top of page
Download Google Play

Privacy Policy

HairLook Privacy Policy
Effective Date: May 22, 2025
Last updated: August 25, 2025

1. Who We Are
HairLook is operated by Antac S.A.S. In this document, “HairLook,” “we,” “our,” or “us” refers to Antac S.A.S.
For the purposes of the General Data Protection Regulation (GDPR), the UK GDPR, and other privacy laws, HairLook is the data controller for personal data processed through the HairLook mobile, web, and API‑based applications (collectively, the “Service”).
We have appointed a Data Protection Officer (DPO). Contact our DPO at privacy@hairlook.app or by post at the address above (attn: DPO).

2. Scope of This Policy
This Policy explains how we collect, use, disclose, store, and protect personal data when you:

  • install, access, or use the HairLook app on iOS, Android, or the web;

  • visit our websites, customer‑support channels, or social‑media pages; or

  • otherwise interact with us (for example, by emailing us).

It does not cover third‑party websites, services, or content that we do not control.

3. The Information We Collect
3.1 Information You Provide Directly

  • Account Data – name, email address, hashed password, sign‑in provider ID (Apple, Google, or email), country/region, and language.

  • User Images – photos you upload are only used to generate or preview hairstyles.

  • Payment & Subscription Data – purchase receipts, transaction IDs, subscription tier, and related metadata received from RevenueCat, the Apple App Store, Google Play, or Stripe.

  • Support Data – messages, screenshots, logs, or other content you voluntarily send to our support team.


3.2 Information We Collect Automatically

  • Device Data – device model, language, time‑zone, screen size, and battery or network status.

  • Usage Data – app‑launch time, and crash logs.

  • Cookies & Similar Technologies – HTTP cookies, local storage, Firebase analytics events, and SDK‑provided identifiers.

  • Analytics, Advertising, and Attribution


3.3 Special‑Category Data (Images That Contain Faces)
Facial images can constitute biometric data under Art. 4(14) GDPR when processed to uniquely identify a person. HairLook does not use your images to recognize or authenticate you (or anyone else). Images are processed solely to generate the requested hairstyle previews.

 

3.4 Face Data (Hairstyle Processing Details)
HairLook processes photos you upload, which may include facial details (such as eyes, eyebrows, nose, lips, and facial borders), solely to generate hairstyle previews requested by the user. If you upload a reference hairstyle photo, it is used only for generating the requested style and nothing else. We do not collect or create biometric identifiers (such as facial geometry templates, Face ID data, or iris scans). We do not use your images to recognize or authenticate you. Photos and any related processing data are stored only as long as needed for preview generation and are automatically deleted within 72 hours.  Nothing is stored permanently or linked to a user’s identity. We do not sell, share, or disclose face data to any third parties. Processing is performed exclusively by secure service providers (e.g., Modal GPU servers, Google Cloud Firebase Cloud Functions, Google Gemini API), which act strictly as data processors on our behalf. These processors are contractually prohibited from using this data for any purpose other than providing the HairLook hairstyle preview service, and they cannot retain or reuse the data.

 

3.5 Analytics, Advertising, and Attribution

We use third-party analytics and attribution services to help us understand how users interact with HairLook, measure the performance of our marketing campaigns, detect fraud, and improve the overall user experience. These services include AppsFlyer and may include its integrated partners such as Meta, TikTok, Google Ads, and other advertising networks.

Data Collected

As part of these services, the following types of data may be collected and shared with AppsFlyer and its partners:

  • Device identifiers (such as IDFA on iOS, Google Advertising ID on Android, IP address)

  • Device information (device model, OS version, language, region, mobile network)

  • App usage events (app install, app open, screen views, interactions with features)

  • In-app events (subscription events, purchases, try-on actions, generated content events)

  • Technical data (log information, performance metrics, crash data)

This data does not include the actual user images processed by HairLook; image processing is performed for the purpose of providing app functionality, and processed images are not used for advertising attribution.

Purposes of Processing

We use AppsFlyer and its partners for the following purposes:

  • Analytics: understanding how users engage with HairLook and improving app functionality.

