This Privacy Policy explains how Fishdarn LLC ("we," "us," or "our") collects, uses, discloses, and protects information when you use haircontinuity.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy should be read in conjunction with our Terms of Service.

We collect several types of information:

• Account Information: When you create an account, we collect your name, email address, and password
• Profile Information: Any additional information you choose to provide in your profile
• Payment Information: When you subscribe, we collect billing information through our third-party payment processor (we do not store complete credit card numbers)
• Communications: When you contact us, we collect the information you provide in your messages

• You may store information about your clients in the Service, including names, service history, formulations, notes, photos, and other business records
• Client photos are stored on Cloudflare R2 via Laravel Cloud and are NOT processed by AI services
• You are the data controller for this information; we act as a data processor
• You are solely responsible for ensuring you have the legal right to collect and store this information, including obtaining consent from clients to photograph and store their images, and for complying with all applicable privacy laws regarding your clients

• Usage Data: Information about how you use the Service, including access times, pages viewed, and features used
• Device Information: Information about your device, including IP address, browser type, operating system, and device identifiers
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service (see Section 5 for more details)

We use the information we collect for the following purposes:

• Create and manage your account
• Process your subscription payments
• Store and organize your business data
• Use artificial intelligence (Google Gemini gemini-2.5-flash-lite model via Paid Services) to summarize and analyze client visit data to help you better understand service patterns and client history
• Provide customer support
• Send you service-related notifications and updates

• Analyze usage patterns to improve features and functionality
• Develop new features and services
• Conduct research and analytics
• Monitor and analyze trends and usage

• Respond to your inquiries and support requests
• Send administrative information, updates, and security alerts
• Send marketing communications (you can opt out at any time)
• Request feedback or participation in surveys

• Detect, prevent, and address technical issues
• Protect against fraud, abuse, and illegal activity
• Enforce our Terms of Service
• Comply with legal obligations

We do not sell your personal information. We may share your information in the following circumstances:

We may share your information with third-party service providers who perform services on our behalf, including:

• Payment processing (e.g., Stripe, PayPal)
• Cloud hosting and storage (e.g., AWS, Google Cloud)
• Photo storage (Cloudflare R2 via Laravel Cloud for client photos)
• Artificial intelligence services (Google Gemini Paid Services for visit data summarization, covered under Google's Data Processing Addendum - note: photos are NOT sent to AI services)
• Email service providers
• Analytics providers
• Customer support tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify. For AI processing, we use Google's Paid Services tier, which includes enterprise data protection agreements.

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and its effect on your data.

We may share your information with third parties when you give us explicit consent to do so.

We use Google Gemini (gemini-2.5-flash-lite model), an artificial intelligence service provided by Google, to analyze and summarize your client visit data. This feature helps you:

• Generate summaries of client service history
• Identify patterns and trends in your business data
• Better understand client needs and preferences

When you use AI-powered features:

• Your client data (names, visit records, service notes, and formulations) is sent to Google's servers for processing
• Client photos are NOT sent to AI services and remain stored separately on Cloudflare R2
• We use Google's Paid Services tier with a billing account, which provides enhanced data protection
• Google does NOT use your data to train or improve their AI models
• Google processes your data in accordance with their Data Processing Addendum for Products Where Google is a Data Processor
• Google logs prompts and responses for a limited period of time solely for detecting policy violations and required legal disclosures
• The AI-generated summaries are returned to you and stored in your account
• You control when and how AI features are used

Your data is protected under Google's enterprise-grade data processing terms. For more information, see Google's Data Processing Addendum at https://business.safety.google/processorterms/

We use cookies and similar tracking technologies to collect and track information and improve our Service.

Cookies are small files stored on your device. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted).

• Essential Cookies: Necessary for the Service to function, including authentication and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service
• Marketing Cookies: Track your activity to provide relevant advertisements

Most web browsers allow you to manage cookie preferences. You can set your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly without cookies.

