StudioHair

GDPR

Your GDPR Rights

Last updated: 14 April 2026

Summary

Studio Hair processes personal data (including biometric data in the form of selfies) under the EU General Data Protection Regulation. This page summarizes your rights and how to exercise them. The full data-processing details are in our Privacy Policy.

Lawful bases for processing

  • Article 6(1)(b) — contract performance:account creation, payment processing, generating your Style Reports.
  • Article 9(2)(a) — explicit consent:processing your selfie as biometric data. Required before any selfie is uploaded; revocable at any time.
  • Article 6(1)(c) — legal obligation:retention of financial records for 5 years per Polish tax law.
  • Article 6(1)(f) — legitimate interest: bot and abuse protection (App Check), security logging.

Your rights at a glance

  • Access (Art. 15): request a copy of your data
  • Rectification (Art. 16): correct inaccurate data
  • Erasure (Art. 17): delete your data (financial records pseudonymized, not erased)
  • Restriction (Art. 18): pause processing
  • Portability (Art. 20): receive data in machine-readable format
  • Objection (Art. 21): object to processing on legitimate-interest grounds
  • Withdraw consent (Art. 7(3)): revoke biometric consent — future generations require re-consent
  • Not be subject to solely automated decisions (Art. 22): our AI generates previews but does NOT make decisions about you
  • Lodge a complaint: with your national supervisory authority. Polish residents: UODO. Other EU/EEA residents: file with your country's data protection authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany). See the full EDPB list at edpb.europa.eu.

How to exercise your rights

Email contact@studiohair.app from the address associated with your account. We respond within 30 days. There is no charge for the first request in any 12-month period; we may charge a reasonable fee for repeated or excessive requests.

International transfers

All processing happens within the EU (Belgium / Netherlands). We do not transfer your personal data outside the EU/EEA. The single exception is Stripe (US-headquartered), which acts under its own EU adequacy decision and Standard Contractual Clauses for any data crossing borders.

Data Protection Officer

At our current scale we are not legally required to appoint a DPO. Privacy questions can be directed to contact@studiohair.app.