  • Advertising attribution: measuring the effectiveness of marketing and advertising campaigns.

  • Advertising optimization: improving the delivery and relevance of ads on platforms such as Meta, TikTok, and Google Ads.

  • Fraud prevention and security: detecting suspicious activity and maintaining service integrity.

Sharing of Data

For the purposes described above, certain device identifiers and event data may be shared with AppsFlyer and advertising partners that assist us with marketing attribution. These partners may use this data in accordance with their own privacy policies.

We do not sell personal data.

iOS App Tracking Transparency (ATT)

On iOS devices, you may be asked for permission to allow tracking across apps and websites owned by other companies. If you decline:

  • We do not access your IDFA, and

  • AppsFlyer receives only limited, non-identifiable data necessary for basic analytics and attribution.

You can change your tracking preferences at any time in your device settings.

Android Advertising ID

Android users may reset or disable the Google Advertising ID at any time via the device’s “Google Settings” → “Ads” section.

Opt-Out Options

Users can opt out of interest-based advertising or reset their advertising identifiers:

  • iOS: Settings → Privacy → Tracking

  • Android: Settings → Google → Ads


4. How and Why We Use Personal Data

  • To provide and operate the Service (GDPR Art. 6 §1 b – Contract performance): We use personal data to create accounts, process uploads, render hairstyle previews, and deliver purchases. 

  • To process payments and subscriptions (Art. 6 §1 b): We use payment and subscription data through Apple, Google,  and RevenueCat APIs. 

  • For legal and compliance purposes (Art. 6 §1 c – Legal obligation): We use data for invoicing, tax, responding to regulatory requests, and enforcing our Terms of Service. 


5. How Long We Keep Data

  • Images and hairstyle previews are deleted 72 hours after generation or when you delete them in‑app, whichever comes first.

  • Account, purchase, and usage data – retained for three years from your last interaction or the end of the fiscal year, whichever is later.

  • Support tickets – retained for three years after ticket closure.

  • Third-party service providers – our processing partners (such as Modal, Google Gemini API, and Google Vision API) may temporarily store or process data to perform their services. These providers manage and delete data in accordance with their own privacy and retention policies.

We may keep data longer when required by law or to establish or defend legal claims. When the retention period ends, we delete or anonymise the data.

6. Security
We use administrative, technical, and physical safeguards including:​

  • Network firewalls, access‑control lists, and role‑based permissions;

  • A secure development lifecycle;

  • Incident‑response procedures and data‑breach notification protocols.

Although no system can be 100 % secure, we continuously work to protect your information.

7. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you;

  • Rectify inaccurate or incomplete data;

  • Erase your data;

  • Restrict or object to certain processing activities;

  • Data portability – receive your data in a structured, commonly used, machine‑readable format;

  • Withdraw consent at any time without affecting the lawfulness of prior processing;

  • Lodge a complaint with a supervisory authority (e.g., the Colombian SIC, the Dutch DPA, the UK ICO, or any EEA authority).

Most rights can be exercised through in‑app settings or by contacting our DPO.

California (CCPA / CPRA)
California residents can request information about data categories collected, disclosed, or “sold” / “shared,” and may opt out of any “sale” or “sharing” of personal information. HairLook does not sell or share personal information as defined by the CCPA/CPRA.

Brazil (LGPD)
Brazilian users have equivalent rights under the Lei Geral de Proteção de Dados (LGPD) and can exercise them via the contact details above.

8. Children’s Privacy

HairLook is designed for general audiences and is not intended for independent use by children under 18.

If you are under the age of 18, you may only use HairLook with the active involvement and consent of a parent or legal guardian.

We do not knowingly collect personal data from children without such consent. If we learn that we have inadvertently processed personal data from a child without appropriate consent, we will promptly delete the data and may close the account.

9. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. We will post the updated version and, where required, obtain your consent. Material changes will take effect no sooner than 30 days after notification unless a shorter period is required by law.

10. Contact Us
If you have questions, concerns, or requests regarding this Policy or our data‑handling practices, contact us:
Email: info@antac.ai
Antac S.A.S.

bottom of page