Privacy Policy
Last updated: December 14, 2025 • Effective: December 14, 2025
Introduction
At ScalpSync ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered scalp analysis service ("Service").
By using ScalpSync, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the Service.
Information We Collect
Scalp Images
When you use our scanning feature, we temporarily process images of your scalp to provide analysis. For Guest Users, images are processed in real-time and deleted within 24 hours. For Registered Users, images are stored securely until you delete them.
Account Information
If you create an account via Magic Link, we collect only your email address for authentication. We do not require passwords or personal details like name or address.
Device & Usage Data
We collect anonymous, aggregated data including device type, browser type, feature usage patterns, and error logs to improve our service. This data cannot identify you personally.
Payment Information
If you subscribe to Premium, payment is processed securely by PayPal. We never store your credit card details on our servers.
🔒 Zero Training Promise
We never use your photos to train AI models. Period.
Your scalp images are processed by our AI (OpenAI GPT-4o Vision) for analysis purposes only. They are never used to train, fine-tune, or improve any machine learning models—ours or anyone else's.
We maintain a database field consent_to_train = FALSE by default for all users, and this setting cannot be changed.
How We Use Your Information
- •To provide AI-powered scalp condition analysis
- •To match products to your scalp condition and identify ingredient conflicts
- •To save your scan history and track progress over time (registered users)
- •To send you important service updates and notifications
- •To improve our service quality, fix bugs, and develop new features
Third-Party Services
We use the following third-party services to operate ScalpSync. Each has its own privacy policy governing their use of your data:
Data Retention
| User Type | Data | Retention |
|---|---|---|
| Guest User | Scalp Images | 24 hours |
| Guest User | Analysis Results | Local storage only |
| Registered User | Scalp Images | Until account deletion |
| Registered User | Scan History | Until account deletion |
| All Users | Anonymous Analytics | 90 days |
🇺🇸 Your Rights (CCPA & US Privacy Laws)
If you are a California resident or otherwise subject to US privacy laws, you have the following rights:
Right to Know
Request what personal data we hold about you
Right to Delete
Request deletion of your personal data
Right to Portability
Export your data in a portable format
Right to Non-Discrimination
No penalty for exercising your rights
To exercise these rights, email us at privacy@scalpsync.com. We will respond within 45 days.
Data Security
We implement industry-standard security measures to protect your data:
🔐 TLS 1.3 Encryption
All data in transit
🔒 AES-256 Encryption
All data at rest
🛡️ Row Level Security
Database access control
🔑 Magic Link Auth
No passwords stored
Children's Privacy
ScalpSync is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@scalpsync.com.
Policy Changes
We may update this Privacy Policy periodically. Significant changes will be communicated via email (for registered users) or a prominent notice on our website. We encourage you to review this page regularly.
Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
Email: privacy@scalpsync.com
General Inquiries: Contact Form