Analysis
HAIR LABS AI LTD

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how HAIR LABS AI LTD (trading as "Hair Labs") ("Hair Labs", "we", "us", or "our") collects, uses, discloses, and otherwise processes personal information when you visit, use our services, make a purchase from www.hairlabs.ai (the "Site"), or otherwise communicate with us.

This Privacy Policy applies to customers, website visitors, and other individuals interacting with us in the context of our services.

For the purposes of the UK GDPR, we are the data controller of your personal information unless otherwise stated. We may process personal information from individuals in the United Kingdom, the United States, and other jurisdictions where our Site may be accessed. Where certain rights or obligations apply only in a specific jurisdiction, we indicate this in the relevant section.

1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on this page and the "Last updated" date will be revised accordingly.

Where required by applicable law, including certain US state privacy laws, we will provide notice of material changes and, where necessary, obtain consent before processing personal information in materially different ways.

2. Information We Collect

We collect personal information that is necessary to provide our services, fulfil orders, manage subscriptions, operate our Site, and comply with legal obligations.

2.1 Information you provide directly

  • Contact information: name, email address, phone number, shipping and billing address.
  • Order and transaction information: items purchased, order history, delivery details, returns/refunds, subscription details, if applicable.
  • Payment information, limited: payment method and transaction metadata, such as the last four digits of a payment card.

Note: Full payment card details are processed securely by our payment processors, such as Shopify Payments, PayPal, or other payment providers available at checkout, and are not stored by us.

  • Account information: account identifiers, authentication status, communication preferences, and information associated with your customer account. Customer account authentication may be handled by Shopify and related providers. We do not store customer account passwords.
  • Customer support information: information you choose to provide in messages, enquiries, or requests. Please do not provide health or medical information unless necessary for your request.
  • Marketing preferences: newsletter subscriptions, communication preferences, and interactions with our emails and promotional messages.

2.2 Information collected automatically

When you use the Site, we may automatically collect:

  • Device and network information: device type, browser type, operating system, IP address.
  • Usage information: pages viewed, time spent, clicks, referral source, and interaction patterns.
  • Approximate location: derived from IP address.

We collect this information using cookies, pixels, tags, scripts, and similar technologies, and through analytics and marketing tools, for example Google Analytics, Klaviyo, Meta Pixel, TripleWhale, and similar providers.

2.3 Information from third parties

We may receive personal information from third-party partners and service providers that support our operations, including:

  • E-commerce platforms, including Shopify.
  • Payment processors.
  • Subscription and customer portal providers, including Recharge, to manage recurring orders, billing schedules, subscription changes, customer portal functionality, and related subscription communications.
  • Fulfilment and logistics providers, including third-party logistics partners.
  • Customer support providers.
  • Analytics and marketing providers.

3. How We Use Your Personal Information

We process personal information for the following purposes:

  • Order fulfilment and service delivery: to process orders, take payment, deliver products, manage subscriptions, handle returns and refunds, and send service-related communications.
  • Customer support: to respond to enquiries, provide assistance, and handle complaints or issues.
  • Account management and security: to create and manage accounts, authenticate users, maintain and secure our services, prevent fraud, and detect misuse.
  • Marketing and personalisation: to send marketing communications where permitted, tailor content and offers, and measure the effectiveness of campaigns.
  • Analytics and Site improvement: to understand how our Site is used, improve functionality and performance, and troubleshoot issues.
  • Compliance and legal obligations: to comply with applicable laws, accounting and tax requirements, enforce our terms, and protect our rights.

4. Legal Basis for Processing (UK)

If you are located in the UK, we rely on the following legal bases under the UK GDPR as applicable:

  • Contractual necessity: to fulfil orders and provide the requested services.
  • Consent: where required, for example certain marketing communications and non-essential cookies.
  • Legitimate interests: to operate and improve our services, prevent fraud, and measure and optimise marketing where permitted and balanced against your rights.
  • Legal obligation: to comply with legal and regulatory requirements, for example tax and accounting obligations.

5. Disclosure and Sharing of Personal Information

We may disclose personal information to trusted service providers and partners, including:

  • Payment processing providers to process transactions securely.
  • Fulfilment and logistics partners, including third-party logistics providers such as Huboo, Product Fulfillment Solutions, or other 3PLs we may use, to pick, pack, ship, and manage returns.
  • Subscription and customer portal providers, including Recharge, to manage recurring orders, billing schedules, subscription changes, and customer portal functionality.
  • Marketing and analytics providers, including Klaviyo, Google Analytics, Meta, and similar providers, to help us understand Site performance, communicate with customers, and run advertising campaigns.
  • Professional advisers, including legal, accounting, and audit advisers, where necessary.
  • Regulators and law enforcement where required to comply with law or protect rights.

We may also disclose personal information in connection with a corporate transaction, such as a reorganisation, merger, acquisition, or asset sale, subject to appropriate safeguards.

US Notice: Sale, Sharing, and Targeted Advertising

For US residents: certain disclosures of personal information to advertising and analytics partners may be considered a "sale" or "sharing" of personal information, or "targeted advertising", under applicable US state privacy laws, depending on how those partners use the information. See Section 11 for details on your rights and opt-out options.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable Site functionality.
  • Remember preferences.
  • Understand usage and performance.
  • Support advertising and measurement.

Where required by applicable law, including UK rules on cookies and ePrivacy, we will request your consent before placing non-essential cookies and similar technologies. You can manage your cookie preferences via our cookie banner or cookie settings link where available, and you can also adjust cookie settings through your browser controls. Disabling certain cookies may affect Site functionality.

For more information, please refer to our Cookie Policy on the Site.

