Legal

Privacy Policy

Last Updated: December 10, 2025

1. Introduction

HairSimulate.com ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller: HairSimulate, located in Turkey.

For EEA Users: This Privacy Policy complies with the General Data Protection Regulation (GDPR). For Turkish users, we comply with the Law on Protection of Personal Data (KVKK).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Email address (required)
  • Name (optional)
  • Password (encrypted, never stored in plain text)
  • Phone number (optional, for verification)
  • Profile picture (if using social login)

User Content:

  • Photos you upload for simulation
  • Hairline design preferences
  • Simulation parameters (density, style, color preferences)

Payment Information:

  • Processed securely through third-party payment processors (we do not store full payment card details)
  • Billing address (if applicable)

2.2 Information Collected Automatically

Technical Information:

  • IP address (encrypted for GDPR compliance)
  • Device type (mobile, desktop, tablet)
  • Browser type and version
  • Operating system
  • Screen resolution, browser language, timezone

Usage Information:

  • Pages visited and time spent
  • Clicks and interactions
  • Session duration
  • Referrer URL and UTM parameters

Location Information:

  • Country, city (derived from IP address)
  • Approximate coordinates (latitude/longitude, derived from IP)

2.3 Information from Third Parties

We may receive information from social login providers (Google, Facebook, Instagram), payment processors, and AI service providers as described in Section 4.

3. How We Use Your Information

3.1 AI Processing and Service Delivery

  • Generate Simulations: Process your photos using AI technology to generate hair transplant simulations
  • Store Results: Securely store your original photos and simulation results for your access
  • Service Maintenance: Provide and maintain our simulation service
  • Account Management: Authenticate your account and manage sessions

3.2 Service Improvement

  • AI Algorithm Enhancement: Analyze simulation results to improve AI model accuracy (using anonymized data)
  • Quality Assurance: Review simulation results to ensure accuracy
  • Usage Analysis: Analyze usage patterns (anonymized) to enhance user experience
  • Feature Development: Develop new features and improve the user experience

3.3 Communication

  • Send account-related notifications (verification emails, password resets)
  • Respond to your inquiries and provide customer support
  • Send service updates and important notices
  • With your consent, send promotional materials (you may opt out at any time)

3.4 Marketing and Promotional Use (With Consent Only)

Important

We do NOT use your identifiable images for marketing without your explicit, separate consent.

If you grant us permission:

  • Images will be anonymized (faces blurred or obscured)
  • Used only for promotional materials
  • Consent is completely optional and separate from using the Service
  • You can revoke consent at any time

3.6 AI Model Training

Important

We do NOT use your identifiable images for training AI models without your explicit consent. We use third-party AI models that are pre-trained. We do not provide user images to third parties for AI training purposes.

If we develop our own AI models in the future and wish to use your images for training, we will request your separate, explicit consent.

3.7 Security and Fraud Prevention

  • Verify your identity (phone verification)
  • Detect and prevent fraud, abuse, or illegal activity
  • Enforce our Terms of Service
  • Protect the security and integrity of the Service

3.8 Legal Compliance

We use your information to:

  • Comply with applicable laws and regulations
  • Respond to legal requests or court orders
  • Protect our rights and the rights of our users

Legal Basis for Processing (GDPR):

  • Contract: To provide the Service you requested
  • Consent: For optional features (analytics, marketing, AI training)
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws

4. How We Share Your Information

We do NOT sell your personal information.