When you upload client photos to the Service:

• Photos are stored on Cloudflare R2 via Laravel Cloud
• Photos are stored separately from other data and are NOT processed by artificial intelligence services
• Photos are private by default and only accessible to you
• You have the ability to share photos at your discretion
• Photos are subject to the same 30-day retention policy as other data after your subscription ends
• You are responsible for obtaining proper consent from clients before photographing and storing their images
• You must ensure photos comply with our Acceptable Use Policy and do not violate any laws

Cloudflare R2 may store data on servers located in multiple countries. By uploading photos, you consent to international data transfers as necessary to provide the Service.

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Employee training on data security and privacy
• Regular backups and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your account information for as long as your account is active or as needed to provide you with the Service.

• If your subscription ends or you do not subscribe after your free trial, your account enters a 30-day grace period
• After 30 days without an active subscription, your account and all associated data are permanently deleted
• You may request immediate deletion of your account at any time by contacting us

We may retain certain information as required by law or for legitimate business purposes, such as fraud prevention, even after you close your account.

You are responsible for the retention and deletion of client data you store in the Service. We recommend regularly exporting your data and maintaining your own backups.

Depending on your location, you may have certain rights regarding your personal information:

• You have the right to access your personal information
• You can export your data at any time using our data export features
• You can request a copy of your data in a machine-readable format

• You can update or correct your account information at any time through your account settings
• You can contact us to request corrections to your information

• You can delete your account at any time through your account settings
• You can request deletion of specific information by contacting us
• Note that some information may be retained as required by law

• You can object to certain processing of your information
• You can request restriction of processing in certain circumstances

• Where we process your information based on consent, you can withdraw that consent at any time

• You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email
• You will still receive essential service-related communications

To exercise any of these rights, please contact us at [email protected].

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data based on contract performance, consent, legitimate interests, and legal obligations
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority
• Data transfers: When we transfer data outside the EEA, we ensure appropriate safeguards are in place

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know: You can request information about the categories and specific pieces of personal information we collect
• Right to delete: You can request deletion of your personal information
• Right to opt-out: You have the right to opt-out of the "sale" of personal information (note: we do not sell personal information)
• Right to non-discrimination: You have the right not to be discriminated against for exercising your privacy rights

We comply with applicable state privacy laws, including those in Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation. Residents of these states have similar rights to access, correct, delete, and port their data.

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us immediately.

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.

We ensure that appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant authorities
• Other legally approved mechanisms

The Service may contain links to third-party websites, plugins, and applications. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

When you use our Service to store information about your clients, you act as a data controller and we act as a data processor. You are responsible for:

• Obtaining necessary consents from your clients to collect and store their information
• Obtaining explicit consent from clients before photographing them and storing their images
• Providing appropriate privacy notices to your clients, including disclosure that their data may be processed using artificial intelligence for service summaries and analysis (note: photos are NOT processed by AI)
• Ensuring you have the legal right to photograph clients and store their images
• Complying with all applicable data protection laws (GDPR, CCPA, HIPAA where applicable, and state-specific laws)
• Ensuring the accuracy and legitimacy of data you store
• Responding to privacy requests from your clients, including requests to delete photos
• Implementing appropriate security measures for client data access
• Using the photo sharing feature responsibly and only sharing client photos when you have proper authorization

We provide tools to help you manage client data, but you remain solely responsible for your compliance with applicable privacy laws.

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. We will provide information about the breach, the data affected, and steps you can take to protect yourself.

Some web browsers have a "Do Not Track" feature that signals to websites that you do not want your online activities tracked. Our Service does not currently respond to Do Not Track signals. You can manage tracking preferences through your browser settings and our cookie management tools.

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Effective Date" at the top of this policy
• Post the new policy on this page
• Notify you via email or through a prominent notice on the Service
• For material changes, provide at least 30 days' notice before the changes take effect

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Fishdarn LLC
haircontinuity.com
Email: [email protected]
Address: 3953 Franks Ct, Tucker, GA 30084

For privacy-specific inquiries, you may also use the subject line "Privacy Request" to help us route your inquiry appropriately.

For users in the European Economic Area, if you have questions or concerns about how we process your personal data, you may contact our Data Protection Officer at: [email protected]