Privacy Policy

Effective Date: September 30, 2025

Please read this Privacy Policy carefully. It explains how 4infinity Hair Solutions LLC (“we,” “our,” “us”) collects, uses, discloses, and protects information when you use the “Software” or “Service”. This Policy describes data practices for users who upload a photograph of their hair only. It also explains your rights and how to contact us.

1. Scope and overview

  • Software allows Users to upload a photograph of hair for automated hair condition assessment and/or cosmetic recommendations.

  • Users are not required to provide personal identifiers (such as name, date of birth, age, email address, phone number, or address) when using the Software. The Service is designed to accept hair photographs only.

  • This Policy covers information we collect through the Software and any associated web pages, APIs, or customer support channels.

2. Information we collect

  • User Data (Photos). Photographs of hair that you upload to the Service. We intend these photos to be de‑identified; Users should not supply personal identifiers.

  • Technical Data. Device and usage information automatically collected when you use the Software (e.g., browser type, operating system, IP address, device identifiers, timestamps, server logs, and analytics).

  • Metadata. Uploaded image files may include embedded metadata (EXIF) such as camera information and geolocation. We may strip common metadata fields on upload.

  • Aggregated/Derived Data. Non‑identifiable summaries or analytics derived from User Data (e.g., usage metrics, anonymized model training data if applicable).

3. How we use information

We use information to:

  • Provide, operate, and maintain the Software and related features.

  • Process uploaded photos to generate assessments and cosmetic recommendations.

  • Improve, develop, and test the Software (including debugging, quality assurance, and model improvement using de‑identified/aggregated data, if permitted).

  • Provide customer support and respond to inquiries.

  • Detect, prevent, and address technical or security issues, fraud, and abuse.

  • Comply with legal obligations and respond to lawful requests.

4. Legal bases for processing (where applicable)

  • If and to the extent applicable law (e.g., GDPR) requires a legal basis for processing, our legal bases include consent (where provided), performance of our contract with you, compliance with legal obligations, and our legitimate interests in operating and improving the Service (balanced against user rights). Users in jurisdictions with specific rights should contact us at contact@4infinityhairsolutions.com to exercise those rights.

5. Disclosure and access (including software engineers)

  • Access by Personnel. Uploaded photographs and associated de‑identified data may be accessed, processed, stored, or reviewed by our employees, contractors, vendors, and software engineers for purposes such as development, debugging, maintenance, quality assurance, and technical support.

  • Subprocessors / Service Providers. We may share data with third‑party service providers (e.g., cloud hosting, analytics, email, security monitoring). We require subprocessors to maintain appropriate security and confidentiality protections.

  • Cross‑border Transfers. Data may be transferred to and processed in the United States or other countries. By using the Service you consent to such transfers; protections will vary by jurisdiction.

  • Legal Requests. We may disclose data to comply with legal obligations, court orders, or government requests, or to protect rights, safety, or property.

6. De‑identification and re‑identification risk

  • The Service is designed to operate on photos only, without Personal Identifiers. We treat uploaded photos as de‑identified/non‑personal data for operational purposes.

  • However, photos and embedded metadata can sometimes be used to identify an individual (for example, geolocation in EXIF data or distinctive background features). We will take commercially reasonable steps (such as stripping common EXIF fields) to reduce re‑identification risk, but we cannot guarantee elimination of all risk.

  • You should remove faces, other identifying features, and metadata before uploading if you wish to minimize any re‑identification risk.

7. Retention and deletion

  • Retention Period. We retain uploaded photographs and derived data as described on this page or in the Agreement; typically up to 12 months unless retained longer for legitimate business purposes (e.g., backups, fraud prevention, legal obligations) or to provide ongoing services.

  • Deletion Requests. You may request deletion of your uploaded photos by contacting contact@4infinityhairsolutions.com. We will verify requests as necessary and delete data from active systems within a commercially reasonable time. Deleted data may persist in backups for a limited period in accordance with our retention policies.

  • Account/Data Export. If an account-based export feature exists, follow the export instructions in the Software or contact support for assistance.

8. Security

  • We maintain commercially reasonable administrative, technical, and physical safeguards appropriate to the risk, which may include TLS for data in transit, encryption at rest (e.g., AES‑256), role‑based access controls, multi‑factor authentication for privileged accounts, logging and monitoring, vendor due diligence (e.g., SOC 2 hosting), and employee security training.

  • No system is completely secure. If a security incident affecting user data occurs, we will follow applicable law (including California breach notification requirements) and notify affected users and regulators as required.

9. Children’s privacy

  • Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us at contact@4infinityhairsolutions.com and we will take steps to delete such information.

10. Your rights (California residents and other jurisdictions)

  • California (CCPA/CPRA). If the CCPA/CPRA applies, California residents may have rights including: the right to know categories of information collected, the right to request access to and deletion of personal information, and the right to opt out of sale (if applicable). Because our Service is designed not to collect Personal Identifiers, many CCPA/CPRA rights may not be triggered; if they are, we will comply in accordance with law.

  • Other rights. Depending on your jurisdiction, you may have rights such as access, correction, deletion, restriction, portability, and objection. To exercise rights, contact contact@4infinityhairsolutions.com. We will verify requests as required and respond within applicable statutory timeframes.

  • Arbitration Opt‑Out / Dispute Rights. If applicable, you may also have rights under the Agreement (including an arbitration opt‑out procedure if you are a consumer). See the Agreement for details.

11. Subprocessors and vendor disclosure

  • We engage subprocessors (third‑party service providers) to perform functions such as hosting, analytics, email delivery, and security services. We require subprocessors to comply with contractual data protection and confidentiality obligations.

  • For confidentiality or competitive reasons we may not publicly disclose every vendor. A current list of major subprocessors can be provided upon legitimate request; contact contact@4infinityhairsolutions.com to request a list. We reserve the right to replace subprocessors with similarly qualified providers provided appropriate protections remain in place.

12. Business transfers

  • In the event of a merger, acquisition, bankruptcy, or sale of assets, user data (including uploaded photographs) may be transferred to the acquiring entity. We will require the acquirer to honor this Privacy Policy.

13. Changes to this Privacy Policy

  • We may update this Policy from time to time. For material changes we will provide notice at least 30 days before the change becomes effective (for example by posting a notice on the Software or emailing registered users). Continued use of the Service after the effective date of updated Policy constitutes acceptance.

  • The Effective Date above shows when the current Policy became effective.

14. Contact information

  • For privacy questions, deletion requests, arbitration opt‑out requests, or other inquiries contact:
    contact@4infinityhairsolutions.com
    1401 21st ST #12043, Sacramento, CA 95811

15. Additional notices (California)

  • If the CCPA/CPRA applies we will provide a “Shine the Light” or CCPA‑style privacy notice upon request describing categories of sources and recipients of personal information we collected in the prior 12 months. Contact contact@4infinityhairsolutions.com to submit a request.

  • California residents may designate an authorized agent to make requests on their behalf; we will verify authority before responding