Privacy Policy

✦ Last updated May 30, 2026 — v1.7

PreLook is a B2B iPad application for professional hairdressers. We process personal data in strict compliance with the GDPR (Regulation EU 2016/679). This policy explains what data we collect, why, and what your rights are.

1. Data Controller

Adama Cissoko, sole trader operating under the trade name PreLook
66 Avenue des Champs-Élysées, 75008 Paris, France
Company registration: [pending]
Data protection contact: dpo@prelookpro.com
Legal contact: legal@prelookpro.com

2. Who Does This Policy Apply To?

This policy applies to two distinct categories:

Salons (Professional Users): hairdressers and hair care establishments holding a PreLook account. PreLook acts as data controller for their data.
End Clients: individuals whose hair data is processed during a consultation at the Salon's request. For this data, PreLook acts as data processor on behalf of the Salon (GDPR art. 28). The Salon remains responsible for processing and for obtaining the End Client's consent.

📌 End clients do not create accounts. Their data is entered by the hairdresser and associated with a pseudonym only. No end client email or phone number is collected by PreLook.

3. Data We Collect

Data	Who	Purpose
Email address	Hairdresser (Pro account)	Authentication
Salon name, address, registration number	Hairdresser	Salon profile & professional verification
First name / pseudonym	End client	Hair passport
Face and hair photographs	End client	AI hair simulation (single use)
Hair profile (texture, length, porosity, allergens)	End client	Diagnosis & recommendations
Consultation history & generated previews	End client	Hair tracking over time
Pseudonymised usage analytics	Hairdresser	App improvement

⚠ No biometrics. PreLook does not perform any facial recognition, biometric identification, identity comparison, or biometric template creation. Photographs are used solely for hair simulation purposes.

4. Legal Basis

For Salons:

Contract performance — to provide the PreLook service (GDPR art. 6.1.b)
Legitimate interest — app improvement via pseudonymised analytics (art. 6.1.f)
Legal obligation — accounting data retention (art. 6.1.c)

For End Clients (processing on behalf of the Salon):

Consent — for photo capture and AI generation (art. 6.1.a), collected by the Salon before the consultation
Separate consent — for sharing via link/QR code
Separate consent — for any publication on social media

5. No AI Training

Photographs, AI previews and End Client data are never used to train AI models, whether third-party or proprietary, without the End Client's explicit and separate consent. This commitment is also binding on PreLook's sub-processors.

6. Sub-processors & Hosting

We never sell your data. Our technical service providers are:

Supabase Inc. (USA) — database and storage — AWS eu-west-1 infrastructure, Ireland (EU) — EU Standard Contractual Clauses
Fal.ai (USA) — AI preview generation — photographs transmitted only to the extent strictly necessary for generation, per Fal.ai's contractual commitments
OVH SAS (France) — prelookpro.com website hosting
Apple Inc. (USA) — App Store distribution and subscription management — EU Standard Contractual Clauses

Some data may be processed or stored outside the European Union by our technical providers, in accordance with applicable contractual safeguards (Standard Contractual Clauses or equivalent).

7. Retention Periods

Salon account data: duration of subscription + 3 years after termination
Hair passports and consultation history: 3 years after the last consultation, or until deletion by the Salon or End Client
Photographs for AI generation: deleted within 7 days after generation
Sharing links / QR codes: URLs valid for 7 days, then inaccessible
Connection logs: 12 months
Analytics: aggregated data kept for 24 months
Accounting data: 10 years (legal obligation)

8. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, port and object to your personal data (GDPR art. 15–21).

Salons: contact PreLook at dpo@prelookpro.com. We respond within 30 days.
End Clients: contact your Salon first (data controller). If the Salon does not respond within 30 days, contact PreLook directly.

You may also lodge a complaint with your national data protection authority (France: CNIL).

9. Minors

PreLook does not knowingly collect data from minors without parental consent. Using the platform for a minor End Client (under 18) requires prior written authorisation from the person holding parental authority, collected by the Salon. No public sharing, link or QR code may be distributed without this authorisation.

10. Security

Encryption in transit (HTTPS/TLS 1.3)
Encryption at rest (Supabase infrastructure)
Row Level Security (RLS) — each salon can only access its own data
JWT tokens with limited lifespan
API keys stored server-side, never in the client app

In the event of a personal data breach likely to result in a risk to individuals, PreLook will notify the CNIL within 72 hours (GDPR art. 33) and inform affected Salons without undue delay.

11. Cookies & Tracking

The PreLook app does not use cookies and does not perform advertising tracking (ATT disabled). The prelookpro.com website uses no third-party cookies or behavioural analytics tools.

12. Changes

We may update this policy. The update date is shown at the top of this page. For material changes, subscribed hairdressers will be notified by email with reasonable advance notice.

← Back to website · Legal Notice · 🇫🇷 Version française