Privacy Policy

Last updated: July 3, 2026

Effective date: April 16, 2026

We take your privacy seriously. Learn how we collect, use, and protect your information.

Data Security

Data is encrypted in transit and protected with industry-standard safeguards

Transparency

Clear information about data usage

Your Control

You retain ownership and can manage your data

1. Introduction

This Privacy Policy describes how Hairmage ("we," "us," or "our") collects, uses, stores, shares, and protects information when you use the Hairmage mobile application and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create a Hairmage account, we collect:

  • Name and display name
  • Email address
  • Profile photo (if provided via Google or Apple Sign-In)
  • Authentication credentials (managed securely through Firebase Authentication)
  • Subscription status and plan details
  • Marketing email consent status (whether you opted in to receive promotional emails) and the timestamp of when consent was given or withdrawn

2.2 Salon & Business Data

To provide our salon management services, we store information you enter, including:

  • Salon name and business details
  • Working hours and schedule configuration
  • Services offered and pricing information
  • Staff member information (names, roles, commission rates, sales commissions)
  • Product inventory data (product names, purchase prices, selling prices, stock quantities)
  • Product sales records and staff sales performance data
  • Appointment payment records (payment method: cash, card, or split)
  • Business expense records you enter into the system
  • Revenue and financial data you enter into the system

2.3 Client Data (Entered by You)

Important: You Are the Data Controller

Client data is entered into Hairmage by you, the salon professional. You are the data controller for all client information, and Hairmage acts as a data processor on your behalf. It is your responsibility to have a valid legal basis (such as consent) for collecting and processing your clients' personal data — including photographs — before entering it into the system. Hairmage processes client data solely to provide the Service to you.

Client data you may enter includes:

  • Client names, phone numbers, and email addresses
  • Visit history and service records
  • Color recommendation history and formulas used
  • Notes and preferences
  • Image-based color detection results (e.g., detected level/undertone)
  • Blacklist status

2.4 Photos & Images

When you use image-based color detection features:

  • Photos are captured via camera or selected from your device's photo library.
  • Hairmage does not store or retain uploaded photos. Photos are used only for real-time color detection and are discarded by Hairmage after processing. For image-based color detection, the legal basis for processing client photographs is the salon professional's legitimate interest or explicit client consent, depending on applicable law.
  • Photos may be transmitted to third-party AI providers (e.g., OpenAI) solely to detect hair color; their processing is subject to the provider's terms and privacy practices. We do not intentionally use or permit the use of photos for model training, marketing, or any purpose other than detecting hair color.

2.5 Usage & Technical Data

We collect limited technical and usage data to operate and improve the Service:

  • Feature usage counts (e.g., number of color recommendations used) for subscription management and abuse prevention
  • Device type and operating system (for compatibility and support)
  • App version information
  • Crash reports and error logs (to improve stability)
  • Subscription and billing events (managed through RevenueCat)
  • Anonymized in-app event data via Firebase Analytics (e.g., screen views, feature usage patterns, button interactions) to understand how users interact with the app and to improve the Service

2.6 Analytics Data

Website (hairmageapp.com): We use Google Analytics 4 (GA4) to collect anonymized usage data, including:

  • Pages visited and navigation paths
  • Time spent on pages and scroll depth
  • Referring source (e.g., search engine, ad campaign, direct visit)
  • General geographic location (country/region level, not precise)
  • Device type, browser, and operating system
  • Interactions with buttons and links (e.g., "Try Free" clicks)

Basic website analytics data (page views, navigation, traffic sources, and custom events) is collected automatically using first-party analytics cookies to help us understand how visitors use our website and improve our content and services. IP addresses are anonymized. Marketing and advertising cookies are set only after you grant consent through our cookie banner.

Mobile App (iOS & Android): The Hairmage mobile application uses Firebase Analytics and Google Analytics 4 (GA4) to collect anonymized event data, including:

  • Screen views and navigation patterns
  • Feature usage events (e.g., which features are used most frequently)
  • Button and interaction events (e.g., starting a color recommendation, saving a visit)
  • App open/close events and session duration
  • Device type, operating system, and app version
  • General geographic location (country/region level, derived from IP — IP itself is not stored)
  • Crash and error events (for stability improvements)

In-app analytics data is collected automatically to help us understand usage patterns, identify issues, and improve the Service. This data is anonymized and aggregated — it is not linked to your salon data, client records, or personal content. We do not use in-app analytics for advertising, behavioral profiling, or selling data to third parties.

