Privacy Policy
*Last updated: 2026-01-27*
This Privacy Policy describes how **Musa Tasci** (“we”, “us”, “our”) collects, uses, and protects information when you use the **Shade** mobile application and related services (the **“Service”**).
If you do not agree, please do not use the Service.
---
## 1. Data Controller
**Controller:**
Musa Tasci
**Contact:**
[email protected]
---
## 2. Data We Collect
We collect information to provide and improve our AI-powered hair color transformation service:
### 2.1. Information You Provide
- **Photos:** When you use the hair color editor, you upload a portrait photo.
- **Feedback:** Any messages or feature requests you send us.
- **Account Data:** If you create an account, we store your email address and authentication details via Firebase.
### 2.2. Automatically Collected Information
- **Device Information:** Model, operating system, and unique device identifiers.
- **Usage Data:** Information about how you interact with the app (e.g., which features you use).
- **Subscription Data:** Purchase history and subscription status via RevenueCat.
### 2.3. AI Processing Data
- **Image Data:** Your photos are sent to our AI partners (Google Gemini and OpenAI) for the sole purpose of processing your requested transformation.
---
## 3. Purposes & Legal Bases (GDPR Art. 6)
We process personal data based on the following legal grounds:
| Purpose | Legal Basis |
| --- | --- |
| AI Image Transformation | Performance of a contract |
| Providing core app functionality | Performance of a contract |
| Subscription management | Performance of a contract |
| Analytics, diagnostics, security | Legitimate interest |
| Push notifications | Consent |
| Legal compliance | Legal obligation |
You may withdraw your consent at any time via your device settings.
---
## 4. Service Providers (Processors)
We use trusted processors that may process data on our behalf:
- **Google Firebase** (Authentication, Firestore Database, Cloud Functions, Storage)
- **Google Gemini** (AI Image Processing)
- **OpenAI** (AI Image & Text Processing)
- **RevenueCat / Superwall** (Subscription & Paywall Management)
- **Expo** (Push Notifications)
These providers are contractually bound to comply with GDPR and CCPA.
---
## 5. Photo Handling & Privacy
We prioritize your privacy, especially regarding your photos:
- **Immediate Deletion:** Original photos uploaded for hair color transformation are deleted from our servers immediately after the AI processing is complete.
- **Result Storage:** The generated result images are stored in your private Firebase Storage and are accessible only to you. They are deleted upon account deletion.
- **No Training:** We do not use your photos to train our AI models.
---
## 6. International Transfers
Data may be transferred to countries outside the EU, including the United States (where our AI partners and Firebase servers are located). Where required, we rely on **Standard Contractual Clauses (SCCs)** or equivalent safeguards to ensure your data remains protected.
---
## 7. Data Retention
- **Account Data:** Retained as long as your account is active.
- **Result Images:** Stored until you delete them or your account is closed.
- **Original Uploads:** Deleted immediately after processing.
- **Subscription Records:** Retained as required for financial and legal compliance.
---
## 8. Your Rights (GDPR)
If you are located in the EU/EEA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data (Right to be forgotten)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
You can exercise these rights by contacting us at **[email protected]**.
---
## 9. Your Rights (CCPA / CPRA – California)
California residents have the right to:
- Know what personal information is collected
- Request deletion of personal information
- Request correction of inaccurate data
- Opt-out of the sale or sharing of personal data
- Not be discriminated against for exercising these rights
> We do not sell or share personal information as defined by the CCPA.
Requests can be made via **[email protected]**.
---
## 10. Children’s Privacy
The Service is not intended for children under 13 years of age. If we identify that such data has been collected, it will be deleted promptly.
---
## 11. Security
We apply appropriate technical and organizational security measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.
---
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes become effective when published in the app.
---
## 13. Contact
For privacy-related questions or requests:
**[email protected]**