Legal

Privacy Policy

This is HairStylistAI's privacy policy. Read it before you upload a selfie. It tells you exactly what we collect, where it goes, who else processes it, and how to delete it. Face photos are biometric data, and you should know what happens to yours before you hand it over.

Preliminary — pending qualified legal review.

This page reflects the current operational reality of HairStylistAI. A formal legal review is in progress; the substance will not be relaxed, only clarified. If anything below conflicts with what the product actually does, the product is wrong and we will fix it.

1. Who we are

HairStylistAI is a product of Corporate AI Solutions, operated from Australia. Contact: dennis@corporateaisolutions.com. A named Privacy Officer will be published on this page following formal legal review.

2. What we collect

The complete list of personal information we handle today:

  • Your selfie. The image you upload to preview a hairstyle. On the free trial, the selfie is processed in-memory only and discarded after the preview is generated. On signed-in accounts, the selfie is stored privately against your account so you can re-use it for further previews.
  • Generated previews. The AI-edited images we return to you. These belong to you (see Terms).
  • Account data. Your email address and, if you sign in with Google, your Google account identifier. We use magic-link authentication, so we do not store passwords.
  • Share links. If you generate a share link for your stylist, we store the link identifier and an expiry timestamp.
  • Operational logs. Error logs, request timings, and authentication events. We do not log selfie image bytes, previews, or share-link targets to logs.

3. Where it is stored (data residency)

Account data, saved selfies, generated previews, and share-link metadata are stored in Supabase (PostgreSQL plus Storage). Our Supabase project is currently hosted in AWS ap-southeast-2 (Sydney). If we ever move primary residency outside Australia, we will update this page and notify account holders before the move.

The web application is hosted on Vercel, which serves pages from edge locations globally; only ephemeral request data passes through those edges.

4. Third-party processors

HairStylistAI uses the following processors today. Each is named so you can read their policies:

  • OpenAI — generates the hairstyle preview by editing your selfie (gpt-image-1 image-edit API). Your selfie is sent to OpenAI to produce the edit. OpenAI does not train on API data by default.
  • Supabase — database, authentication, and file storage (Sydney region).
  • Vercel — hosting and edge delivery.
  • Google Sign-In— only if you choose “Continue with Google” at signup.

We do not currently use Replicate, ElevenLabs, or third-party analytics. If we add any new processor that touches your selfie, previews, or account data, this list will be updated before that processor goes live.

5. AI training posture (this is the important one)

We do not allow your selfie, your previews, or your account data to be used to train any third-party AI model. OpenAI is used through the paid API under terms that exclude training on customer data. If OpenAI changes those terms, we will either swap providers or notify account holders and pause new uploads until we have done so.

6. Biometric data — what we don't do

A photo of your face is biometric data. We treat it as such even on the anonymous free trial. Specifically:

  • We do not run face recognition, age estimation, gender inference, or any identity-matching pipeline against your selfie.
  • We do not sell, license, share, or expose your selfie or your previews to advertisers, data brokers, or marketing platforms.
  • We do not retain anonymous-trial selfies after the preview is returned. Signed-in users can delete any saved selfie or preview at any time from their account.

7. Retention

  • Free trial (no account): selfies are processed in-memory and discarded immediately after the preview is generated. Previews live for the duration of your browser session.
  • Account holders: saved selfies and previews persist for as long as your account is active. You can delete any item or the entire account at any time.
  • Share links: default expiry is 30 days, after which the link no longer resolves.
  • Account deletion request: on request, we delete account, saved selfies, and previews within 30 days. Operational and audit logs may be retained for legal and security obligations only.
  • Backups: automated database backups may retain deleted records for up to 30 days before they roll off.

8. Your rights

Under the Australian Privacy Act and equivalent rights in other jurisdictions, you can ask us to:

  • Tell you what personal information we hold about you.
  • Correct any inaccurate information.
  • Delete your account, your selfies, and your previews.
  • Receive a portable copy of any previews you have generated.

Email dennis@corporateaisolutions.com to exercise any of these rights. We will respond within 30 days.

9. Children

HairStylistAI is intended for adults aged 18 and over. We do not knowingly accept selfies, previews, or accounts from children. If you believe a child has uploaded a selfie, contact us at the email above and we will delete the data on receipt.

10. Security

Database tables enforce row-level security so that one account cannot read another account's selfies, previews, or share links. Files in Supabase Storage are private by default. We never expose service-role credentials to the browser, and all selfie-handling routes run server-side only.

11. Complaints

If you are unhappy with how we have handled your data, contact us first at dennis@corporateaisolutions.com. If we cannot resolve it, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes

We will note the version and date at the top of this section on every change. Material changes will be notified by email to account holders before they take effect.

Version 0.1 — 21 May 2026. Preliminary. Pending qualified legal review.

← Back to homeRead the Terms →