Note: The Hairmage mobile app does not use the Meta (Facebook) Pixel or other advertising pixels. Website marketing measurement (Meta Pixel) is used on hairmageapp.com only after you provide consent through our cookie banner.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the salon management Service
  • Generate palette-based color recommendations and perform image-based hair color detection
  • Synchronize your data across devices via cloud storage
  • Process subscriptions and manage billing through app stores
  • Manage feature access based on your subscription plan
  • Prevent abuse and enforce usage limits
  • Send important service-related communications (e.g., account security, subscription changes)
  • Send automated appointment reminder emails to your clients on your behalf, using your salon name as the sender
  • Send promotional and marketing emails only to users who have provided explicit opt-in consent during registration. You can unsubscribe at any time.
  • Analyze anonymized website traffic and usage patterns to improve the website experience
  • Respond to support requests
  • Comply with legal obligations

We do not use your personal account data, salon data, or client data for targeted advertising, behavioral profiling, or selling to third parties. Anonymized analytics data (website analytics collected automatically; in-app analytics collected automatically) is used solely to understand usage patterns and improve the Service.

4. Third-Party Services & Data Sharing

We Never Sell Your Data

Hairmage does not sell, rent, or trade your personal information, salon data, or client data to any third party for marketing, advertising, or any commercial purpose.

Your email address is never sold, rented, or shared with third parties for their own marketing purposes. Marketing emails are sent exclusively by HairMage and only to users who have opted in.

Service Providers

We use the following third-party services to operate Hairmage. Each provider receives data necessary to perform its function:

  • Firebase (Google Cloud): Authentication, cloud database (Firestore), backend functions, and in-app analytics (Firebase Analytics). Your account data and salon data are stored in Firebase. Firebase Analytics collects anonymized event data to help us understand app usage and improve the Service. Firebase Privacy Policy
  • OpenAI: Photos may be transmitted to OpenAI solely for the purpose of detecting hair color. Hairmage does not store or retain uploaded photos. Processing by OpenAI is subject to their applicable terms and privacy practices. OpenAI Privacy Policy
  • RevenueCat: Subscription management and billing processing. Receives subscription-related data only. RevenueCat Privacy Policy
  • Apple App Store / Google Play Store: Payment processing for mobile subscriptions. We do not directly access or store your payment card information.
  • Stripe: Payment processing for web-based subscriptions. Stripe receives payment information (such as card details) necessary to process transactions. Hairmage does not store your full payment card information; it is handled securely by Stripe. Stripe Privacy Policy
  • SendGrid / EmailJS / Email Services: Used for sending transactional emails (e.g., account-related communications and appointment reminders) and marketing emails (only to users who have opted in). Receives the data necessary to send emails (such as email address, salon name, and message content). These providers do not use your email address for their own marketing purposes.
  • Google Analytics 4 (Website & Mobile App): Used on hairmageapp.com and within the Hairmage mobile app to collect anonymized usage data (page/screen views, navigation, feature interactions, device info, traffic sources). On the website, first-party analytics cookies are enabled by default under Google Consent Mode v2 to provide basic traffic insights; marketing and ad signals require explicit consent. In the mobile app, anonymized event data is collected automatically to improve the Service — no personal content, salon data, or client data is included. IP anonymization is enabled. Google may process this data on servers outside the EEA/UK; Google's data processing terms and Standard Contractual Clauses apply. Google Privacy Policy
  • Meta Pixel (Website only): Used on hairmageapp.com to measure advertising campaign performance, track page views and conversions (e.g., button clicks, form submissions), and build remarketing audiences. The Meta Pixel is loaded only after you grant consent via the cookie banner. Meta may set cookies and process data on servers outside the EEA/UK; Meta's data processing terms apply. Meta Privacy Policy

Appointment Reminder Emails

Hairmage offers an automated appointment reminder feature that sends email notifications to your clients before their scheduled visits:

  • Reminder emails are sent through Hairmage's email infrastructure. Your salon name is displayed as the sender, but emails are delivered via Hairmage's official email service.
  • To send a reminder, Hairmage processes the client's email address, name, appointment date/time, and your salon name. This data is shared with our email delivery provider solely for the purpose of sending the reminder.
  • Client email addresses used for reminders are not shared with any third party for marketing or advertising purposes.
  • You, as the data controller, determine which clients receive reminders by entering their email addresses and creating bookings. Hairmage processes this data on your behalf.

Your Responsibility

You are responsible for ensuring that you have a valid legal basis (such as legitimate interest or client consent) to send appointment-related communications to your clients' email addresses before enabling reminders. Hairmage provides the technical capability; you remain responsible for compliance with applicable laws.

