Legal

BaldGPT Privacy Policy

Last updated: 3 June 2026

This Privacy Policy explains how Exendor Oy (“we”, “us”, “our”) processes personal data when you use the BaldGPT mobile application (the “App”), our website at https://baldgpt.com, and related services (together, the “Services”).

We make the App available in many countries. Where local privacy law gives you additional rights, we will honor those rights as required. This policy is designed for users in the European Union / European Economic Area, the United Kingdom, Switzerland, the United States, and many other regions, including parts of Asia. The App is not offered or targeted in mainland China.

We try to keep our in-app notices consistent with this policy. If you notice a difference, contact us; we will apply the more privacy-protective interpretation where required by law.


1. Data controller and contact

Data controllerExendor Oy
Business ID3607156-4
Registered addressOksasenkatu 4, 53100 Lappeenranta, Finland
ProductBaldGPT
Email (privacy & support)contact@baldgpt.com
Websitehttps://baldgpt.com
Privacy policy URLhttps://baldgpt.com/privacy

We have not appointed a Data Protection Officer. For privacy questions or requests, use the email above.

Supervisory authority: EU/EEA users may lodge a complaint with their local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): https://tietosuoja.fi. UK users may contact the ICO: https://ico.org.uk.


2. Scope

This policy applies when you:

  • install and use the BaldGPT App;
  • optionally sign in with Apple or Google;
  • run AI scans (Roast, Shampoo AI, Advanced AI);
  • purchase subscriptions or one-time packs;
  • use the leaderboard, settings, or support channels.

It does not replace third-party privacy policies for Apple, Google, Supabase, third-party AI providers (such as Google Gemini), RevenueCat, or Apple App Store / Google Play.


3. How we handle your photos

3.1 Images stay on your device

Photos you take or select remain on your device. Optional scan history (up to 100 entries) is stored locally only and may include references to image files on your phone; those files are not uploaded to us as part of history. You can clear local history in Settings → Delete history or by removing the App.

We do not maintain a cloud album or long-term server backup of your scan photos.

3.2 Images pass through our backend only for AI processing

When you confirm a scan (after explicit consent where required):

  1. The App sends the image over HTTPS to our backend (Supabase Edge Functions).
  2. Our backend forwards it to a third-party AI provider (such as Google Gemini) solely to generate the scan you requested.
  3. We receive text/JSON results and display them in the App.
  4. We do not store photo files on our servers after that request completes.

3.3 Third-party AI provider processing

We send images and related prompts to third-party AI provider(s) (such as Google Gemini) only to generate the scan result you request. The provider may process and temporarily retain prompts, images, responses, and related metadata according to its API terms, data processing terms, abuse-monitoring practices, and our selected service configuration (for example logging for safety and policy enforcement under paid API terms).

  • We do not use third-party AI to train BaldGPT’s own models.
  • We do not store photo files on our servers after the scan request completes.
  • For BaldGPT scans, we do not use third-party AI File API persistent storage, explicit context caching of scan images, search or maps grounding, or live session resumption for scan images—only one-off generation requests for your scan.

Provider policies (for example Google Privacy Policy) also apply to their processing.


4. Personal data we collect

4.1 Sources of personal information

We collect personal data from:

  • you (photos you choose to scan, onboarding answers, username, support messages);
  • your device (device/app identifiers, local storage, session tokens);
  • Apple / Google (sign-in identifiers and, where shared, email or name per their settings);
  • app stores and RevenueCat (purchase and entitlement signals);
  • our service providers (hosting, AI, payments) acting on our instructions.

4.2 Data you provide

  • Photos for scans (processed as in section 3; not stored on our servers as files).
  • Onboarding answers (intent, self-perception, post-result preference).
  • Shampoo AI questionnaire (scalp/hair-related preferences you enter).
  • Leaderboard username (display name you choose; not your Apple/Google real name).
  • Support messages to contact@baldgpt.com.

4.3 Data on your device

device_id, identity_id, session tokens, privacy/consent flags, onboarding state, optional local scan history (up to 100 entries), cached purchase status.

