Haru ("we", "us", "our") is a cosmetic skin analysis application operated by Maru LLC. We can be reached at [email protected].
This Privacy Policy explains how we collect, use, and protect information when you use the Haru mobile application.
Haru is intended for users who are 16 years of age or older. We do not knowingly collect personal data from anyone under 16. If you are under 16, please do not use the app. If we become aware that we have inadvertently collected data from a minor under 16, we will delete that data promptly.
Parents or guardians who believe their child under 16 has used Haru should contact us at [email protected].
When you take a skin scan, Haru captures a photo using your device's camera. This photo is transmitted directly to Anthropic's API for instant analysis only. It is not stored on our servers, not stored in any database, and not associated with your account. Anthropic processes the image and returns numerical scores — we receive only those scores, not the image itself.
Haru requests camera permission solely for this purpose. We do not access your photo library.
We store the following data from each scan:
This data is stored locally on your device and, if you have created an account, synced to our secure database (Supabase) to enable access across devices.
You may optionally provide:
This information is used solely to personalise your results and product recommendations. We do not sell or share it with third parties for marketing purposes.
We collect anonymised analytics on how features are used (e.g. which screens are visited, how often scans are taken). This data contains no personally identifying information and is used only to improve the app. We use Google Analytics with anonymised IP addresses. You can opt out via your browser settings or at tools.google.com/dlpage/gaoptout.
Subscription payments are handled entirely by Apple App Store or Google Play. We do not receive or store your payment card details. We receive only a confirmation token indicating whether a valid subscription is active.
RevenueCat (Subscription Management)
We use RevenueCat to manage subscription status and entitlements. RevenueCat receives your App Store or Google Play purchase receipt and your device's anonymous ID. No payment card data passes through RevenueCat. See RevenueCat's Privacy Policy.
| How we use your data | Legal basis |
|---|---|
| Providing skin analysis and personalised insights | Performance of contract |
| Generating your weekly skin report | Performance of contract |
| Improving the app through anonymised analytics | Legitimate interests |
| Sending optional product recommendations | Your consent |
| Managing your subscription | Performance of contract |
Your skin photo is sent to Anthropic's Claude API for analysis. Anthropic processes the image and returns scores. Anthropic does not store your image. See Anthropic's Privacy Policy.
Your account data and scan history (scores and dates — not images) are stored using Supabase, a secure cloud database provider. Data is encrypted at rest and in transit.
Product recommendations in the Discover tab may contain affiliate links to retailers including YesStyle, Olive Young, Sephora, and Amazon. Clicking these links may result in Haru receiving a small commission. These links do not affect the products we recommend — recommendations are driven solely by your skin data. Clicking affiliate links will take you to third-party websites with their own privacy policies.
We do not share your personal data with advertisers or data brokers.
We retain your scan history and profile data for as long as your account is active. You may delete your data at any time from Profile → Delete my data within the app. Upon deletion, all scan history, profile information, and account data is permanently removed from our servers within 30 days.
Scan data stored locally on your device can be cleared by uninstalling the app.
We do not sell your personal information. We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration. Depending on your state, you may have rights regarding your personal data. California residents have rights under the CCPA/CPRA, including:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
We take the security of your data seriously. We use industry-standard measures including:
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
The Haru app does not use advertising cookies. Our website (harubeauty.app) may use essential cookies for security and session management. We do not use third-party advertising cookies or tracking pixels.
Your data is processed and stored in the United States. Anthropic and Supabase operate in the United States. If you are located outside the United States, by using the App you consent to the transfer and processing of your data in the United States.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
To exercise your rights, contact us at [email protected] or use the in-app deletion option at Profile → Delete my data. We will respond within 45 days as required by California law.
We do not sell personal information. We do not share personal information with third parties for their direct marketing purposes.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, by sending a notice within the app. Your continued use of Haru after any changes indicates your acceptance of the updated policy.
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Email: [email protected]
We will respond to all privacy-related enquiries within 30 days.