Privacy Policy

Effective date: May 8, 2026

Folik: Hair Loss Coach AI ("the App") is developed and published by Valeriy Loveiko. We take your privacy seriously and are committed to protecting your personal information. This privacy policy explains how the App collects, uses, stores, and protects your data.

1. Information We Collect

1.1 Hair Photos and Camera Data

When you use Folik for a 5-angle hair scan or import an existing photo, the App accesses your device's camera or photo library. These photos are:

• Used solely for hair density tracking, hairline staging, and progress visualization
• Sent securely (via encrypted HTTPS) to our AI analysis provider for image-based hair analysis
• Stored locally on your device as part of your photo journal
• Never shared with other users, advertisers, or any third party beyond the AI analysis provider listed in §3

The App does not access photos beyond what you explicitly capture or import. We do not scan your photo library, and we do not collect EXIF metadata (location, date, camera model) from your photos.

1.2 Face Data

The 5-angle hair scan flow includes Front and Profile (Left / Right) views which incidentally contain the user's face. We refer to these collectively as "face data." This section explains exactly how this data is handled, in compliance with Apple App Store guideline 5.1.1.

• What is collected: Up to five still photos of the user's head and scalp from different angles. Front and side views may incidentally contain the user's face. Photos are captured only at the user's explicit request, and only as part of the optional Hair Scan flow.
• Purpose — hair analysis only: Photos are used exclusively to estimate hair density, identify hairline pattern (Norwood / Ludwig staging), and track changes over time. The App does not perform face recognition, face identification, biometric template extraction, biometric enrollment, emotion detection, age/gender estimation, or any other biometric analysis. Photos are never used to identify, authenticate, or distinguish between individual users.
• On-device processing: No facial landmarks, face embeddings, or biometric templates are computed, stored, or transmitted.
• Transmission: The photos are transmitted via encrypted HTTPS to OpenAI's GPT-4o Vision API for hair analysis. They are routed through a Cloudflare Worker proxy that forwards the request to OpenAI without logging or storing image content. No personal identifiers are sent alongside the photos.
• Third-party sharing: Photos are shared only with OpenAI (via the Cloudflare proxy) for the sole purpose of hair analysis. They are not shared with any other third party, advertiser, analytics service, or data broker. OpenAI processes API inputs under a zero-retention policy and does not use them to train models. See OpenAI's API Data Usage Policy.
• Retention: Photos are retained on the user's device only as part of the local photo journal. They are not retained on OpenAI's or our own servers. The user can delete any photo at any time within the App or by uninstalling the App.
• User control: Hair Scan (and the associated capture of face data) is entirely optional. The user can revoke camera access at any time via iOS Settings → Folik. Deleting the App removes all locally stored photos.

1.3 Hair Analysis Results

When you complete a hair scan, the AI generates the following information:

• Estimated hair density (relative to your previous scans)
• Hairline pattern stage (Norwood for male pattern, Ludwig for female pattern)
• Region notes (crown, hairline, temples, vertex)
• Confidence score

This data is stored exclusively on your device and is never transmitted to any external server after initial generation.

1.4 AI Coach Chat Data

When you use the AI Coach, your messages and the AI's responses are processed and stored as follows:

• Messages are sent via encrypted HTTPS to DeepSeek's API (proxied through our Cloudflare Worker) for response generation
• Chat history is stored locally on your device
• Every Coach response is grounded in our on-device hair-loss knowledge base (≈11MB, AAD/ISHRS/FDA/PubMed/Mayo/Cleveland/Endocrine Society guidelines) — citations link to the source guideline
• The on-device knowledge base never leaves your device
• No personal identifiers are sent alongside chat messages

1.5 Treatment Log

If you log treatments (minoxidil, finasteride, dutasteride, microneedling, PRP, etc., or any custom treatment you add), this information is:

• Stored exclusively on your device
• Used to generate timeline visualizations and reminders inside the App
• Never transmitted to any external server

Folik does not recommend, prescribe, or modify treatment dosages. The treatment log is solely a personal journal of what the user is already doing. All treatment names visible in the App are for educational logging only and are not endorsed or supplied by the developer.

