Last updated: 29 May 2026
This Privacy Policy explains how Hbrothers L.L.C., trading as Hbro Studio ("we," "us," "our"), collects, uses, shares, and protects personal data when you use the Haircut Simulator mobile application on iOS and Android (the "Service").
This policy is specific to Haircut Simulator. It does not cover any other application we publish.
Controller | Hbrothers L.L.C., trading as Hbro Studio (United States) |
What we collect | The photo you upload, facial-geometry measurements derived from that photo to analyse your face shape, the AI images generated for you, your subscription status, an email address if you sign in, device identifiers, and standard app usage data |
Why | To analyse your face shape, generate hairstyle / hair-colour / makeup previews, recommend styles, manage your subscription, prevent abuse, and improve the app |
Biometric data | Determining your face shape involves biometric data. We process it only with your explicit consent, use it solely to produce your result and recommendations, and delete the facial-geometry measurements once your result has been delivered. We never keep a facial template, never use it to identify you, and never sell it. |
Where data is stored | Google Cloud (US), Firebase (US), Replicate (US), OpenAI (US), RevenueCat (US), Apple, Google — see Section 7 |
Tracking & ads | We do not run advertising in the app, do not use the Meta SDK, and do not use any cross-app ad tracking. No advertising profiles are created. |
Your rights | Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority |
How to contact us |
Controller
Hbrothers L.L.C., trading as Hbro Studio 412 W 7th St, Clovis, NM 88101, United States Email: info.hbrothers.llc@gmail.com Website: https://rivia.studio
Hbrothers L.L.C. is the data controller for personal data processed in connection with Haircut Simulator.
EU Representative (Article 27 GDPR)
We have appointed the following representative in the European Union under Article 27 of the EU GDPR. EU-based users may contact this representative directly on all questions concerning the processing of their personal data:
Thibault Mundele Rua Pinto Ferreira 56, 1D 1300 Lisbon, Portugal Email: info.hbrothers.llc@gmail.com
UK Representative (Article 27 UK GDPR)
We are in the process of appointing a UK representative under Article 27 of the UK GDPR. In the interim, UK-based users may contact us at info.hbrothers.llc@gmail.com for all questions concerning the processing of their personal data. This section will be updated once the UK representative is in place.
Privacy contact
For any privacy-related question or to exercise the rights described in Section 11, contact us at: info.hbrothers.llc@gmail.com
We do not have a formal Data Protection Officer. The address above is our designated privacy point of contact.
This policy applies only to the Haircut Simulator iOS and Android applications and the services provided through them. It does not cover other apps we publish, or third-party websites or services that Haircut Simulator may link to.
Haircut Simulator can be used in two modes:
You can move between modes by signing in or signing out at any time. Data deletion is available in both modes (see Section 13).
We do not collect advertising identifiers and we do not create profiles for advertising.
This section is important because Haircut Simulator analyses your face.
To recommend hairstyles and styles that suit you, the app analyses the photo you provide to determine your face shape. This analysis derives facial-geometry measurements (for example, the proportions and contours of your face). Under several laws — including the EU/UK GDPR (Article 9), the Illinois Biometric Information Privacy Act (BIPA), and similar US state laws — these measurements are biometric data.
We want to be clear about exactly what we do and do not do:
You may withdraw your consent to face analysis at any time in the app's settings. Withdrawal stops future face analysis; it does not affect processing already carried out.
Apart from the face-shape analysis described in Section 5.3, we do not collect special-category data such as health, political, religious, or sexual-orientation data.
Purpose | Categories of data | Legal basis (EU/UK GDPR) |
To analyse your face shape and recommend styles | Photo, facial-geometry measurements (biometric) | Article 9(2)(a) — your explicit consent (with Article 6(1)(a) for the underlying processing) |
To generate hairstyle / colour / makeup previews from your photo | Photo, anonymous user ID, device data | Article 6(1)(b) — performance of contract |
To manage your subscription and process renewals | Email (if signed in), subscription status, device ID | Article 6(1)(b) — performance of contract |
To enforce free-tier limits and prevent abuse | Anonymous user ID, device data, usage data | Article 6(1)(f) — legitimate interest in protecting the Service |
To diagnose crashes and operate the app reliably | Device data, crash logs, anonymous user ID | Article 6(1)(f) — legitimate interest in technical operation |
To send you transactional notifications (your result is ready, your subscription has renewed) | Email or anonymous user ID, device push token | Article 6(1)(b) — performance of contract |
To comply with legal obligations (tax, regulatory, fraud) | Subscription and payment records | Article 6(1)(c) — legal obligation |
You have the right to withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before withdrawal. You can withdraw consent to face analysis and turn off notifications in the app settings.
