Privacy Policy — Hairmony

Privacy at a glance

No accounts. You never register or log in. We hold no profile linked to you.

Data stays on your device. Your hair profile, scan history, photos, and routine are stored only on your device. We cannot access them.

Photos go to Anthropic for analysis only. When you run a hair scan, your photo is sent to Anthropic's AI (USA). It is never used to train any AI model — by us or by Anthropic.

Your hair data is health-adjacent. We treat it with the sensitivity that implies — no selling, no ads, no third-party sharing.

GDPR applies. PODSuite OÜ is registered in Estonia (EU). Your rights under the GDPR are fully respected.

Table of Contents

Who We Are (Data Controller)
Definitions
The Nature of Your Hair Data
What Data We Process
Device-Only Storage — What This Means For You
AI Hair Analysis, Anthropic, and Model Training
Subscription and Platform Providers
Expo SDK and Anonymous Telemetry
No Data Sales or Advertising
International Data Transfers
How to Delete Your Data
Data Retention
Security
Children's Privacy
Your Rights Under the GDPR
Right to Lodge a Complaint
Changes to This Policy
Contact the Data Controller

1. Who We Are (Data Controller)

This Privacy Policy applies to the Hairmony mobile application ("App") developed and operated by:

PODSuite OÜ
Republic of Estonia, European Union
Email: hairmonyapp@gmail.com

PODSuite OÜ acts as the data controller within the meaning of the EU General Data Protection Regulation (GDPR) in respect of any personal data processed in connection with the App.

2. Definitions

Capitalised terms used in this Privacy Policy have the following meanings:

App The Hairmony mobile application available on Apple App Store and Google Play Store.

Company / We / Us PODSuite OÜ, a private limited company registered in Estonia, EU.

Device Any smartphone or tablet used to access the App.

Hair Data Information You provide relating to Your physical hair and scalp characteristics, including hair type, density, porosity, scalp condition, hair loss indicators, chemical treatment history, and any other hair or scalp health details entered into the App.

Personal Data Any information that identifies or can reasonably be linked to an individual. Hair Data and photos of a person constitute Personal Data.

Photo / User Photo An image of Your hair or scalp that You submit to the App for AI analysis.

Processing Any operation performed on Personal Data, including collection, storage, transmission, analysis, and deletion.

Anthropic Anthropic, PBC, a US-based AI company whose Claude model is used to power the App's hair analysis feature.

GDPR The EU General Data Protection Regulation (Regulation 2016/679).

You / User The individual using the App.

3. The Nature of Your Hair Data

Hair Data — including photos of your scalp, information about hair loss, dandruff, scalp health conditions, and chemical treatment history — is health-adjacent and potentially sensitive personal information. Depending on its content, it may fall within or near the categories of personal data that attract enhanced protection under Art. 9 GDPR (special categories) or equivalent provisions in other jurisdictions.

We take this seriously. We handle all Hair Data and Photos with the same care we would apply to medical or health information:

We do not share it with advertisers, data brokers, or marketing platforms
We do not use it to build profiles beyond what is needed to run the App for You
We do not sell it under any circumstances
We transmit it externally only to the extent strictly necessary to perform the AI analysis You request (see Section 6)

By choosing to use the App's analysis features, You consent to the processing of this health-adjacent data for the purposes described in this Policy.

4. What Data We Process

The table below describes all categories of data that may be processed in connection with your use of the App, where that data lives, and the legal basis under GDPR.

Data Category	Examples	Where It Lives	Legal Basis (GDPR)
Hair profile answers	Birth year, hair type, scalp condition, porosity, density, chemical treatment history, reported concerns	Your Device only	Performance of contract (Art. 6(1)(b))
Hair photos	Photos of your hair and scalp taken for AI analysis	Your Device; transmitted to Anthropic during analysis only (see Section 6)	Performance of contract (Art. 6(1)(b))
Analysis results	Hair scores, metric breakdowns, ingredient match lists, suggested products	Your Device only	Performance of contract (Art. 6(1)(b))
Routine and task data	Hair care routine steps, wash frequency, product lists, task history	Your Device only	Performance of contract (Art. 6(1)(b))
Subscription status	Active/inactive subscription state (verified via receipt from Apple/Google)	Apple / Google systems; not stored by us	Performance of contract (Art. 6(1)(b))
Anonymous technical telemetry	App version, device OS, framework errors — collected by Expo SDK; anonymous and non-personal	Expo's infrastructure (see Section 8)	Legitimate interests (Art. 6(1)(f)) — app stability

We do not collect your name, email address, phone number, or any other directly identifying information. The App has no registration flow and no server-side user profile of any kind.