SMS Reminders

Hairmage offers a convenience feature that opens your device's native messaging app with a pre-filled SMS reminder for clients. SMS messages are sent directly from your device and phone number — Hairmage does not send, transmit, store, or have any access to SMS messages. No client data is shared with Hairmage or any third party through this feature.

Data Export

Hairmage allows you to export client contact data (including names, phone numbers, and email addresses) in CSV format:

  • Once exported, client data leaves Hairmage's system entirely. Hairmage has no control over and bears no responsibility for the storage, security, or subsequent use of exported data.
  • You remain the data controller for all exported data and must handle it in compliance with all applicable data protection and privacy laws.
  • If you use exported data for marketing, promotions, or any purpose beyond direct salon operations, you must independently obtain the appropriate consent from each client.

Other Disclosure

We may disclose your information only in these specific circumstances:

  • Legal Requirements: When required by law, court order, subpoena, or government request
  • Safety: To protect the rights, property, or safety of Hairmage, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)
  • With Your Consent: When you explicitly authorize specific data sharing

5. Data Storage & Security

We implement reasonable security measures to protect your data:

  • Data is transmitted using encrypted connections (TLS/SSL)
  • Cloud data is stored in Google Cloud / Firebase infrastructure with industry-standard safeguards (including access controls and encryption where supported by the provider).
  • Local data on your device is stored using Hive encrypted storage for offline access
  • Authentication is managed through Firebase Authentication with support for Google Sign-In, Apple Sign-In, and email/password
  • Access to salon data is restricted by user roles (owner, admin, editor, viewer) and business isolation
  • Abuse prevention and rate limiting protect against unauthorized access

Important: While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and device access.

6. Data Retention

We retain your data as follows:

  • Account Data: Retained for as long as your account is active. Upon account deletion request, your data is retained in a deactivated state for a 30-day grace period to allow you to restore your account if you change your mind. After 30 days, your data is permanently deleted.
  • Salon & Client Data: Retained for as long as your account is active or until you delete specific records. Subject to the same 30-day grace period upon account deletion.
  • Photos for Image-Based Color Detection: Not stored or retained by Hairmage. Photos are processed in real-time and discarded after color detection is complete.
  • Usage & Technical Data: Retained for the purpose of subscription management and abuse prevention for the duration of your account.
  • Billing Records: Managed by Apple App Store, Google Play Store, and RevenueCat in accordance with their respective retention policies and legal requirements.
  • Marketing Consent Records: Records of your marketing consent (including whether you opted in or out, the timestamp of consent, and the method used) are retained as proof of compliance with GDPR, CAN-SPAM, CASL, and other applicable anti-spam regulations — even after you withdraw your consent or delete your account. This retention is necessary to demonstrate lawful processing in the event of a regulatory inquiry.

Backup Systems: Independently of the 30-day grace period, deleted data may take additional time to be fully purged from technical backup systems. This is a technical limitation and does not extend the grace period or provide any additional opportunity for data recovery. We may retain certain information where required by law.

7. Your Privacy Rights

You Have the Right To:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Where technically feasible, request your data in a portable, machine-readable format
  • Restriction: Request restriction of certain data processing activities
  • Withdrawal of Consent: Withdraw consent for optional data processing at any time
  • Marketing Opt-Out: Withdraw your marketing email consent at any time via the unsubscribe link in any marketing email or through your account settings. Withdrawal is processed immediately and does not affect your ability to use the Service or any of its features.
  • Objection: Object to certain types of data processing

To exercise any of these rights, contact us at support@hairmageapp.com. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests. If required, we can provide a Data Processing Addendum (DPA) upon request.

8. For Users in the EEA/UK (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the following additional provisions apply:

  • Legal Bases: We process your data based on: (a) your consent; (b) the necessity to perform our contract with you (providing the Service); (c) our legitimate interests (improving the Service, preventing abuse); and (d) compliance with legal obligations.
  • International Transfers: Your data may be transferred to and processed in the United States and other countries where our service providers operate. When data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under applicable law.
  • Cookie Consent: Our website implements Google Consent Mode v2. First-party analytics cookies (GA4) are enabled by default for basic traffic measurement. Marketing and advertising cookies are blocked until you provide explicit consent through our cookie banner.
  • Privacy Contact: For GDPR-related inquiries, contact us at support@hairmageapp.com.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.