To run Haircut Simulator we use the following sub-processors. Each one processes personal data on our instructions under a written agreement.
Sub-processor | Purpose | Country | Categories of data |
Google LLC (Google Cloud Platform / Vertex AI) | App backend, AI generation of hairstyle, hair-colour and makeup images | United States | Photos, anonymous user ID, device data, processed images |
Google LLC (Google AI Studio / Gemini API) | Fallback AI image generation when Vertex AI is temporarily unavailable | United States | Your photo, prompt, style references |
Google LLC (Firebase: Auth, Firestore, Storage, App Check, Cloud Messaging, Crashlytics) | Authentication, database, file storage, push delivery, crash reports | United States | Email (if signed in), anonymous user ID, photos, subscription data, device data, crash logs |
Replicate, Inc. — and the AI model providers it routes to, including Black Forest Labs (Germany) and, for the video feature, Kuaishou Technology / "Kling" (China) | AI generation of hairstyle, makeup, hair-colour and video outputs | United States; underlying models hosted in Germany and China | Your photo, style references, generation parameters |
OpenAI, L.L.C. | Hairstyle suggestions based on face-shape analysis | United States | Anonymous numeric facial-geometry measurements / style parameters (no photo) |
RevenueCat, Inc. | Subscription management and paywall delivery | United States | Anonymous user ID, subscription events, device data |
Apple, Inc. | App Store distribution, App Store payments, push delivery (APNs) | United States / Ireland | Payment data, App Store account data, push tokens |
Google LLC (Google Play) | Play Store distribution, Play payments, push delivery (FCM) | United States | Payment data, Play account data, push tokens |
We do not sell your personal data. We do not share your photos or face data with third parties for advertising or AI-model-training purposes.
Haircut Simulator does not use website cookies. It uses third-party software development kits (SDKs) that we classify as strictly necessary to operate the Service:
We do not use any advertising or cross-app tracking SDKs (no Meta SDK, no ad networks). Because we do not run non-essential tracking, we do not display an ePrivacy/cookie-style tracking consent banner.
This is separate from the biometric consent described in Section 5.3, which we always request before analysing your face — regardless of where you live.
Haircut Simulator does not currently send marketing or promotional push notifications.
We are based in the United States, and most of our sub-processors are also based in the United States. When personal data of EU or UK users is transferred outside the European Economic Area or the United Kingdom, we rely on appropriate safeguards under Chapter V of the EU GDPR / UK GDPR, including:
You may request more information about the safeguards in place for a specific transfer by contacting us at info.hbrothers.llc@gmail.com.
Category | Retention |
Facial-geometry measurements (biometric) | Not retained. Used transiently to produce your face-shape result and recommendations, then deleted once the result is delivered. No facial template, faceprint, or embedding is kept. |
Uploaded photos and generated images | Kept until you delete them from your history, or until you delete your data, whichever comes first. No automatic time-based expiry. |
Anonymous user ID and usage data (free-tier counters) | While your installation remains active. Reset on uninstall. |
Hashed device identifier + free-tier usage flag (post-deletion fraud prevention) | Retained after deletion as long as the device install persists. Reset when you uninstall the app. |
Email and account data (signed-in users) | Until you delete your account, then promptly removed (see Section 13). |
Subscription and payment records | 7 years after the last transaction, to comply with US and EU tax / accounting obligations. |
Crash logs and diagnostic data | 90 days, then deleted or aggregated. |
Biometric consent records (proof of consent) | Kept as evidence of consent for as long as required by applicable biometric law, then deleted. |
Support correspondence | 2 years after the last reply. |
When the retention period ends, we either delete the data or anonymise it so it can no longer be linked to you.
Under the EU GDPR and the UK GDPR you have the following rights:
To exercise any of these rights, write to info.hbrothers.llc@gmail.com. We will respond within one month, as required by Article 12(3) GDPR. We may ask you to confirm your identity before we act on a request.
