HairSim Logo

Privacy Policy

Last updated: 8/28/2025 Thank you for choosing Hairsim.ai. Protecting your privacy is very important to us. This Privacy Policy explains how Nimo Labs LLC (“Hairsim.ai,” “we,” “us,” “our”) collects, uses, discloses, and safeguards your information when you visit hairsim.ai, use any of our simulators or chatbots, embed our widgets, create a Clinic account, or otherwise interact with our services (collectively, the “Service”). If you do not agree with this Privacy Policy, please do not use the Service. WHO WE ARE Data controller: Nimo Labs LLC 30 N Gould St, Ste N Sheridan, Wyoming 82801, USA Email: jeronimo@hairsim.ai If you are a visitor or patient in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, Nimo Labs LLC is the controller of your personal data for purposes of the EU/UK General Data Protection Regulation (“GDPR”). Clinic accounts: When a hair-transplant clinic (“Clinic”) purchases or collects a lead, that Clinic becomes an independent controller of that individual’s personal data for its own marketing and patient-management activities. Clinics must comply with all applicable privacy laws, including providing their own privacy disclosures. SCOPE This Policy covers personal information we collect online and offline through: • the public simulator and lead store, • the widget simulator and widget chatbot, • the dashboard simulator and patient database, • our website, emails, and social-media pages, and • related sales and marketing activities. INFORMATION WE COLLECT 3.1 Information you provide to us • Contact details: name, email, phone number (SMS/voice verification may apply), country and city. • Account details: business name, address, tax/VAT number, payment currency, plan selections, login credentials. • Photos & images: facial photographs or scalp images uploaded for AI simulations. • Patient or lead notes: age range, hair-loss pattern, stage, or any other free-text fields a Clinic chooses to store. • Customer support: messages, tickets, survey responses. 3.2 Information we collect automatically • IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, session date/time, clickstream data. • Approximate geolocation (country/city) derived from your IP address. • Usage metrics such as credits consumed, simulation counts, and widget load statistics. We gather this data via cookies, pixels, and similar technologies (see Section 8). 3.3 Information from third parties • Payment processor: Stripe sends us a tokenized payment ID, card type (no full card number), billing country, and fraud signals. • Authentication providers: if you choose a third-party login (e.g., Google), we receive the basic profile information you authorize. • Public sources: we may enrich Clinic profiles with publicly available business data. HOW WE USE YOUR INFORMATION We use personal information to: a) Provide, operate, and maintain our Service. b) Verify user identities and guard against fraud and abuse. c) Create AI hair-transplant simulations and display results. d) Facilitate the lead store—allow a single Clinic to purchase exclusive rights to contact a visitor who requested a simulation. e) Deliver widget leads directly to the subscribing Clinic. f) Process payments, manage subscriptions, allocate credits, and send invoices/receipts. g) Respond to inquiries, provide support, and send important service notices. h) Improve and develop new features, models, and algorithms. i) Conduct analytics, A/B testing, and performance monitoring. j) Send marketing or promotional messages (you can opt out at any time). k) Detect, investigate, and prevent security incidents or violations of our Terms of Service. l) Comply with legal obligations and enforce our agreements. LEGAL BASES (GDPR) We rely on the following lawful bases for processing: • Performance of a contract – to provide the Service to Clinics and visitors. • Consent – for capturing and processing photos, sending marketing emails, and sharing a visitor’s contact details with a purchasing Clinic. You may withdraw consent at any time (see Section 11). • Legitimate interests – for fraud prevention, product improvement, analytics, and limited B2B marketing to existing or prospective customers. • Legal obligation – to maintain tax and accounting records, or respond to lawful requests. HOW WE SHARE INFORMATION We do not sell personal data. We disclose it only as described below: 6.1 With Clinics • When you run a free public simulation, your contact details (not your images) are stored as a “Lead.” If a Clinic spends credits to purchase that Lead, we transfer your contact details exclusively to that Clinic. • If you use a widget simulator on a Clinic’s own website, your details go directly to that Clinic. 