Privacy Policy

Last Updated: November 5, 2025

Introduction

Welcome to CurlCrew ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Information We Collect

Information You Provide to Us

Account Information: Name, email address, and authentication credentials (via Auth0)
Profile Information: Profile pictures, bio, and user preferences
Content: Photos, videos, curl routines, product reviews, comments, and other content you post
Hair Care Data: Information about your hair type, routines, products used, and preferences

Information Collected Automatically

Usage Data: How you interact with the app, features used, and content viewed
Device Information: Device type, operating system, unique device identifiers
Log Data: IP address, app crashes, system activity, and timestamps

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services
Create and manage your account
Enable social features like following, liking, and commenting
Personalize your experience and provide recommendations
Analyze hair care routines and provide AI-powered insights
Send notifications about app activity and updates
Detect and prevent fraud, abuse, and security issues
Comply with legal obligations

How We Share Your Information

Third-Party Services

We share information with the following third-party service providers who maintain the same or higher standards of data protection:

Auth0: For authentication and user identity management
Amazon Web Services (AWS): For cloud storage (S3) and identity services (Cognito)
OpenAI: For AI-powered hair analysis and recommendations
Amazon Product API: For product search and recommendations

Public Content

Content you choose to make public (posts, comments, profile information) will be visible to other users of the app.

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

Data Security

We implement industry-standard security measures to protect your information, including:

Encryption of data in transit using HTTPS/TLS
Secure token-based authentication (JWT)
Regular security audits and updates
Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention and Deletion

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time through the app settings or by contacting us at contact@curlcrew.app.

Upon account deletion, we will remove your personal information from our active databases within 30 days, except where retention is required for legal compliance, dispute resolution, or enforcement of our agreements.

Your Rights and Choices

You have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Update or correct your personal information
Deletion: Request deletion of your account and personal data
Opt-Out: Unsubscribe from marketing communications
Data Portability: Request your data in a portable format

To exercise these rights, please contact us at contact@curlcrew.app or use the account settings within the app.

App Tracking Transparency (iOS)

If we track your activity across other companies' apps or websites for advertising purposes, we will request your permission through Apple's App Tracking Transparency framework. You can change your tracking preferences at any time in your device settings.

Children's Privacy

CurlCrew is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction. We ensure appropriate safeguards are in place for such transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Information

How to Reach Us

Email: contact@curlcrew.app

Mail: CurlCrew

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of your information. We do not sell your personal information.

European Data Protection Rights

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with a supervisory authority.