, compute, generate, or store facial embeddings, facial landmarks, face vectors, geometric face data, or any other mathematical representation of your face.
- No model training on your face. Your selfie is never used to train, fine-tune, or improve any AI model — ours or any third party's.
- No sharing of face data. We do not sell, lease, trade, or otherwise disclose any face data to advertisers, data brokers, analytics providers, or any third party for any purpose.
- Purpose-limited processing. Your selfie is sent over an encrypted HTTPS connection to our backend and from there to a third-party generative AI image-processing service, only for the duration of the single image-to-image generation request you initiated. The image is treated as an ordinary pixel buffer and discarded from our temporary storage immediately after the result is returned to your device.
- Temporary processing-only retention. The input image lives in temporary cloud storage solely for the duration of the generation request and is auto-deleted by the storage provider within at most 3 days. We never copy it into any long-term, indexed, or searchable system.
- On-device only result storage. The generated result is stored only on your device, in the App's private sandbox. Deleting the App, or removing a result from the in-app Creations tab, deletes it permanently.
In summary: face data is processed transiently for a single hairstyle generation and is not retained, profiled, recognized, or shared.
3. How We Use Your Information
| Data | Purpose | Legal Basis |
|---|
| Device ID | Identify your device, manage credits | Legitimate interest |
| Uploaded photos | AI hairstyle generation (temporary) | Contract performance |
| Usage data | Credit tracking, job history | Contract performance |
| Purchase data | Credit pack validation | Contract performance |
| Gender preference | Personalize hairstyle recommendations | Consent |
4. Third-Party Services
We use the following third-party services to operate the App. Each service receives only the minimum data necessary for its function:
4.1 Generative AI Image Processing
- What is shared: A temporary URL of the photo you uploaded, plus a text prompt describing the desired hairstyle.
- Purpose: Producing the AI-edited hairstyle preview you requested.
- Data retention: The provider's temporary file storage automatically deletes files within at most 3 days. No long-term retention, no model training on your image, no biometric processing.
- Identity of the provider: The current generative AI processor is bound by a standard data-processing agreement that prohibits the use of your image for any purpose beyond fulfilling the single generation request. We may change providers from time to time; this Privacy Policy will continue to apply.
4.2 RevenueCat (Purchase Validation)
- What they receive: Anonymous app user ID (your device ID), purchase events from Apple.
- Purpose: Validate in-app purchases and track which credit packs you've bought.
- Privacy policy: https://www.revenuecat.com/privacy
4.3 Apple App Store
We do not use any advertising SDKs, analytics trackers, or data brokers. We do not sell, rent, or share your data with any other third parties.
5. Data Storage and Security
5.1 Where Your Data Is Stored
- On your device: Generated images, input photos, and job history are stored in the App's private SwiftData database. This data is sandboxed by iOS and inaccessible to other apps.
- On our server: Device ID, credit balance, and job metadata are stored in a PostgreSQL database hosted on our secure server in Europe.
- Temporary files: Uploaded photos are stored temporarily during processing and deleted immediately after. Generated images are stored temporarily for download and deleted within 1 hour.
5.2 Security Measures
- All data transmission uses HTTPS/TLS encryption.
- API endpoints require device authentication headers (X-App-ID, X-Device-ID).
- Rate limiting prevents abuse (5 generation requests per minute, 60 general requests per minute per device).
- Database access is restricted to the application server only.
- Photos are never logged, cached in CDN, or stored in any intermediary.
6. Data Retention
| Data Type | Retention Period |
|---|
| Uploaded photos (server) | Deleted immediately after processing (within minutes) |
| Generated images (server) | Deleted within 1 hour |
| Generated images (device) | Until you delete the app |
| Device ID and credits | 90 days after last activity, then auto-deleted |
| Job metadata | 90 days after last activity |
7. Your Rights
Depending on your jurisdiction (including GDPR for EU/EEA residents, CCPA for California residents, and KVKK for Turkey), you may have the following rights:
- Right to access: Request a copy of data we hold about your device.
- Right to deletion: Request deletion of your data. You can do this by uninstalling the App (removes all local data) and contacting us to remove server-side data.
- Right to restriction: Request that we stop processing your data.
- Right to portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Children's Privacy
AI Hairstyle is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.
9. International Data Transfers
Our server is located in Europe. If you use the App from outside Europe, your data (device ID, temporary photo uploads) will be transferred to our European server. The downstream generative AI image-processing service may operate servers in other regions; that service does not retain your image beyond the brief processing window described above. All transfers are protected by HTTPS encryption.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the App or by updating the "Last updated" date at the top of this page. Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: