Privacy Policy

Last updated: March 11, 2026

Bulpara Inc. ("we," "us," or "our") operates HairstyleAI (the "Service"), accessible at hairstyleai.io, via our mobile applications for Android and iOS, and through our progressive web app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using HairstyleAI, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Photos You Upload

When you use HairstyleAI to preview hairstyles, you upload a selfie or photo of yourself. Your uploaded photos and AI-generated result images are stored with your account so you can access your generation history at any time. All images are stored securely on our servers and are permanently deleted when you delete your account. You can delete your account at any time from your account settings.

1.2 Account Information

When you create an account using Google or Apple sign-in (OAuth), we receive and store your name and email address as provided by the authentication provider. We do not receive or store your password for these services. This information is used to identify your account, manage your subscription, and communicate with you about the Service.

1.3 Payment Information

Subscription payments are processed securely by Stripe. We do not directly collect, store, or have access to your full credit card number or payment credentials. Stripe may share limited information with us, such as the last four digits of your card, card brand, and billing address, to help us manage your subscription and prevent fraud. For mobile app purchases, payments are handled by Google Play or the Apple App Store, and their respective privacy policies apply.

1.4 Usage Data

We collect anonymous usage data to improve the Service. This includes the number of hairstyle generations you have used (tracked via localStorage in your browser), pages visited, and general interaction patterns. This data is not linked to your personal identity unless you are signed in to an account.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service, including generating AI hairstyle previews from your uploaded photos.
  • To manage your account, subscription, and billing.
  • To communicate with you about your account, including subscription confirmations, billing reminders, and support responses.
  • To enforce our free tier limits (5 free generations per account).
  • To improve and optimize the Service based on aggregated, anonymous usage patterns.
  • To detect, prevent, and address fraud, abuse, or technical issues.
  • To comply with legal obligations.

3. Third-Party Services

We share information with the following third-party service providers who assist us in operating the Service:

3.1 Replicate (AI Processing)

Your uploaded photos are sent to Replicate for AI-powered hairstyle generation. Replicate processes the images on our behalf and does not retain your photos after processing is complete. Replicate's privacy policy governs their handling of data during processing.

3.2 Stripe (Payments)

We use Stripe to process subscription payments on the web. Stripe collects and processes your payment information directly and is PCI-DSS compliant. We do not have access to your full payment card details. For more information, please review Stripe's Privacy Policy.

3.3 Google and Apple (Authentication)

We use Google Sign-In and Sign in with Apple for account authentication. When you sign in using these services, they share your name and email address with us in accordance with your permissions. We do not receive your passwords. These services' respective privacy policies govern their data practices.

3.4 Cloudflare R2 (Image Storage)

Your uploaded photos and generated hairstyle preview images are stored on Cloudflare R2, an S3-compatible object storage service. These images are accessible only via unique, unguessable URLs and are associated with your account. All images are permanently deleted when you delete your account.

4. Cookies and Local Storage

4.1 Authentication Cookie

When you sign in, we set an httpOnly, secure cookie containing your authentication token. This cookie is essential for maintaining your session and cannot be accessed by client-side scripts. It is automatically removed when you sign out.

4.2 Local Storage

We use your browser's localStorage to track anonymous generation counts (to enforce free tier limits before account creation) and to store your display preferences (such as dark mode settings). This data remains on your device and is not transmitted to our servers unless you create an account, at which point your generation count may be synced.

4.3 No Third-Party Tracking Cookies

We do not use third-party tracking cookies or advertising trackers on our web application. We do not sell your data to advertisers or data brokers.

5. Data Retention

We retain your data as follows:

  • Uploaded photos: Stored with your account for as long as your account is active. Permanently deleted when you delete your account.
  • Generated images: Stored with your account for as long as your account is active. Permanently deleted when you delete your account.
  • Account information: Deleted immediately upon account deletion.
  • Payment records: Retained as required by applicable tax and financial regulations.
  • Usage data: Aggregated, anonymized data may be retained indefinitely for analytics purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • All data transmitted between your device and our servers is encrypted using HTTPS (TLS).
  • Authentication tokens are stored in httpOnly, secure cookies to prevent cross-site scripting attacks.
  • API access is protected by constant-time key comparison and rate limiting.
  • Payment processing is handled by PCI-DSS compliant third parties (Stripe, Google Play, Apple App Store).

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These rights may include:

  • Right to access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Right to deletion: You can delete your account and all associated personal data — including all uploaded photos and generated images — immediately and permanently from your account settings. You can also contact us to request deletion.
  • Right to data portability: You can request an export of your personal data in a machine-readable format.
  • Right to object: You can object to the processing of your personal data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at support@hairstyleai.io. We will respond to your request within 30 days.

8. Children's Privacy

HairstyleAI is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@hairstyleai.io, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your data to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or an in-app notification. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bulpara Inc.

Email: support@hairstyleai.io

Website: hairstyleai.io

See also our Terms of Service for information about acceptable use, subscriptions, and limitations of liability.