Legal
Privacy Policy
Last updated: May 8, 2025
We built Shea to help you track your natural hair journey. We believe your personal data belongs to you — and we only collect what we genuinely need to make the app work.
1. Who We Are
Shea is a mobile application developed and operated by Shea ("we", "us", "our"). Our website is shea.one. If you have any questions about this policy, contact us at privacy@shea.one.
2. Data We Collect
We collect the following categories of data when you use Shea:
Account Information
- Email address (used for sign-in and account recovery)
- Display name (optional, set by you)
- Hair profile tags (type, porosity, density, primary goal — optional, set by you)
Hair Health Data
- Hair photos you upload for AI analysis
- Hair health scores generated from those photos
- Wash day logs (date, duration, products used, notes)
- Product stash items you add
Usage Analytics
- App events (screens visited, features used) — collected via PostHog, anonymized
- Crash reports and performance data
Payment Information
- Subscription status and plan type — managed by RevenueCat
- We never see or store your credit card number. All payment processing is handled by Apple Pay / Google Pay through their respective app stores.
3. How We Use Your Data
- To provide and improve the Shea app
- To generate AI hair health scores from your photos
- To sync your data across devices
- To send you optional notifications you've enabled (wash day reminders, circle activity)
- To process subscription payments
- To respond to your support requests
We do not sell your personal data. We do not use your hair photos for advertising. We do not share your data with third parties except as described in Section 4.
4. Third-Party Services
- Supabase — Database and authentication. Your data is stored encrypted in Supabase's EU data center. Privacy Policy ↗
- RevenueCat — Subscription and payment management. Privacy Policy ↗
- PostHog — Anonymous usage analytics. No personally identifiable information is sent. Privacy Policy ↗
- Apple / Google — App distribution and in-app purchases, subject to their respective privacy policies.
5. Your Rights
You have the right to:
- Access your data — contact us to request a copy
- Correct your data — edit your profile directly in the app (Settings → Edit Profile)
- Delete your account — tap Privacy & Data → Delete My Account in the app. This flags your account for deletion within 30 days.
- Object to analytics — analytics can be limited by adjusting your device's ad tracking settings
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Hair photos stored in our cloud storage are deleted immediately upon account deletion.
7. Children's Privacy
Shea is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us at privacy@shea.one.
8. Data Security
All data is transmitted over HTTPS and stored encrypted at rest. We follow industry-standard security practices including Row Level Security (RLS) policies that ensure each user can only access their own data.
9. Changes to This Policy
We may update this policy from time to time. We'll notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page always reflects the most recent version.
10. Contact Us
Questions about this policy or your data? Email us: privacy@shea.one