Privacy Policy

Last updated: March 28, 2026

KHV Digital LLC ("we", "us", or "our") operates Comby: AI Hairstylist (the "App") and https://getcomby.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

Information We Collect

Photos and Facial Data

When you use the App's hairstyle preview feature, you provide a selfie photo. We process this photo using artificial intelligence to generate a hairstyle preview. This processing may involve analysis of your facial features, face shape, and proportions.

  • Your selfie is transmitted securely via encrypted connection to our servers
  • The photo is held in server memory only during the generation process (typically seconds to minutes)
  • Your selfie is not written to any permanent database or storage
  • Generated preview images are stored temporarily for 7 days, then automatically deleted
  • We do not use your photos for AI model training or advertising purposes

Device and Usage Information

  • Anonymous session identifiers (via Supabase anonymous authentication)
  • Device type, operating system, and app version
  • Feature usage patterns (which styles are browsed, generations created)
  • Crash reports and performance data (via Sentry)

Payment Information

Subscriptions are processed through the Apple App Store via RevenueCat. We do not collect or store your credit card or payment details. Apple handles all payment processing.

How We Use Your Information

  • To generate AI hairstyle previews based on your selfie
  • To provide and maintain the App's functionality
  • To process subscription payments through Apple
  • To improve the App's performance and fix issues
  • To respond to support requests

AI Processing and Third Parties

We use Google Gemini (Google Cloud AI) to process your photos and generate hairstyle previews. When you request a hairstyle preview, your selfie is sent to Google's AI service for processing.

  • Under Google's Gemini API terms, data submitted via the API is not used to train Google's AI models
  • Google processes the data in accordance with their Cloud Privacy Notice
  • Photos are transmitted securely and are not retained by Google after processing

Data Retention and Deletion

  • Selfie photos: Held in memory during processing only. Not persisted to storage.
  • Generated previews: Stored for 7 days with automatic deletion via lifecycle policy.
  • Session data: Anonymous session identifiers retained while you use the App.
  • Analytics: Aggregated, anonymized usage data retained for service improvement.

Your Rights

For EU/EEA Residents (GDPR)

The legal basis for processing your selfie photos is your explicit consent (GDPR Article 6(1)(a) and Article 9(2)(a) for biometric-adjacent data). You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at support@getcomby.com. We will respond within 30 days.

For California Residents (CCPA/CPRA)

We collect the following categories of personal information: identifiers (device identifiers), biometric information (facial photographs during processing), and internet activity (usage data). We do not sell your personal information. You have the right to know what data we collect, request deletion, and opt out of data sales (which we do not engage in).

Sharing and Disclosure

We do not sell your personal information. We share data only with:

  • Google Cloud (Gemini AI): For hairstyle preview generation
  • Supabase: For anonymous authentication and data storage
  • RevenueCat / Apple: For subscription payment processing
  • Sentry: For error monitoring and crash reporting
  • Law enforcement: If required by law

Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us to have it removed.

International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

Security

We use industry-standard security measures including encrypted data transmission (TLS/SSL), secure server infrastructure, and access controls. However, no method of electronic transmission or storage is 100% secure.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:
support@getcomby.com
KHV Digital LLC