1. Who We Are
Haru ("we", "us", "our") is a cosmetic skin analysis application available on iOS. We can be reached at [email protected].
This Privacy Policy explains how we collect, use, and protect information when you use the Haru mobile application.
2. Age Requirement
Haru is intended for users who are 16 years of age or older. We do not knowingly collect personal data from anyone under 16. If you are under 16, please do not use the app. If we become aware that we have inadvertently collected data from a minor under 16, we will delete that data promptly.
Parents or guardians who believe their child under 16 has used Haru should contact us at [email protected].
3. What We Collect
3.1 Camera and Photos
When you take a skin scan, Haru captures a photo using your device's camera. This photo is transmitted directly to Anthropic's API for instant analysis only. It is not stored on our servers, not stored in any database, and not associated with your account. Anthropic processes the image and returns numerical scores — we receive only those scores, not the image itself.
Haru requests camera permission solely for this purpose. We do not access your photo library.
3.2 Skin Scan Data
We store the following data from each scan:
- Numerical metric scores (e.g. Hydration: 82, Clarity: 67)
- An overall skin score
- The date and time of the scan
- Optional: a short AI-generated observation about your skin (text only, no image)
This data is stored locally on your device and, if you have created an account, synced to our secure database to enable access across devices.
3.3 Profile Information
You may optionally provide:
- Your name
- Skin type, tone, and age range
- Skin concerns (e.g. dryness, acne, sensitivity)
- Email address (for account creation only)
This information is used solely to personalise your results and product recommendations. We do not sell or share it with third parties for marketing purposes.
3.4 Usage Data
We collect anonymised analytics on how features are used (e.g. which screens are visited, how often scans are taken). This data contains no personally identifying information and is used only to improve the app. We use Google Analytics with anonymised IP addresses.
3.5 Email Communications
If you provide your email address, we may send you skincare tips, product recommendations, and information about Haru features. These emails are entirely optional — you can unsubscribe at any time by clicking the unsubscribe link in any email, or by emailing [email protected]. We do not send advertising emails on behalf of third parties.
3.6 Purchase Data
Subscription payments are handled entirely by the Apple App Store. We do not receive or store your payment card details. We receive only a confirmation token indicating whether a valid subscription is active.
We use RevenueCat to manage subscription status and entitlements. RevenueCat receives your App Store purchase receipt and your device's anonymous ID. No payment card data passes through RevenueCat. See RevenueCat's Privacy Policy.
4. How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Providing skin analysis and personalised insights | Performance of contract |
| Generating your weekly skin report | Performance of contract |
| Improving the app through anonymised analytics | Legitimate interests |
| Sending optional product recommendations by email | Your consent |
| Managing your subscription | Performance of contract |
5. Third-Party Services
We work with a small number of carefully selected third-party services. We do not share your personal data with advertisers or data brokers.
Anthropic — AI Processing
Your skin photo is sent to Anthropic's Claude API for analysis. Anthropic processes the image and returns scores — Anthropic does not store your image. See Anthropic's Privacy Policy.
Supabase — Data Storage
Your account data and scan history (scores and dates — not images) are stored using Supabase, a secure cloud database provider. Data is encrypted at rest and in transit.
RevenueCat — Subscription Management
RevenueCat manages subscription status and entitlements. It receives your App Store purchase receipt and an anonymous device ID. No payment card data is involved. See RevenueCat's Privacy Policy.
Amazon Associates
Some product links in the Discover tab are Amazon affiliate links. Clicking these links and making a purchase may result in Haru earning a small commission at no extra cost to you. Affiliate relationships do not influence which products are recommended — recommendations are driven solely by your skin data.
6. Data Retention
We retain your scan history and profile data for as long as your account is active. You may delete your data at any time from Profile → Delete my data within the app. Upon deletion, all scan history, profile information, and account data is permanently and immediately removed from our servers.
Scan data stored locally on your device can be cleared by uninstalling the app.
7. Your Rights
We do not sell your personal information. We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.
Depending on where you live, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you
- Correction: Ask us to correct inaccurate data
- Deletion: Request that we delete your data
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdrawal of consent: Withdraw consent for optional processing at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Security
We take the security of your data seriously. We use industry-standard measures including:
- TLS encryption for all data in transit
- Encryption at rest for stored data
- Row-level security on our database
- Secure token-based authentication
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Cookies and Tracking
The Haru app does not use advertising cookies. Our website (harubeauty.app) may use essential cookies for security and session management. We do not use third-party advertising cookies or tracking pixels.
10. International Transfers
Your data is processed and stored in the United States. Anthropic, Supabase, and RevenueCat operate in the United States. If you are located outside the United States, by using the app you consent to the transfer and processing of your data in the United States.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the personal information we collect, use, and disclose
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out: Haru does not sell or share personal information for cross-context behavioural advertising. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
To exercise your rights, contact us at [email protected]. We will respond within 45 days as required by law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, by in-app notification. Your continued use of the app after changes constitutes acceptance of the updated policy.
13. Contact
If you have questions about this Privacy Policy or how we handle your data, please get in touch:
Get in touch
Email: [email protected]
Website: harubeauty.app