Privacy Policy
Last updated: May 26, 2026 • Effective: May 26, 2026
Introduction
At ScalpAnalysis AI ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered scalp analysis service ("Service"). Our primary market is the United States, but people from other countries may access and use the Service.
By using ScalpAnalysis AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the Service.
Information We Collect
Scalp Images
When you use the scanning feature, you upload four hair/scalp photos so we can create your report. These photos may reveal sensitive visual information about your appearance and scalp condition. They are stored in private Supabase scan storage and sent through our AI report processing flow only to generate your ScalpAnalysis AI report. Guest scan images are designed to be temporary and deleted within 24 hours. Registered users can save scans privately for progress tracking until they delete them or request account deletion.
Account Information
If you create an account with Google sign-in or email-based authentication, we collect your email address and basic authentication metadata needed to keep your account working. We do not require passwords, mailing addresses, or government IDs.
Device & Usage Data
We collect limited technical data such as browser type, device type, IP-derived region, page performance, security events, and error logs to keep the service reliable. Public marketing and legal pages may use aggregated analytics. Scan, result, dashboard, auth, and payment pages do not load behavior analytics.
Payment Information
If you choose a paid upgrade, payment is processed securely by PayPal. We never store your credit card details on our servers.
Zero Training Promise
We do not use your photos to train AI models.
Your scalp images are processed only to create your ScalpAnalysis AI report. We do not use them to train or fine-tune models, and our AI processing flow is configured for report generation rather than model training.
We also do not share scalp photos with advertising networks, payment processors, or public-page analytics tools.
How We Use Your Information
- •To provide AI-powered hairline, density, hair attribute, and scalp appearance signals
- •To save your scan history and track progress over time (registered users)
- •To send you important service updates and notifications
- •To improve our service quality, fix bugs, and develop new features
Third-Party Services
We use service providers to operate ScalpAnalysis AI. We share only the information needed for each provider to perform its function. Scalp photos are shared only with private scan storage and AI report processing systems, not with advertising networks, payment processors, email tools, or public-page analytics tools.
AI Report Processing
We send scalp photos and scan context through our configured AI API provider or API relay, currently using an OpenAI-compatible analysis endpoint, only to generate your report.
Supabase
Provides authentication, database records, and private scan image storage for saved baselines and account access controls.
PayPal
Handles subscriptions and one-time purchases when you choose to pay. It does not receive your scalp photos.
Vercel
Hosts the website, serves pages globally, and provides operational logs needed for reliability and security.
Resend / Email Support
Sends support and contact-form messages when you contact us. Email tools do not receive scalp photos.
Microsoft Clarity and Optional Plausible Analytics
Help us understand public marketing and legal page usage. Behavior analytics are not loaded on scan, result, dashboard, auth, or payment pages in the production default configuration.
Provider note: providers may process data in the United States or other countries where they or their subprocessors operate. We do not sell scalp photos or use them for third-party advertising.
International Processing
ScalpAnalysis AI is operated primarily for users in the United States. If you access the Service from another country, your information may be processed in the United States and in other countries where our service providers operate. Privacy laws in those countries may differ from the laws where you live.
We use cross-border processing to provide hosting, authentication, private storage, AI report generation, payment processing, support email, security, and reliability. Where required by applicable law, we rely on appropriate contractual and organizational safeguards with our service providers.
If you are located outside the United States and do not want your scalp photos or account data processed through these providers, please do not use the scan feature.
Data Retention
| User Type | Data | Retention |
|---|---|---|
| Guest User | Scalp Images | 24 hours |
| Guest User | Analysis Results | Local storage only |
| Registered User | Scalp Images | Until account deletion |
| Registered User | Scan History | Until account deletion |
| All Users | Public-page Analytics | Per provider settings; not tied to scans |
Your Rights
Depending on where you live, including California and other US states, the EU, UK, or similar jurisdictions, you may have privacy rights such as:
Right to Know
Request what personal data we hold about you
Right to Delete
Request deletion of your personal data
Right to Portability
Export your data in a portable format
Right to Non-Discrimination
No penalty for exercising your rights
To exercise these rights, email us at privacy@scalpanalysis.app. We will respond within 45 days where US privacy laws apply, or within the timeframe required by applicable law.
We do not sell scalp photos. We also do not use scalp photos for cross-context behavioral advertising. Public-page analytics are separate from scan data and are not loaded on scan, result, dashboard, auth, or payment pages.
Data Security
We use practical security controls to protect your data:
TLS Encryption
Data protected in transit
Private Scan Storage
Saved scans are access-controlled
Row Level Security
Database access control
Magic Link Auth
No passwords stored
No internet service can guarantee perfect security. If we learn of a security incident involving your personal information, we will evaluate our notification obligations under applicable law and contact affected users when required.
Children's Privacy
ScalpAnalysis AI is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@scalpanalysis.app.
Policy Changes
We may update this Privacy Policy periodically. Significant changes will be communicated via email (for registered users) or a prominent notice on our website. We encourage you to review this page regularly.
Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
Email: privacy@scalpanalysis.app
General Inquiries: Contact Form