We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

  • Cloud Infrastructure & Database Providers: Store your account data, photos, and simulations
  • Hosting & Application Services: Host our application and process requests
  • Communication Services: Send SMS verification codes and notifications
  • Payment Processing Services: Process payment transactions securely
  • AI Processing Services: Generate hair transplant simulations using AI technology
  • Social Authentication Providers: Provide social login authentication

All service providers are contractually obligated to use your information only to provide services to us, implement appropriate security measures, and comply with applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to comply with legal obligations, protect our rights, or investigate fraud or security issues.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including:

  • United States: Where many of our service providers are located
  • Turkey: Where our primary operations are located

Safeguards for International Transfers:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with service providers
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions
  • Consent: For transfers to countries without adequacy decisions, we obtain your explicit consent
  • Technical Safeguards: Encryption, access controls, and security measures protect your data

6. Cookies and Tracking Technologies

Essential Cookies:

  • Authentication cookies (required for logged-in users)
  • Session management cookies
  • Security cookies

Analytics Cookies (with consent):

  • Visitor tracking cookies (30-day expiration)
  • Usage analytics cookies
  • Performance monitoring cookies

We use a cookie consent banner that allows you to accept or decline non-essential cookies. You can manage cookies through our cookie consent banner or your browser settings.

7. Data Retention

7.1 Image Retention Periods

  • Anonymous Users: Images retained indefinitely for service improvement and analytics. You can request deletion at any time.
  • Authenticated Users: Images retained for the duration of your account (or until you request deletion)
  • Account Deletion: Deleted within 30 days of account closure or upon your request
  • Service Improvement: Images and data may be retained indefinitely for service improvement, analytics, and algorithm development
  • Marketing Materials: With consent, anonymized versions may be retained indefinitely until consent revoked

7.2 Personal Data Retention

  • User Account Data: Retained while your account is active, deleted within 30 days of account deletion. Email addresses and phone numbers are retained for account management and service delivery.
  • Communication Records: Retained for up to 3 years for customer support
  • Usage Analytics: Retained indefinitely for service improvement and analytics (both anonymous and authenticated users)
  • Visitor Tracking Data: Retained indefinitely for service improvement, analytics, and user experience enhancement. You can request deletion at any time.
  • Payment Data: Transaction records retained for 7 years (legal requirement)

7.3 Your Control Over Data Retention

You can request deletion of your images and data at any time by contacting us. We will process your deletion request within 30 days, except where we are legally required to retain certain information.

8. Data Security

Technical Safeguards:

  • Encryption: TLS/SSL encryption for data in transit
  • At-Rest Encryption: Database encryption for stored data
  • IP Encryption: IP addresses are encrypted before storage
  • Access Controls: Role-based access controls limit who can access data
  • Secure Authentication: Passwords are hashed using bcrypt
  • Regular Security Audits: We conduct regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights (GDPR/KVKK Compliance)

Depending on your location, you may have the following rights regarding your personal information:

  • Right of Access: Request confirmation and a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a copy of your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@hairsimulate.com

Subject Line: "Privacy Rights Request" or specify the right you wish to exercise

Response Time: We will acknowledge your request within 5 business days and respond within 30 days (or as required by applicable law).

No Fees: Exercising your privacy rights is free of charge.

10. Face Data and Biometric Information

Due to the nature of our Service, the photos you upload and the AI-generated simulations may include your face. We do not use your face data to identify you personally, and we do not sell or share any identifying information about you.

Your photos (which may include your face) are processed by third-party AI service providers solely for simulation generation. Face data is not shared with third parties who intend to use it for identification purposes.

With your explicit consent, anonymized/blurred versions of your images may be used for marketing purposes. You can revoke marketing consent at any time.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@hairsimulate.com. If we become aware that we have collected personal information from a child under 18, we will delete such information promptly.

12. Image Processing and Storage Details

When you upload photos for hair transplant simulation:

  • Your images are securely uploaded to our servers
  • We validate image quality and format
  • Original images are stored in encrypted cloud storage
  • Images are sent to third-party AI service providers for simulation generation
  • Both original and processed simulation images are stored securely
  • You can access your results through your account or session

All images are encrypted in transit (TLS/SSL) and at rest. Images are stored in encrypted cloud storage infrastructure with redundancy and backups. All storage locations comply with applicable data protection laws.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about what personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@hairsimulate.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification to your registered email address (for material changes)
  • Displaying a notice on the Service

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: