Privacy Policy — Hair Scan AI

This Privacy Policy describes how the mobile application Hair Scan AI (the "Application") collects, uses, stores, and protects users' personal data. The Application is developed by DoubleE Studio and created by Michele Cipriani and Tommaso Vilotto (the "Data Controller" or "Service Provider").

GDPR Compliance: This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and other applicable data protection legislation.

1. Data Controller

DoubleE Studio
Michele Cipriani and Tommaso Vilotto
Email: doublee.studio.team@gmail.com

2. Categories of Data Processed

2.1 Data Collected and Stored

The Application stores only the following data in its database:

User identifier (User ID) from authentication providers (Google or Apple)
Email address (if provided through Google or Apple Sign-In)
Terms acceptance status (confirmation and timestamp)
Credit/coin balance for internal reward and unlock mechanics
Scan timestamps (date and time only — NOT photos or analysis results)

Important: Scan analysis results (descriptions, suggestions, scores) are NOT stored in the database — they are saved only locally on your device.

Local Storage Only: Scan history (including analysis results), hair-care product logs, and onboarding preferences are stored only on your device using local storage. They are never uploaded to our servers.

Important: Scalp photos are NOT permanently stored on our servers. Images are processed temporarily and sent to Google Gemini API to generate results, then removed from temporary processing memory.

2.2 Onboarding Data NOT Stored

During the initial onboarding, the Application asks for information such as:

Age
Sex
Possible health-related concerns

This onboarding information is NOT stored in our database. It is stored only locally on your device and is never uploaded to our servers.

2.3 Photo Data Processing

Scalp photos captured through the Application:

Are captured locally on the user's device
Are temporarily encoded and sent to Google Gemini API for analysis
Are NOT permanently stored on Service Provider servers
Are removed from temporary memory after analysis results are generated

Only the textual analysis output (descriptions, suggestions, scores) is saved in user history locally on the device.

3. Legal Basis for Processing

Personal data is processed on the following legal bases under GDPR and applicable law:

Data Category	Legal Basis
Authentication data (User ID, email)	Performance of a contract under applicable data protection law
Terms acceptance and coin balance	Performance of a contract under applicable data protection law
Scalp photos (temporary processing)	Explicit consent under GDPR and applicable data protection law (potential health-related data)
Scan timestamps	Performance of a contract under applicable data protection law
Advertising data (AdMob)	Consent under GDPR and applicable data protection law, managed through Google consent flows

Health-Related Data Notice: Depending on context, scalp photos may qualify as health-related data under GDPR. Processing takes place solely for the specific purpose of providing a non-medical, indicative analysis and only after user consent where required.

3.1 Explicit Consent Management for Photo Processing

Where photo processing may involve special-category data under GDPR, the Application requests dedicated, explicit in-app consent before the first scan. This consent is separate from general Terms acceptance.

Collection: consent is requested through a clear opt-in action before photo upload/analysis starts
Record: we store a minimal consent log (timestamp, consent type, policy version, and user reference where available)
Withdrawal: consent can be withdrawn at any time in app settings or by contacting us at doublee.studio.team@gmail.com

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4. Purposes of Processing

Personal data is processed for the following purposes:

Service delivery: enabling app features (scans, scan history, product tracking)
Authentication: linking data to a user account when login is used
Credits and unlock logic: managing coins and ad-based unlock features
Image analysis: sending photos to Google Gemini API to generate scalp analysis output
Advertising: showing ads through Google AdMob, including rewarded ads where applicable
Service improvement: monitoring app usage for quality and product improvements
Legal compliance: fulfilling legal obligations where applicable

5. Third-Party Data Sharing

Data may be shared only with the following third parties that are necessary for operation of the Application:

5.1 Google Gemini API

Purpose: AI processing of scalp images.
Data shared: Scalp photos (temporary processing).
Legal basis: Service performance and/or user consent as applicable.
Location: Data may be processed in the United States or other countries where Google operates.
Policy: Google Privacy Policy

5.1.1 Gemini Data Processing Mode (Important)

The Application uses Google Gemini API in paid service mode, with active Google Cloud billing enabled.

Prompts and responses are processed in accordance with applicable Google data processing terms for eligible paid processor services.
In this paid mode context, prompts and responses are not used to improve Google products.

The Service Provider configures and maintains Gemini in paid mode at infrastructure level.

5.2 Google AdMob

Purpose: Display of advertising content and rewarded ads used to unlock certain features (for example, scan unlock steps).
Data shared: Advertising identifiers, device information, and app usage signals.
Legal basis: User consent where required by applicable law and platform policy.
Location: Data may be processed in the United States or other countries.
Policy: Google Privacy Policy and AdMob Privacy Information

5.3 Google Sign-In and Apple Sign-In

Purpose: User authentication.
Data shared: Authentication tokens and basic account data provided by Google/Apple.
Legal basis: Performance of a contract (account access).
Policies: Google Privacy Policy | Apple Privacy Policy

5.4 Supabase

Purpose: Backend database and authentication infrastructure. Supabase stores and manages all persistent user data associated with the Application.
Data stored: User identifiers, email addresses, Terms acceptance records, coin/credit balances, and scan timestamps (date/time only — no photos, no analysis results, no product logs).
Legal basis: Performance of a contract and, where applicable, legal obligation under GDPR and applicable law.
Location: Data may be processed in the United States or other regions where Supabase infrastructure operates. Supabase provides GDPR-compliant data processing agreements for eligible customers.
Policy: Supabase Privacy Policy

International Transfers: Some third-party services may involve transfers of personal data outside the EEA (including Google services and Supabase infrastructure). Where required, such transfers rely on valid transfer mechanisms, including Standard Contractual Clauses (SCCs), adequacy decisions where available, or equivalent GDPR safeguards. Users may request additional information about the applicable safeguards by contacting doublee.studio.team@gmail.com.

