← Back to HairRabbit

Privacy Policy

Effective date: March 15, 2026

HairRabbit ("we", "us", "our") provides AI-powered hair analysis and progress tracking. This Privacy Policy explains what information we collect, why we collect it, and how users can control and delete their data.

1. Data We Collect

Account data: email address, authentication identifiers.

User content: photos you upload for hair analysis and progress tracking.

Device and app data: device identifiers, diagnostics, crash, and performance signals.

Usage metadata: feature usage events, request timing, and service telemetry.

We do not intentionally collect payment card data in this app flow.

2. Why We Collect Data

Create and secure your account.

Provide photo-based analysis and progress timelines.

Generate AI insights and related app features.

Maintain app reliability, prevent abuse, and troubleshoot issues.

Improve product quality and user experience.

3. How We Use and Share Data

We use data only for legitimate product and security purposes.

We do not sell personal data to third parties.

We may use providers such as Firebase, Google Cloud, and Supabase to operate the service.

Data sharing is limited to what is required to operate the service.

4. Photo Storage and Protection

User photos are protected with authenticated access controls.

Photos are uploaded over encrypted connections.

Photos are stored under user-scoped storage paths.

Access is restricted to authorized users and service operations.

Uploads are validated with file type and size checks.

5. Authentication and Security

Authentication is handled with Firebase Auth.

Access tokens are validated server-side before protected actions.

Security controls include rate limiting, request validation, and transport security.

6. Data Retention

We retain data only as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce agreements.

When an account is deleted, associated profile and media records are scheduled for removal from active systems and connected storage.

7. Account Deletion and Data Deletion Requests

You can request deletion by using the in-app account deletion option.

In app path: Profile -> Delete Account.

If you cannot access the app, contact us and include your account email.

8. Children's Privacy

HairRabbit is not directed to children under the applicable digital consent age in your region. If you believe a child has provided personal data, contact us for deletion.

9. International Data Transfers

Your data may be processed in regions where our service providers operate. We apply reasonable safeguards aligned with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the effective date and, where required, additional notice.

11. Contact Information

Privacy contact email: privacy@HairRabbit.app

Support email: support@HairRabbit.app

Last updated: March 15, 2026 | Contact: privacy@HairRabbit.app