9. For California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected
  • Right to Delete: You may request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
  • No Sale of Data: We do not sell personal information as defined under the CCPA
  • Authorized Agent: You may use an authorized agent to submit a request on your behalf, where permitted by law

10. International Availability & Cross-Border Transfers

Hairmage is available only in the countries and regions where we officially offer the Service (as determined by App Store and Google Play availability). By using the Service, you acknowledge that:

  • You are responsible for ensuring that your use of the Service complies with all applicable local laws and regulations in your jurisdiction.
  • Your data may be processed in countries other than your own, including the United States and other locations where our service providers (cloud, AI, billing) operate.
  • If you access the Service from outside a supported region, the Service is provided "as-is" and certain features may be limited or unavailable.

For users in the EEA/UK, cross-border transfer safeguards are described in Section 8 above.

11. Country-Specific Rights

Your privacy rights and obligations may vary depending on your location. Where mandatory local data protection or consumer protection law applies, it takes precedence over conflicting provisions of this Privacy Policy. We encourage you to review any country-specific guidance provided in Sections 8 and 9 above, or to contact us if you have questions about your rights in your jurisdiction.

12. Children's Privacy

Hairmage is a professional tool intended for licensed adults only. The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete such information. If you believe a child has provided personal information to us, please contact us at support@hairmageapp.com.

13. Camera & Photo Library Permissions

Hairmage requests access to your device's camera and photo library for the following purposes only:

  • Camera: To capture photos of hair for image-based color detection
  • Photo Library: To select existing photos for image-based color detection

These permissions are optional and can be revoked at any time through your device settings. The app will function without these permissions, but image-based color detection features will be unavailable. Photos are used exclusively for detecting hair color and are not stored or retained by Hairmage, shared with other users, or used for any other purpose.

14. Local Data Storage

Hairmage stores data locally on your device to enable offline functionality. This includes client information, appointments, services, and other salon data. Local data is synchronized with our cloud servers when an internet connection is available. If you uninstall the application, local data will be removed from your device. Cloud data remains accessible if you reinstall the app and sign in to the same account.

Local Notifications

Hairmage may use your device's local notification system to deliver scheduled reminders for notes you create within the app. These notifications are triggered entirely on your device and do not involve any data transmission to Hairmage servers or third parties. You can manage or disable notification permissions at any time through your device settings.

15. Third-Party Links & Services

The Service may contain references or links to third-party websites, products, or services. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party service before providing your information.

16. Cookies & Tracking Technologies

Website: Hairmage's website (hairmageapp.com) uses cookies and similar technologies. We implement Google Consent Mode v2. First-party analytics cookies (Google Analytics 4) are enabled by default to collect anonymized traffic data. Marketing and advertising cookies (Meta Pixel, Google Ads) are set only after you grant consent through our cookie banner.

Mobile App: The Hairmage mobile app does not use browser cookies. It uses Firebase Analytics and Google Analytics 4 to collect anonymized event data (screen views, feature usage, interactions) for service improvement. The app may also use device identifiers or local storage for functionality and security (e.g., keeping you signed in, managing subscription status). No advertising identifiers or ad-tracking technologies are used.

  • Essential cookies: Strictly necessary cookies required to operate the website (e.g., security, session management, consent preferences). These do not require consent and are always active.
  • Analytics cookies (Google Analytics 4): Used to understand how visitors use our website, including page views, navigation paths, traffic sources (including UTM campaign parameters), custom events (e.g., "Try Free" and "Book a Demo" clicks), and device information. These first-party cookies are enabled by default to provide basic traffic insights. IP addresses are anonymized.
  • Marketing cookies (Meta Pixel, Google Ads): Used to measure advertising effectiveness on platforms such as Meta (Facebook/Instagram) and Google, including page views, conversions, and remarketing. These cookies are set only after you grant consent by selecting "Accept" in the cookie banner.
  • Managing your choices: You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or through your browser settings. To withdraw consent, clear the site's cookies from your browser — the consent banner will reappear on your next visit.

Some browsers offer a "Do Not Track" (DNT) signal. Hairmage does not currently respond uniformly to DNT signals, as there is no industry-wide standard for compliance. Third-party services embedded on our website may set their own cookies or similar technologies, subject to their own policies.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email, through the Hairmage app, or by posting the updated policy on our website, at least 30 days before they take effect. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

18. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about your data, contact us:

Company: HairMage LLC (or successor entity)

Email: support@hairmageapp.com

Address: 30 N Gould St Ste N, Sheridan, WY 82801

Response Time: We aim to respond to all privacy-related inquiries within 30 days.