6. Data Retention Period

Personal data is retained as follows:

Account data: until account deletion by the user
Scan timestamps: until account deletion
Photos: temporary processing only, then removed (not permanently stored)
Terms acceptance logs: retained for up to 10 years after account deletion for legal defense purposes, as permitted under GDPR and applicable law concerning the establishment, exercise, or defense of legal claims. Only minimal data is retained: timestamp, accepted version, and anonymized user reference.
Technical logs: retained for a limited period for security and troubleshooting

Post-Deletion Retention: After account deletion, we retain only a minimal log of your Terms acceptance (timestamp and version) for legal compliance purposes. This data cannot identify you personally and is retained solely to demonstrate that you accepted our Terms at the time of use.

7. User Rights

Under GDPR, users may have the right to:

Access personal data
Rectify inaccurate data
Erase data
Restrict processing
Data portability
Object to processing in certain cases
Withdraw consent at any time where processing is based on consent

7.1 How to Exercise Rights

Users may:

Use in-app account management features (including account deletion in Settings)
Send a request to: doublee.studio.team@gmail.com

We respond without undue delay and, in any case, within 30 days from receipt of a valid request. Where permitted by law, this period may be extended by up to 60 additional days for complex requests, and we will inform you of the reason for the extension.

To protect user data, we may ask for reasonable identity verification before fulfilling certain requests.

8. California Privacy Rights (CCPA/CPRA)

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants certain rights to California residents. Depending on the applicable legal scope and thresholds, these rights may include access, deletion, correction, and the right to opt out of sale/sharing for cross-context behavioral advertising.

No sale for monetary consideration: We do not sell your personal data to third parties in exchange for money.
Ad data sharing: Google AdMob may share advertising identifiers and device signals with third-party advertising partners. This may qualify as “sharing” under CCPA/CPRA in some contexts.
Opt-out choices: You can adjust consent choices in-app (where available) and/or through your device ad-tracking settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Google → Ads).
Exercise your rights: California residents may contact us at doublee.studio.team@gmail.com to submit verifiable requests, including requests to know, delete, correct, or opt out of sale/sharing where applicable.

9. Data Security

The Service Provider applies appropriate technical and organizational measures to protect personal data, including:

HTTPS/TLS encryption for data in transit
Secure authentication through trusted providers (Google, Apple)
Access controls and limited internal access to data
Security monitoring and logging
No permanent storage of scalp photos on our servers

10. Children

The Application is not intended for users under 18 years of age. We do not knowingly collect personal data from minors.

11. Device Permissions

The Application requests the following device permissions to enable its core functionality:

Permission	Purpose	Required?
Camera	Capturing scalp photos for AI analysis (4 photos per scan)	Yes — core feature
Internet access	Required to communicate with Supabase, Google Gemini API, Google AdMob, and authentication providers	Yes — core feature

Camera images are used exclusively for the purpose of generating a scalp analysis via Google Gemini API. Photos are not permanently stored on Service Provider servers and are removed from temporary memory after analysis results are generated.

Permission requests are handled in accordance with iOS and Android platform guidelines. Users may revoke permissions at any time through their device settings; however, revoking the camera permission will disable the scan functionality.

12. Cookies and Tracking Technologies

The Application does not directly use browser cookies, but integrated third-party services (such as AdMob or sign-in providers) may use similar tracking technologies for advertising, analytics, and service optimization.

13. Use Without Account

The Application can be used without creating an account. In this mode:

No account-linked personal identifier is stored by us
Scan history and results are stored locally on your device only
Scan history and results are not persisted to an account and are not synced across devices
Some features may be limited compared to account mode

Photos are still processed through Google Gemini API as described above.

14. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. In the event of material changes, users may be informed via in-app notice, email (if available), or a renewed acceptance prompt where required.

15. Complaints to Supervisory Authority

If you believe your personal data has been processed in violation of applicable data protection law, you have the right to lodge a complaint with the competent data protection supervisory authority in your country or region of residence, work, or where the alleged infringement occurred.

For users located in the European Economic Area, a list of national supervisory authorities is available at: European Data Protection Board — Members.

You may also contact the Service Provider directly before lodging a formal complaint: doublee.studio.team@gmail.com

16. Consent

By using the Application, users acknowledge that they have read and understood this Privacy Policy. For features requiring explicit consent (including certain ad-processing or photo-processing contexts), specific in-app consent requests are presented.

DPA/Controller-Processor Note: This Privacy Policy provides a summary of processing activities and does not constitute a standalone data processing agreement. Where Google acts as a processor for eligible paid Gemini services, the applicable Google contractual data processing terms apply between the customer and Google. Users may contact the Service Provider for clarification regarding the currently active service mode.

17. Privacy Contact

For questions, requests, or clarifications regarding this Privacy Policy or personal data processing, contact:

DoubleE Studio
Michele Cipriani and Tommaso Vilotto
Email: doublee.studio.team@gmail.com