1.6 HealthKit Data (Optional)

If you enable HealthKit integration, Folik reads (with your explicit permission):

• Body weight (used to correlate rapid weight loss with telogen effluvium patterns)
• Body composition metrics (body fat %, lean mass — for calorie-deficit context)

HealthKit data is read-only — we never write to your Health database. HealthKit data is processed entirely on-device and is never transmitted to our servers or any third party. You can revoke HealthKit access at any time via iOS Settings → Privacy & Security → Health → Folik.

1.7 Subscription Information

Folik offers optional weekly and annual subscriptions managed entirely through Apple's App Store and StoreKit framework. All payment processing, billing, and subscription management are handled by Apple. We do not collect, process, or store any payment information. We use RevenueCat, a third-party subscription management service, to track subscription status. RevenueCat receives an anonymous app user ID — no personal information is shared. For details, see RevenueCat's Privacy Policy and Apple's Privacy Policy.

1.8 Information We Do NOT Collect

Folik does not collect:

• Your name, email address, phone number, or any contact information
• Your physical location or GPS coordinates
• Device identifiers (IDFA, IDFV) for advertising or tracking purposes
• Browsing history or activity outside the App
• Contacts, calendar, or any other personal data from your device
• Biometric identifiers, face recognition templates, face embeddings, or any biometric data used to identify or authenticate individuals (the photos described in §1.2 are used solely for hair analysis and are never converted into biometric templates)
• Social media accounts or login credentials

2. How We Use Your Information

The information processed by the App is used exclusively for:

• Hair Scan Analysis: Photos are analyzed to estimate density and hairline stage
• AI Coach: Messages are processed to generate sourced, citation-backed educational responses about hair health
• Photo Journal: Local storage of your scan history for visual progress tracking
• Treatment Reminders: Local notifications for treatment frequency you've set yourself
• Lane-Aware Personalization: Adapting in-app copy and Coach prompts to the persona type you selected during onboarding

We do not use your data for advertising, profiling, marketing, or any purpose unrelated to the core functionality of the App.

3. Third-Party Services

3.1 OpenAI (Vision Analysis)

Folik uses OpenAI's GPT-4o Vision API to analyze hair photos. When you perform a scan:

• Your photo is transmitted via encrypted HTTPS to OpenAI's API (proxied via Cloudflare Worker)
• OpenAI returns analysis results (density estimate, stage, notes)
• API inputs and outputs are not used to train OpenAI's models and are not retained after processing
• No personal identifiers are sent alongside your data — only the image and analysis instructions
• For details, see OpenAI's API Data Usage Policy

3.2 DeepSeek (AI Coach Text)

Folik uses DeepSeek's API to generate AI Coach responses, grounded by our on-device knowledge base. When you send a message:

• The message text is transmitted via encrypted HTTPS to DeepSeek's API (proxied via Cloudflare Worker)
• DeepSeek returns a generated response that the App grounds against the on-device citation corpus before presenting it
• No photos, identifiers, or HealthKit data are ever sent to DeepSeek
• API inputs are not retained after processing

3.3 Cloudflare (API Gateway)

All AI requests are routed through a Cloudflare Worker proxy that forwards traffic to OpenAI/DeepSeek without logging or storing request bodies. The Worker exists solely to keep API keys server-side and to apply rate limiting.

3.4 RevenueCat (Subscription Management)

Folik uses RevenueCat to manage subscription status. RevenueCat receives:

• An anonymous, system-generated user identifier
• Subscription status (active, expired, trial)
• Product identifiers (which plan was purchased)

RevenueCat does not receive your name, email, photos, treatment log, or any personal information. For details, see RevenueCat's Privacy Policy.

3.5 Apple Services

• StoreKit 2: For subscription management and payment processing. All financial data is handled by Apple.
• HealthKit: Read-only access if enabled by user. All processing on-device.
• iCloud Backup: If enabled on your device, local App data may be included in your device backup. This is controlled by your device settings.

3.6 No Analytics or Advertising SDKs

Folik does not integrate any analytics platforms (Google Analytics, Firebase, Mixpanel, Amplitude), advertising networks, crash reporting services beyond Apple's built-in diagnostics, or any other third-party tracking tools. The App contains no advertisements.