5. Device-Only Storage — What This Means For You

With the sole exception of photos transmitted to Anthropic during an active scan, all data you enter into Hairmony is stored exclusively on your Device using local on-device storage. PODSuite OÜ operates no servers that receive, store, or process your Hair Data, analysis results, routine, or Photos.

Practical implications:

No cloud backup: Your data is not backed up to any cloud by us. If your device is lost, damaged, or the App is deleted, your data cannot be recovered.
No cross-device sync: Your data cannot be transferred between your devices.
Deletion is immediate and total: Uninstalling the App permanently erases all locally stored data. We have no copy.
We cannot access your data: We have no technical means to view, export, or modify your locally stored information.

6. AI Hair Analysis, Anthropic, and Model Training

The hair analysis feature is powered by Claude, an AI model developed by Anthropic, PBC (548 Market St, San Francisco, CA 94104, USA).

What is transmitted: When you initiate a hair scan, your Photo — along with a structured prompt describing your hair profile — is sent over an encrypted HTTPS connection to Anthropic's API. No other Personal Data is included in this request.

Your photos are never used to train any AI model. PODSuite OÜ does not train AI models and does not use your Photos for that purpose. Anthropic's API terms explicitly prohibit the use of API inputs and outputs for model training without opt-in consent. Your photos are processed solely to generate your analysis result and are not retained by Anthropic beyond their standard short-term safety review window (up to 30 days).

How Anthropic handles your data:

Your photo and prompt are processed to return an analysis result to the App
Anthropic may retain API inputs/outputs for up to 30 days for trust and safety monitoring, after which they are deleted
Anthropic does not use API customer data to train its models (per their Usage Policy)
Anthropic's full handling of this data is governed by their Privacy Policy

International transfer notice: Anthropic is located in the United States. Transmitting your Photo to Anthropic constitutes a transfer of Personal Data to a third country outside the EU/EEA. This transfer occurs at your explicit instruction (by initiating the scan) and is necessary to perform the service you requested (Art. 49(1)(b) GDPR). By using the AI analysis feature, you acknowledge this transfer.

If you do not wish your Photo to be transmitted to Anthropic, you should not use the AI hair analysis feature.

7. Subscription and Platform Providers

Subscriptions are sold and managed exclusively by Apple (App Store) or Google (Google Play). PODSuite OÜ does not receive your payment card details, billing address, or any financial information.

Subscription validation (checking whether your subscription is active) is performed via the platform's in-app purchase APIs using an anonymous receipt token. We do not store this token beyond the active session, and it contains no Personal Data.

Apple and Google's data practices are governed by their respective privacy policies.

8. Expo SDK and Anonymous Telemetry

Hairmony is built using the Expo framework (by Expo, Inc.). Expo may collect limited, anonymous technical telemetry as part of its SDK operation — such as framework version, device platform, and anonymised crash or error reports.

This data, if collected, is:

Anonymous and not linked to any individual User
Used solely for framework stability and quality purposes by Expo
Governed by Expo's Privacy Policy

To our knowledge, Expo telemetry does not include your Hair Photos, profile answers, scan results, or any other App-specific content.

9. No Data Sales or Advertising

PODSuite OÜ does not:

Sell, rent, or trade your Personal Data or Hair Data to any third party
Share your data with advertising networks, data brokers, or analytics platforms
Use your data to serve targeted or behavioural advertising
Use your Hair Data or Photos to build commercial profiles or datasets
Use your data for any purpose other than delivering the App's stated features to you

The App's only source of revenue is a direct subscription fee. Your data is not the product.