6.2 Service providers We engage vetted vendors under written contracts that require confidentiality and security. Typical providers include hosting (AWS), image-processing and AI infrastructure, analytics, email delivery, SMS verification, and payment processing (Stripe). 6.3 Legal and compliance We may disclose information if we believe in good faith that it is reasonably necessary to (a) comply with a law, regulation, subpoena, or court order; (b) protect the rights, property, or safety of Hairsim.ai, our users, or others; or (c) detect and address fraud or security issues. 6.4 Business transfers If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections. 6.5 Aggregated or de-identified data We may share statistics that do not identify individuals, such as total simulations per month or average credit consumption. INTERNATIONAL DATA TRANSFERS We are headquartered in the United States and our servers are currently located in the U.S. Your information may therefore be transferred to, stored, or processed in the United States or other countries where we or our service providers operate. Where required by law, we rely on one or more of the following safeguards for cross-border transfers: • Adequacy decisions for certain jurisdictions; • Standard Contractual Clauses approved by the European Commission; • Your explicit consent. COOKIES & SIMILAR TECHNOLOGIES We and our partners use cookies, pixels, and local-storage to: • keep you logged in, • remember preferences, • measure site traffic and performance, • understand marketing campaign effectiveness. You can manage cookie preferences through your browser settings or native “do-not-track” controls. Rejecting cookies may impair some Service features. DATA RETENTION • Leads (contact details) – 24 months from collection, unless the purchasing Clinic instructs us to delete earlier or law requires longer storage. • Simulation images generated via the public simulator – deleted automatically after 90 days. • Widget or dashboard simulations – retained for as long as the Clinic account remains active or until the Clinic deletes them. • Account, billing, and tax records – 7 years (or longer if required by applicable law). • Logs and security data – up to 12 months. We may anonymize certain data for research or statistical purposes and retain it indefinitely. HOW WE PROTECT YOUR INFORMATION We employ administrative, technical, and physical safeguards, including encryption in transit (TLS), encryption at rest for stored images and personal data, role-based access controls, periodic penetration testing, and least-privilege principles. No internet transmission or storage system is 100 % secure; therefore, we cannot guarantee absolute security. YOUR PRIVACY RIGHTS Depending on your location, you may have the following rights: • Right to access – obtain a copy of your personal data. • Right to rectification – request corrections of inaccurate or incomplete data. • Right to erasure – ask us to delete your personal data in certain circumstances. • Right to restriction – limit our processing in certain situations. • Right to object – object to processing based on legitimate interests or direct marketing. • Right to data portability – receive your data in a structured, machine-readable format. • Right to withdraw consent – for any processing based on consent, at any time. To exercise these rights, email jeronimo@hairsim.ai with the subject line “Privacy Request.” We may need to verify your identity before completing your request. If you believe we have not handled your request properly, you have the right to lodge a complaint with your local supervisory authority. California residents: Hairsim.ai does not meet current thresholds for coverage under the California Consumer Privacy Act (“CCPA”), but we will still honor reasonable access or deletion requests as described above. CHILDREN’S PRIVACY The Service is intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal information, please contact us and we will delete it. THIRD-PARTY LINKS & TOOLS Our website or widgets may link to external sites or offer integrations (e.g., Google login). We are not responsible for those third-party privacy practices. Please review their policies before providing personal information. CHANGES TO THIS PRIVACY POLICY We may update this Policy from time to time. If we make material changes, we will notify you by email, in-app message, or a prominent notice on our homepage at least 30 days before the changes take effect. The “Last updated” date at the top indicates the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised Policy. CONTACT US Questions or concerns? Email: jeronimo@hairsim.ai Mail: Nimo Labs LLC, 30 N Gould St, Ste N, Sheridan, WY 82801, USA Copyright © 2025 Nimo Labs LLC. All rights reserved.