4.4 Data on our servers (Supabase)

DataPurpose
App identityQuotas, anti-abuse, session continuity
Scan results (result_json, no photos)Features, leaderboard scores
Onboarding analyticsProduct analytics (first onboarding)
EntitlementsPaid scan quotas
Pending scansTemporary non-image metrics (~30 minutes)
Verified purchase recordsFraud prevention, idempotent grants
Rate-limit / abuse logsSecurity (may include IP and device id)
ProfileLeaderboard username (OAuth-linked)

Sign-in: Apple or Google via Supabase Auth. Roast works without account; Shampoo AI and Advanced AI require sign-in in the current App.

4.5 Purchases

Apple/Google process payment; RevenueCat manages entitlements; we verify purchases server-side. We do not receive full card numbers.

4.6 Device permissions

Camera and photo library for scans. We do not use the microphone for hair analysis (Android may list permissions required by dependencies).

4.7 What we do not collect (current builds)

No advertising or cross-app tracking SDKs; no intentional GPS/contacts/SMS collection; no server-side photo file library.


5. Purposes, legal bases, and explicit consent

5.1 GDPR / UK legal bases (Article 6)

PurposeLegal basis
AI scans and resultsContract (Art. 6(1)(b)) and, for photos/sensitive inputs, explicit consent (Art. 6(1)(a) and Art. 9(2)(a) where applicable)
Account, leaderboard, purchasesContract / legitimate interests (service operation)
Security & abuse preventionLegitimate interests (Art. 6(1)(f))
Onboarding analyticsLegitimate interests (Art. 6(1)(f))
Legal complianceLegal obligation (Art. 6(1)(c))

5.2 Explicit consent for AI scans

Before using AI scan features, you must check a box confirming that you explicitly consent to BaldGPT sending your photo(s) and related answers through our backend to a third-party AI provider (such as Google Gemini) solely to generate your scan result. You can cancel before processing. After you consent once on a device, you are not asked again until you withdraw consent.

Withdrawing consent: You can withdraw scan consent in Settings → Withdraw AI scan consent. If you withdraw consent, AI scan features are disabled until you consent again on your next scan. Withdrawing consent does not undo processing already completed. You may also request deletion of stored text/JSON results as described in section 11.

5.3 Sensitive / health-related information

Hair/scalp photos and questionnaire answers may relate to appearance or health-related characteristics in some jurisdictions. We process them only to provide the scan you request, with explicit consent where required. BaldGPT is not a medical device and does not diagnose or treat conditions (see section 6).


6. AI processing, automated output, and medical disclaimer

  • Analysis uses third-party AI provider(s) (such as Google Gemini) via our backend—not on-device models owned by BaldGPT.
  • Outputs are automated, for entertainment and general information onlynot medical, dermatological, or legal advice. Consult a qualified professional for medical concerns.
  • We do not make solely automated decisions with legal or similarly significant effects (GDPR Article 22).

7. Leaderboard

Signed-in users with a username may appear on the public leaderboard with username and Roast score only—not photos or OAuth real names.

You can stop participating by deleting your account (which removes your profile/username) or contacting contact@baldgpt.com. Future App versions may add an in-app leaderboard opt-out.


8. Recipients and processors

RecipientRole
Supabase, Inc.Hosting, database, auth, edge functions
Third-party AI provider(s) (such as Google Gemini)Scan image/text processing
Google / AppleSign-in
RevenueCatIn-app purchases
Apple App Store / Google PlayPayments

We do not sell personal data or share it for cross-context behavioral advertising as defined under major US state laws.


9. International transfers

Data may be processed outside your country (including the US). Where required, we use Standard Contractual Clauses, UK addenda, or other lawful mechanisms. Contact us for transfer details.


