Privacy Policy

Last updated: May 30, 2025

This privacy policy applies to the HairSwap application (hereby referred to as "Application" or "Service") for web and potentially mobile devices, created and operated by Bitpepper B.V. (hereby referred to as "Service Provider", "we", "us", or "our") as an Ad Supported service. This service is intended for use "AS IS". Our registered address is Meer en Duin 24A, 2163HA, The Netherlands.

Key Privacy Points:

We only use your uploaded photos to generate hairstyle previews.
Photos are processed on secure servers and deleted within 48 hours maximum.
We use Hetzner (hosting) and Google Gemini (AI processing).
Ads are served via Google AdSense/AdMob, which may collect device and usage data.
We collect minimal usage data to improve the service.
Face data is not shared with third parties for independent use.

Face Data Collection and Processing

What Face Data We Collect

The HairSwap app collects photographic images (selfies) uploaded by you. These images necessarily contain your face, which includes visual information such as facial features, contours, and skin tone. We do not collect or process:

Depth data
3D facial geometry
Biometric identifiers beyond what is visually present in the standard 2D photograph you provide

How We Use Your Face Data

The collected face data (your uploaded selfie) is used exclusively for the core functionality of the HairSwap app:

The uploaded image containing your face is sent to our secure server
Our AI model processes this image to identify your facial region and current hairstyle
The AI then digitally renders your chosen new hairstyle onto your face in the uploaded image
The resulting modified image, showing you with the new hairstyle, is returned to you within the app

The face data is not used for any other purpose, such as user identification, advertising, analytics (other than aggregated, anonymized usage statistics of the feature itself), or for building user profiles unrelated to the hairstyle swapping feature.

Face Data Sharing and Storage

No, the face data (user-uploaded images) will not be shared with or sold to any third parties for their independent use, marketing, or advertising purposes.

The user-uploaded images containing face data are temporarily stored on our secure, company-controlled servers. These servers are used for the AI processing required to perform the hairstyle swap. Access to this data is strictly limited to the automated processes required for the app's functionality and necessary technical maintenance by authorized personnel.

Face Data Retention

User-uploaded images containing face data are retained on our servers for a maximum of 48 hours. After this period, the data is automatically and permanently deleted from our systems. This limited retention period is in place to allow users sufficient time to view and save their generated hairstyle results and to manage transient processing requirements. We do not retain face data longer than necessary to provide the core service.

1. Information Collection and Use

The Application collects information when you use it. This information may include:

1.1 Information You Provide

Photographs: Images (selfies) you upload for processing, which necessarily contain your face including visual information such as facial features, contours, and skin tone. We only process specific photos you choose. We do not access your entire photo library (unless you grant permission for selection). We attempt to remove metadata (like geotags). We do not collect or process depth data, 3D facial geometry, or biometric identifiers beyond what is visually present in the standard 2D photograph you provide.
Preferences: Style choices or other inputs for hairstyle generation.
Communication Data: Information provided when you contact us (e.g., email address, name, message content).

1.2 Information Collected Automatically

Usage Data: Pages visited, time and date of visits, time spent on pages/Application, features used, interactions.
Device Data: Your device's IP address, operating system, browser type, device model, screen resolution, approximate location derived from IP (we do not gather precise GPS location without permission).
Cookies and Similar Technologies: We use these for functionality and analytics. See Section 5.

We may use the information collected (excluding raw photographs beyond providing the service) to contact you occasionally with important information, required notices, and potentially marketing promotions (you can opt-out).

2. How We Use Your Information

Providing the Service: Operating, maintaining, and delivering the hairstyle transformation features using your uploaded photos and preferences.
Improving the Service: Analyzing usage data (aggregated/anonymized) to understand user behavior, identify trends, troubleshoot, and enhance the Application's performance and features. This includes using anonymized/aggregated data potentially derived from photos to train our AI (Google Gemini) models.
Communication: Responding to inquiries, providing support, sending service updates or required notices.
Security & Compliance: Protecting our rights and the safety of users, investigating fraud, responding to legal requests, and enforcing terms.
Personalization (Optional): Using location data (approximate, from IP) or preferences for personalized content or recommendations, if applicable.
Advertising: Serving personalized and non-personalized ads via Google AdSense and Google AdMob, which may collect device identifiers, location, and usage data to provide and improve ad targeting. See Section 4 for more details.

