HairLookbook Privacy Policy

Last updated: May 18, 2026

HairLookbook lets you preview hair colors and styles from a photo without creating an account. This page is the authoritative source on what HairLookbook collects, who it shares data with, and how long that data is kept.

What HairLookbook collects

Two categories of data are involved in a preview request:

• The photo you choose (either captured in-app via the camera or picked from your photo library). The photo is the input the AI needs to render hair on. The image typically contains your face and head; this counts as a biometric depiction, which HairLookbook treats as sensitive data.
• The look you selected (a hair color, hair style, or stylist preset identifier) and the minimum technical request metadata needed to process the call (a request id, install-scoped anonymous user id, and IP-derived rate-limit signals).

HairLookbook never asks for your name, email address, phone number, or any social-account identifier. There is no account, login, or profile.

Face data: how it is used

HairLookbook does not build, store, or share a face print, face template, FaceID-style embedding, or any other facial biometric identifier. The app does not run on-device face detection for identity, lookup, search, or comparison. The photo you submit is treated as ordinary image content that happens to include a face. The AI replaces the hair pixels and returns the modified image. The photo is not used to identify, authenticate, profile, advertise to, or recognize you across sessions.

Each preview is generated in a single round trip: the photo arrives, the AI returns a new image, and the original photo expires from server storage. The photo is not used to train any model.

Who the data is sent to

HairLookbook's backend runs on Cloudflare Workers (operated by Cloudflare, Inc.) at hairlookbook-api.barbaros-selim-buyukelci.workers.dev. The Worker is the only endpoint the app talks to. The Worker then forwards the photo and the selected look to a third-party AI image generation provider that produces the modified preview image and returns it to the Worker, which relays the result to the app.

These providers are contractually committed to handle this data only to deliver the requested service. We do not sell, rent, or share the photo with advertisers, data brokers, analytics resellers, or any other third party.

Retention

Uploaded photos and generated previews are written to a short-lived object store on the Worker side. Uploads expire automatically within 1 hour of the request (controlled by UPLOAD_TTL_SECONDS); generated previews expire within 24 hours (controlled by RESULT_TTL_SECONDS). After expiry, the bytes are deleted from the object store. The preview URL becomes unreachable at that point; the app saves the rendered look to the on-device History tab so the user retains a local copy.

Anonymous install identifiers and purchase entitlement records are retained for as long as the install persists or until you erase local data from the Profile → Privacy & data screen.

Consent

The first time you tap Generate, HairLookbook shows a clearly labelled in-app consent screen that explains the photo is sent to our Cloudflare-hosted backend and from there to a third-party AI image generation provider, names the 1-hour upload / 24-hour preview retention windows, and requires an explicit Allow tap before any byte of the photo leaves your device. You can revoke consent at any time by clearing the app's local data; the next Generate tap will re-prompt.

On-device data

Look history and saved previews are stored on your device unless you choose to share or save them elsewhere. The History tab is local. Erasing local data deletes the on-device history and the install-scoped anonymous identifier.

Purchases

HairLookbook does not show ads. AI generation access is handled through trial access, credits, subscriptions, or catalog packages processed through Apple. We never see your payment instrument; only an opaque transaction identifier and the product you purchased.

Children

HairLookbook is not intended for children under 13. Do not upload photos of children. We may suspend access where this is violated.

Your choices

You can delete the entire local history and identity store from Profile → Privacy & data → Erase local data. There is nothing to delete on the server beyond the rolling retention windows above; if you want us to delete or surface what was sent on your behalf, contact the address in the next section.

Contact

Reach the developer at bselimbuyukelci@gmail.com with any privacy question. For TestFlight builds, send feedback through TestFlight. For App Store review, use the review contact details provided in App Store Connect.