Privacy Policy
Last updated: January 30, 2026
1. Introduction
At HairPlan, we take your privacy seriously. This Privacy Policy outlines our practices concerning the handling of user data.
HairPlan is operated by Akash Sharma, based in Canada.
Akash Sharma is the data controller responsible for personal data processed through the HairPlan app.
This Privacy Policy is governed by the laws of Canada.
2. Data Collection and Storage
HairPlan is designed with privacy at its core. Your personal data is stored locally on your device and is not uploaded to our servers. We do not maintain user accounts or store your information in external databases.
The following types of data are collected and stored locally on your device:
- Hair profile information (hair type, porosity, damage level, scalp condition, etc.)
- Optional name for personalization
- Progress photos you choose to take
- Daily check-in history and streak data
- Your personalized hair care plan
We also collect usage and analytics data through a third-party analytics service (PostHog). This includes information about how you use the app (such as app opens, screen views, and feature usage) to help us improve the app and understand usage patterns. This analytics data is not linked to your identity (we do not use your name, email, or other identifiers in analytics). For more information, see PostHog's privacy policy.
3. AI-Powered Features
HairPlan uses artificial intelligence (Rork AI) to generate personalized hair care recommendations based on your hair profile. When you complete the onboarding process:
- Your hair profile information is sent to our AI service to generate your personalized plan
- If you choose to upload a photo, it may be analyzed to improve recommendations
This data is processed by our AI provider solely for the purpose of generating your recommendations and is not used for advertising, profiling, biometric identification, facial recognition, or any other purpose.
We do not intentionally store this data after processing. However, the AI provider may temporarily process the data to deliver the service.
4. Subscription and Payment Data
When you purchase a subscription, payment processing is handled securely through the App Store (iOS) or Google Play Store (Android). We use RevenueCat to manage subscription status.
- We do not have access to your credit card or payment details
- We only receive confirmation of your subscription status to provide premium features
- Payment data is processed according to Apple's and Google's privacy policies
5. Camera and Photo Library Access
HairPlan requests access to your camera and photo library to:
- Allow you to take progress photos to track your hair journey
- Optionally provide a photo during onboarding for AI analysis
All photos are stored locally on your device only. We do not upload, store, share, or have access to your photos.
6. Data Usage
Your data is used exclusively to:
- Generate your personalized hair care plan
- Track your daily habits and progress
- Provide streak and check-in statistics
- Improve app functionality and user experience
- Understand how the app is used and improve the product (via anonymous analytics)
We use analytics (PostHog) to understand how the app is used, measure feature usage, and improve the product. We do not use advertising SDKs, sell your data, or use behavioral profiling for advertising. Analytics data is anonymous and not tied to your identity.
7. Data Sharing
We do not sell your personal data.
We only share limited data with trusted third-party service providers strictly for the purpose of operating the app, including:
- Hair profile information sent to Rork AI for plan generation
- Anonymous subscription status sent to RevenueCat for purchase validation
- Usage and analytics data (e.g. app opens, screen views, feature use) sent to PostHog for analytics. This data is anonymous and not linked to your identity.
These providers act as data processors and are contractually obligated to process data only for the intended purpose.
8. Data Retention
HairPlan does not retain personal data on external servers.
All personal data is stored locally on your device and remains under your control.
Any data transmitted to third-party services is processed temporarily and retained only as long as necessary to provide the requested service, in accordance with their respective privacy policies.
9. Legal Basis for Processing (GDPR)
For users in the European Union, we process personal data based on:
- Your consent (when you provide information or photos)
- Performance of a contract (to deliver the core features of the app)
You may withdraw your consent at any time by deleting your data within the app.
We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
10. Data Security
Since your data is stored locally on your device:
- Your information is protected by your device's security features
- No external servers store your personal hair profile or photos
- You maintain complete control over your data at all times
11. Data Deletion
You can delete all your data at any time through the app's Settings menu by selecting "Delete All Data."
This permanently removes all locally stored information including your profile, check-ins, photos, and progress history.
12. Children's Privacy
HairPlan is not directed to children under 13 years of age. We do not knowingly collect any data from children under 13. If you are under 13, please do not use HairPlan.
13. Your Rights
You have the right to:
- Access all your personal data (stored locally on your device)
- Correct or update your information
- Delete your data at any time
- Withdraw your consent
- Object to data processing
- Request data portability where applicable
14. Changes to Privacy Policy
Users will be notified of any material changes to this privacy policy via in-app notifications. We encourage you to review this policy periodically for any updates.
15. Contact Information
If you have any questions about this Privacy Policy, please contact us at:
hairplan14@gmail.com
EU users may contact us regarding GDPR rights at the same email address.
16. Jurisdiction
Any disputes arising from this Privacy Policy shall be governed by the laws of Ontario, Canada.