We reiterate: Your original uploaded photographs are used solely for generating the requested hairstyle previews for you.

3. Image Processing, Storage, and Retention

When you upload an image:

It's sent to our secure cloud infrastructure (hosted by Hetzner) and processed by our AI partner (Google Gemini) to create transformations.
Images containing face data are temporarily stored during processing and are automatically and permanently deleted from our systems within a maximum of 48 hours. This limited retention period allows users sufficient time to view and save their generated hairstyle results and manages transient processing requirements.
We implement security measures during transfer and processing.
Face data (user-uploaded images) is not shared with or sold to any third parties for their independent use, marketing, or advertising purposes.
Anonymized or aggregated data derived from images (not identifiable) may be retained for model improvement.
Other user-provided data (like communication or account info) is retained as long as you use the Application and for a reasonable time thereafter, or as required by law.

If you'd like us to delete User Provided Data, please contact us at [email protected], and we will respond within a reasonable time.

4. Third-Party Access and Data Sharing

We do not sell your personal information. Face data (user-uploaded images) is not shared with or sold to any third parties for their independent use, marketing, or advertising purposes. Only aggregated, anonymized data is periodically transmitted to external services (like analytics) to help us improve the Application.

We may share your information with third parties only in these ways:

Service Providers: With trusted partners who work on our behalf and under our instructions (like Hetzner for hosting, Google Gemini for AI processing, PostHog for analytics, potentially other analytics providers, email services). They do not have independent use rights and agree to adhere to privacy rules. Access to face data is strictly limited to the automated processes required for the app's functionality and necessary technical maintenance by authorized personnel.
Advertising Partners: We use Google AdSense and Google AdMob to serve ads. These partners may collect and use device identifiers, cookies, location, and usage data to provide, personalize, and measure ads. For more information, see their privacy policies:
Required by Law: To comply with subpoenas, legal processes, or government requests.
Safety and Rights Protection: When we believe in good faith it's necessary to protect our rights, your safety or others', investigate fraud.
Business Transfers: In case of merger, acquisition, or asset sale, information may be transferred under the terms of this policy.
Third-Party Services Integrated: The Application may utilize third-party services (e.g., authentication, ads, analytics) with their own privacy policies. Please review their policies:

5. Cookies and Tracking Technologies

We use cookies and similar technologies (like pixels or local storage) to:

Ensure the Service functions correctly.
Remember your settings and preferences.
Collect usage data for analytics.
Improve user experience.

You can control cookies via your browser settings, but disabling them may affect functionality.

6. Data Security

We are concerned about safeguarding your information and provide physical, electronic, and procedural safeguards to protect the information we process and maintain. Access is limited to authorized personnel and service providers who need it to operate, develop, or improve our Service. However, no system is 100% secure.

7. Your Rights and Choices

Depending on your location (especially GDPR/EU residents), you have rights:

Access, Correction, Deletion: Request access to, correction of, or deletion of your personal data.
Objection/Restriction: Object to or request restriction of processing.
Data Portability: Request data in a machine-readable format.
Withdraw Consent: Withdraw consent where applicable.
Opt-Out of Marketing: Unsubscribe from marketing communications.
Uninstall: You can stop all information collection by uninstalling the Application (if applicable).

Contact us at [email protected] to exercise these rights. We will respond within a reasonable time, potentially requiring identity verification.

8. Children's Privacy

We do not knowingly solicit data from or market to children under 18. The Service is not intended for children under this age. If we discover a child under 18 has provided personal information, we will promptly delete it. If you are a parent/guardian aware your child provided info, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your own (e.g., Germany for Hetzner, potentially US for Google Gemini). We ensure transfers comply with applicable law (e.g., using Standard Contractual Clauses where needed) to provide adequate protection.

10. Changes to This Privacy Policy

This Privacy Policy may be updated. We will notify you of changes by posting the new policy here and updating the "Last updated" date. Continued use after changes constitutes acceptance.

11. Your Consent

By using the Application/Service, you consent to our processing of your information as set forth in this Privacy Policy now and as amended by us.

12. Contact Us

If you have questions regarding privacy, please contact us:

Email: [email protected]

Postal Mail:
Bitpepper B.V.
Attn: Privacy
Meer en Duin 24A
2163HA Lisse
The Netherlands