10. Retention

DataRetention period / criteria
Photo files on our serversNot retained after the scan request
Pending scansUntil expiry (~30 minutes) or completion
Scan result history (server)Until account deletion (see section 11) or 24 months after last activity on the linked app identity, whichever comes first, then deleted or anonymized
Onboarding analyticsUntil account deletion (see section 11) or up to 24 months after collection, then deleted or aggregated
Device scan historyOn device only; up to 100 entries until you clear or uninstall
EntitlementsFor the subscription/pack period and as needed to deliver purchased features
Purchase / transaction verificationFor the longer of active account relationship and 7 years for tax, accounting, fraud prevention, and disputes
Rate-limit / abuse logsShort rolling periods (e.g. identity attempt logs ~7 days; scan attempt logs on a sliding window)
Auth account & profileUntil account deletion

We delete or anonymize data when no longer needed for these purposes.


11. Your choices, deletion, and consent withdrawal

In the App you can:

  • Cancel before starting a scan;
  • Withdraw AI scan consent (Settings);
  • Clear local history (Settings);
  • Sign out;
  • Delete account (Settings, when signed in).

Account deletion

When you delete your account, we delete or anonymize your authentication account, profile, username, leaderboard participation, scan result history, pending scans, onboarding analytics linked to your app identity, and scan attempt logs where no longer needed.

We may retain a minimal technical app identity record on the device/backend to prevent abuse, enforce scan quotas, maintain security, and preserve paid entitlements. This may include device/app identifiers, quota counters, entitlement balances, purchase verification records, and limited fraud-prevention or security logs.

These retained records are separated from your deleted account profile and are not linked to your scan photos, deleted username, OAuth profile, or deleted scan result content. We keep them only for as long as needed for purchase delivery, legal/accounting obligations, fraud prevention, dispute handling, security, or service integrity.

Deleting your account removes the current link between your Apple/Google login and BaldGPT. If you sign in again later, a new authentication account may be created and linked to the same device app identity where needed for quotas, entitlements, purchase restoration, and abuse prevention. Your device app identity (and the records above) remain on that device as described.

We clear local scan history on the device when deletion succeeds. For further erasure beyond this flow, email contact@baldgpt.com with subject “Data deletion request.”


12. Your privacy rights

12.1 EU / EEA / UK / Switzerland

Rights may include access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority (see section 1).

12.2 United States

Depending on your state, you may have rights to know, access, delete, correct, portability, opt out of sale/sharing (we do not sell or share for cross-context behavioral advertising), and limit sensitive personal information.

Sensitive personal information: we use photos and related answers only to provide the scan, security, legal, and service functions you request, and not to infer characteristics for unrelated purposes.

California (CCPA/CPRA): Categories collected in the last 12 months may include identifiers, customer records (entitlements), internet/activity data (logs), user content (scan results, username), sensitive personal information (photos submitted for scans), and purchase information. Sources: section 4.1. Disclosures: section 8. No sale of personal information.

Contact contact@baldgpt.com to exercise rights. We may verify your request. No discrimination for exercising rights.

12.3 Other regions (including Asia)

We honor applicable local rights (access, correction, deletion, consent withdrawal, complaints). The examples below are not an exhaustive compliance statement for every country:

Japan (APPI), South Korea (PIPA), Singapore (PDPA), Hong Kong (PDPO), Taiwan, Thailand (PDPA), India (DPDPA), and similar laws may grant additional rights—contact us and we will respond as required.


13. Children

Our app is intended for users aged 13+, except in Brazil and the Republic of Korea, where the applicable App Store age rating is 12+. We do not knowingly collect personal information from users below the applicable age requirement.


14. Security

We use encryption in transit, access controls, RLS on databases, purchase verification, rate limiting, and data minimization (no server-side photo file storage). No system is 100% secure.


15. Changes

We will post updates at https://baldgpt.com/privacy and change the “Last updated” date. Material changes may be communicated in the App or store listing where required.


16. Contact

Exendor Oy — BaldGPT
contact@baldgpt.com

Privacy requests: include “Privacy request” in the subject. We aim to respond within one month (EU/UK) or applicable state timelines (e.g. up to 45 days in California with permitted extension).

English version prevails over translations unless local law requires otherwise.