4. Data Storage and Security

4.1 Local Storage

All scan results, photos, treatment log, chat history, and personalization settings are stored locally on your device using Apple's Core Data framework. This data:

• Resides only on your device's local storage
• Is protected by your device's built-in security features (passcode, Face ID, Touch ID, encryption)
• Is not accessible to the developer or any third party
• Can be deleted at any time by removing items within the App or by deleting the App

4.2 On-Device Knowledge Base

The hair-loss citation corpus (≈11MB, sqlite-vec format) ships embedded in the App and is queried entirely on-device. The corpus contains AAD / ISHRS / FDA / Mayo / Cleveland / Endocrine Society / 50+ PubMed extracts. It never leaves your device and is not personalized.

4.3 Network Security

All network communications are encrypted using industry-standard TLS 1.2+/HTTPS protocols. No data is transmitted in plain text. The App enforces App Transport Security (ATS) as required by Apple.

4.4 API Key Security

Third-party API credentials are kept server-side on the Cloudflare Worker and are not stored in plain text within the application source code.

5. Data Retention

• Photos and scan results: Retained on your device until you delete individual items or uninstall the App
• Chat history and treatment log: Retained on your device until you delete individual items or uninstall the App
• OpenAI / DeepSeek requests: Not retained after processing — zero-retention policy for API usage
• Cloudflare Worker: No request bodies logged or retained
• RevenueCat: Anonymous subscription records retained per their data retention policy
• Subscription data (Apple): Managed entirely by Apple

6. Your Rights and Choices

6.1 Camera, Photo Library, and HealthKit Access

You can revoke the App's camera, photo library, or HealthKit access at any time through iOS Settings → Folik. Without camera access, you can view your existing data but cannot perform new scans.

6.2 Deleting Your Data

Since all data is stored locally on your device:

• Delete individual scans, photos, chat threads, or treatment entries within the App
• Delete all data by uninstalling the App
• No request to the developer is necessary — we do not hold any of your data on external servers

6.3 Subscription Management

Manage, cancel, or modify your subscription through iOS Settings → Apple ID → Subscriptions, or through the App Store. Cancellation takes effect at the end of the current billing period. Refunds are handled by Apple.

7. Children's Privacy

Folik is not directed at children under 12. The App is rated 12+ on the App Store. We do not knowingly collect personal information from children. Since the App does not require account creation and does not collect identifying information, it cannot determine user age.

8. International Users and Compliance

Folik is available worldwide. We comply with applicable data protection regulations:

• GDPR (EU/EEA): Minimal data collection, no profiling, no cross-border data storage. Legal basis: user consent (camera/HealthKit permissions) and legitimate interest (core service). Right to erasure: delete the App.
• UK GDPR: Same rights and protections as EU GDPR apply.
• CCPA/CPRA (California): We do not sell or share personal information. We do not use personal information for behavioral advertising.
• PIPEDA (Canada): Compliant — minimal collection, consent-based, secure.
• LGPD (Brazil): Processing based on user consent, limited to core service.
• Other jurisdictions: Our privacy-by-design approach — minimal collection, local storage, no tracking, no advertising — is designed for global compliance.

9. Medical Disclaimer

Folik is an educational wellness companion, not a medical device. The App does not diagnose, treat, cure, or prevent any condition. AI Coach responses are sourced from published guidelines (AAD, ISHRS, FDA, PubMed extracts, Mayo, Cleveland, Endocrine Society) and are intended for educational use only. Always consult a dermatologist or qualified healthcare provider before starting, changing, or stopping any treatment, including over-the-counter products like minoxidil. Hair density estimates and pattern staging are AI-generated approximations and should not be considered definitive clinical assessments.

10. Changes to This Policy

We may update this policy to reflect changes in functionality or regulations. Material changes will be indicated by updating the effective date. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this privacy policy or your data:

• Developer: Valeriy Loveiko
• Email: love8ko.apps@gmail.com
• GitHub: github.com/love8ko
• Support: love8ko.github.io/folik/support.html

Medical Disclaimer · Terms of Use · Support