7. International Transfers

Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United Kingdom and the United States, where our service providers may operate.

8. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods include:

  • Order and transaction records: generally 6-7 years for accounting and tax obligations.
  • Account information: while your account remains active, or up to 2 years after prolonged inactivity unless you request deletion.
  • Customer support records: generally up to 2 years, unless longer is needed for disputes or legal obligations.
  • Marketing preferences: until you unsubscribe or withdraw consent, and thereafter only as needed for suppression lists and compliance.
  • Analytics and tracking data: retained for a limited period depending on configuration, for example GA4 event/user data is typically configured between 2 and 14 months, then deleted or aggregated.

9. Your Rights

If you are located in the UK, you may have the right to:

  • Access your personal information.
  • Correct inaccurate information.
  • Request deletion.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at concierge@hairlabs.ai.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

10. Marketing Communications

We may send marketing communications by email or text message where permitted by law and based on your preferences, including consent where required.

You can opt out at any time by:

Opting out of marketing does not affect service-related communications, such as order confirmations and shipping updates.

11. Additional Privacy Rights for US Residents

This section applies to residents of US states with consumer privacy laws, which may include, depending on applicability: California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others.

11.1 Categories of personal information collected

In the preceding 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, phone number, IP address, account identifiers.
  • Commercial information: purchase history and transaction data.
  • Internet or network activity: browsing and interaction data on our Site.
  • Geolocation data: approximate location derived from IP address.
  • Inferences: preferences or interests inferred from your interactions, for example to personalise marketing.

11.2 Sensitive personal information

We do not collect or process "Sensitive Personal Information" as defined by the CCPA/CPRA for the purpose of inferring characteristics about you. If we process sensitive information, we do so only as necessary to provide services you request or as otherwise permitted by law.

11.3 Disclosures, sale/sharing, and targeted advertising

We disclose personal information to service providers and processors for business purposes such as order fulfilment, payments, subscription management, customer support, analytics, security, and marketing.

Some disclosures to advertising and analytics partners may be considered "selling" or "sharing", or "targeted advertising", under certain US state laws when used for cross-context behavioural advertising. You can opt out as described below.

Categories that may be disclosed for advertising or analytics purposes include:

  • Identifiers, such as IP address, device ID, or cookie ID, disclosed to advertising networks and analytics providers, including Meta, Google Ads, Google Analytics, TripleWhale, and similar providers, for campaign measurement, retargeting, audience building, and advertising optimisation.
  • Internet or network activity, such as pages visited, browsing history, and ad interactions, disclosed to advertising networks and analytics providers, including Meta, Google Ads, Google Analytics, TripleWhale, Klaviyo, and similar providers, for campaign measurement, retargeting, audience building, and advertising optimisation.

Disclosures to service providers or contractors processing personal information on our behalf are not treated as sales or sharing where applicable law provides that exception.

11.4 Your rights

Depending on your state of residence, you may have rights to:

  • Access or know the personal information we collect about you.
  • Delete personal information, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale/sharing of personal information and/or targeted advertising.
  • Non-discrimination for exercising your rights.
  • Limit use of sensitive personal information where applicable under California law.

11.5 How to exercise your rights

To submit a privacy request, you may email us at concierge@hairlabs.ai.

Where available, you may also use the cookie settings panel, privacy choices link, or "Do Not Sell or Share My Personal Information" link on the Site.

We may need to verify your identity before responding. Where permitted, you may designate an authorised agent to submit a request on your behalf.

We aim to respond within the timeframes required by law, typically within 45 days, with extensions of up to an additional 45 days where permitted with notice.

11.6 Financial incentives

We may offer promotions, discounts, or other incentives, for example a discount for subscribing to our email list or joining a waitlist, that involve the collection of personal information. Your participation is voluntary. Details of each programme, including any terms and conditions, are provided at the time of sign-up. You may opt out at any time by unsubscribing from the relevant communications or contacting us at concierge@hairlabs.ai.

11.7 Do Not Track and Global Privacy Control

Where required by applicable law and where our systems can detect it, we treat Global Privacy Control (GPC) signals as a valid request to opt out of the sale/sharing of personal information for certain online tracking and advertising activities.

We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no universally accepted standard for how to respond to such signals. If a standard is adopted in the future, we will update this policy accordingly.

11.8 Appeals

If we deny your request, you may appeal by replying to our response email or contacting us at concierge@hairlabs.ai with the subject line "Privacy Appeal".

For California residents: if you are not satisfied with our response, you may contact the California Office of the Attorney General at oag.ca.gov or the California Privacy Protection Agency at cppa.ca.gov.

12. Children's Data

Our Site is not directed to children and our products are not intended for purchase by children.

We do not knowingly collect personal information from children under 13. We also do not knowingly sell or share the personal information of consumers under 16.

If you believe a child has provided us personal information, please contact us at concierge@hairlabs.ai and we will take appropriate steps to delete it.

13. Security of Your Data

We implement reasonable administrative, technical, and organisational safeguards designed to protect personal information, including encryption in transit (TLS/SSL) and reliance on PCI-DSS-compliant payment processing through our payment providers.

No method of transmission or storage is fully secure. If you believe your account has been compromised, contact us at concierge@hairlabs.ai.

14. Third-Party Links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing personal information.

15. Contact Information

HAIR LABS AI LTD (trading as Hair Labs)
96 Kensington High Street
London, W8 4SG
United Kingdom

Email: concierge@hairlabs.ai
Phone: +44 (0)203 7272 691

For California residents: if you are not satisfied with our response to a privacy request, you may contact the California Office of the Attorney General at oag.ca.gov or the California Privacy Protection Agency at cppa.ca.gov.

For UK residents: you may lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.