10. International Data Transfers

The App's device-only architecture means that, in normal use, your Personal Data does not leave your country. The sole exception is when you actively use the AI hair analysis feature, which transmits your Photo to Anthropic in the United States.

This transfer is described in detail in Section 6. It occurs only at your explicit instruction, is limited to the Photo and a structured prompt, and is strictly necessary to perform the service you requested. No other Personal Data is transferred outside the EU/EEA by PODSuite OÜ.

11. How to Delete Your Data

Because all App data is stored on your Device, you are always in direct control of deletion. Here is exactly what to do for each data type:

All App data (Hair profile, scan history, routine, locally stored Photos):
Uninstall the App from your Device. This permanently and immediately deletes all locally stored data. Alternatively, use your Device's settings to clear the App's storage.
Photos transmitted to Anthropic for analysis:
Anthropic retains these for up to 30 days per their policy, then deletes them automatically. To request earlier deletion, contact us at hairmonyapp@gmail.com and we will forward a deletion request to Anthropic on your behalf.
Subscription records:
Managed by Apple or Google. Refer to your App Store or Google Play account settings to manage subscription and billing history.
Anonymous Expo telemetry:
This data is anonymous and cannot be linked back to you; individual deletion is not applicable.

We do not hold any Personal Data on our own servers. There is no account to delete with us, and no request form required for the data we handle — uninstalling the App is sufficient for the data we control.

12. Data Retention

App data (Hair profile, scans, routine): Retained on your Device until you clear App data or uninstall the App — entirely at your discretion
Anthropic analysis data: Retained by Anthropic for up to 30 days, then automatically deleted
Subscription records: Retained by Apple/Google per their respective policies
Expo telemetry: Retained by Expo per their policy; anonymous and not linked to you

PODSuite OÜ retains no Personal Data on its own servers because it does not operate servers that receive Personal Data.

13. Security

We take reasonable steps to protect the data processed in connection with the App:

All communications with Anthropic's API are encrypted using TLS (HTTPS)
Data stored on your Device is protected by your Device's own security mechanisms (screen lock, device encryption)
We do not operate a centralised database that could be breached to expose your Personal Data

While we strive to protect your data, no security measure is entirely infallible. We recommend keeping your Device's operating system and the App up to date.

14. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly process Personal Data from children under 13.

Given that the App stores all data locally and we collect no identifying information, we have no technical means to verify a User's age. Parents and guardians are responsible for supervising their children's use of the App.

If you have reason to believe a child under 13 has submitted a Photo via the analysis feature, please contact us at hairmonyapp@gmail.com and we will take appropriate action, including requesting deletion of any associated data from Anthropic.

15. Your Rights Under the GDPR

As a resident of the European Union or European Economic Area, you have the following rights under the GDPR:

Right of access (Art. 15): Request confirmation of whether we process Personal Data about you, and a copy of it
Right to rectification (Art. 16): Request correction of inaccurate data
Right to erasure (Art. 17): Request deletion of your Personal Data ("right to be forgotten")
Right to restriction of processing (Art. 18): Request that we limit how we use your data in certain circumstances
Right to data portability (Art. 20): Request your data in a structured, commonly used, machine-readable format
Right to object (Art. 21): Object to processing based on legitimate interests
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

Practical note: Because we store no Personal Data on our servers, most of these rights are exercisable directly by you — clearing the App's local storage or uninstalling the App achieves immediate, complete erasure of the data we control. For data processed by Anthropic, we will assist by forwarding your request to them. Contact us at hairmonyapp@gmail.com — we will respond within 30 days.

16. Right to Lodge a Complaint

If you believe that PODSuite OÜ has violated your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority. As an Estonian company, our lead supervisory authority is:

Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Tatari 39, 10134 Tallinn, Estonia
www.aki.ee · info@aki.ee

You may also contact the data protection authority in your own EU member state of residence.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated through the App or on this page. Your continued use of the App after any changes constitutes acceptance of the revised Policy.

18. Contact the Data Controller

For any privacy-related questions, requests, or concerns, please contact us:

PODSuite OÜ
Republic of Estonia, European Union
hairmonyapp@gmail.com

We aim to respond to all privacy inquiries within 30 days.