If you are in Illinois, Texas, Washington, or another US state with a biometric privacy law, the following applies in addition to Section 19:
You can permanently delete your data from inside the app, under Settings → Delete my account. This option is available whether you are signed in or using the app anonymously — you do not need to be signed in to use it.
Deletion is irreversible and removes:
(Your facial-geometry measurements are not retained — they are deleted as soon as your result is generated — so there is nothing further to remove there; see Section 10.)
Deletion completes within 30 days.
For abuse-prevention purposes only, we retain a minimal device-level record after deletion: a hashed device identifier (a hashed form of Apple's Identifier For Vendor, the Android / Firebase Installations ID, or equivalent) together with a flag indicating whether that device has already used its free-tier quota. This record contains no identifying content, is not used to re-create any account, and exists solely to prevent users from indefinitely resetting the free tier through repeated deletions. This minimal retention is based on our legitimate interest under Article 6(1)(f) GDPR in preventing service abuse, and falls within the exceptions to the right of erasure under Article 17(3) GDPR. The record is reset if you fully uninstall the app.
Please note that deleting your data does not cancel your App Store or Google Play subscription. To cancel, go to iOS Settings → Apple ID → Subscriptions or Google Play → Payments & subscriptions → Subscriptions.
If you cannot access the in-app option, you can also email us at info.hbrothers.llc@gmail.com and we will process the deletion on your behalf.
Haircut Simulator is not directed at children. We do not knowingly process personal data — or any biometric data — of children under 16 (or the equivalent minimum age for digital consent in your country). If you are a parent or guardian and believe your child has used the app, contact us at info.hbrothers.llc@gmail.com and we will delete the data.
Haircut Simulator uses generative AI models to produce hairstyle, hair-colour, and makeup previews from the photo you provide. The output is generated automatically based on your input and the model's parameters. We do not use your photos, your face data, or your generated images to train AI models.
Images generated by the app are identifiable as AI-generated: each generated image carries a marker indicating it was produced by AI, and exported or shared images include a visible "Generated with AI" indication.
Haircut Simulator offers a free tier (a limited number of generations) and paid subscriptions. Subscriptions are sold through the Apple App Store and Google Play. Payments, billing, renewal, and refund requests are handled by Apple or Google under your account terms. Apple refund requests go to https://reportaproblem.apple.com; Google Play refund requests go through the Play Store. We have no ability to issue store refunds directly.
EU and UK consumers should note that, under Article 16(m) of the EU Consumer Rights Directive (Directive 2011/83/EU) and equivalent UK law, the right of withdrawal from a digital content contract is lost once supply of the digital content has begun with your express prior consent. By starting to use the app's paid features after subscribing, you provide that consent.
Haircut Simulator only sends transactional push notifications — for example, "your result is ready" or "your subscription will renew tomorrow." These are sent on the basis of our contract with you (Article 6(1)(b) GDPR) to users who have granted notification permission. We do not currently send marketing or promotional push notifications.
You can turn off notifications at any time in iOS or Android settings.
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2+) and at rest, access controls, App Check protection against unauthorised clients, and logging. No system is perfectly secure, and we cannot guarantee absolute protection. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform you directly, in accordance with Articles 33 and 34 GDPR.
If you are a California resident, you have the right to:
We do not "sell" personal information, and we do not "share" personal information for cross-context behavioural advertising. We treat facial-geometry measurements as sensitive personal information and use them only to deliver the service you requested. To exercise your CCPA rights, email info.hbrothers.llc@gmail.com.
We retain personal information for the periods described in Section 10. We do not knowingly collect personal information of consumers under 16 without consent.
If you are located outside the EU, the UK, or California, applicable local privacy laws may grant you similar rights (for example, Canada's PIPEDA, Brazil's LGPD, Australia's Privacy Act). You can exercise any such rights by writing to info.hbrothers.llc@gmail.com.
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. If we make material changes, we will inform you through the app or by email before they take effect, where required by law.
Hbrothers L.L.C., trading as Hbro Studio Email: info.hbrothers.llc@gmail.com Website: https://rivia.studio
EU Representative (Article 27 EU GDPR): Thibault Mundele, Rua Pinto Ferreira 56, 1D, 1300 Lisbon, Portugal — info.hbrothers.llc@gmail.com UK Representative (Article 27 UK GDPR): appointment pending — contact info.hbrothers.llc@gmail.com in the meantime.
