beautyflo
← Back to home

Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains how beautyflo ("we", "us") collects, uses, and protects information when you use the beautyflo mobile application for beauty professionals, the beautyflo protocol viewer, and our website at beautyflo.co (together, the "Service").

Who we are

beautyflo is the data controller responsible for the personal information processed through the Service: HueCraft B.V., Ameidestraat 5, 5701NN Helmond, Netherlands (Chamber of Commerce / KvK no. 978806579).

beautyflo is the controller for all personal information in the Service, including the client details that beauty professionals add in order to create and send protocols. If you are a client whose details a professional has added, your information reaches us from that professional, and you can exercise your rights by contacting us (see "Your rights and choices").

Information we collect

  • Account informationyour email address, used to sign you in through our authentication provider.
  • Content you createcare protocols, service and product recommendations, notes, and the client details you add so you can send protocols to your clients.
  • Client informationthe contact and care details you enter about a client so you can send them protocols.
  • Photoswhen you use the beauty scan, photos you capture or upload of hair or skin are stored and analysed to generate recommendations.
  • Voice recordingswhen you answer questions by voice, audio is recorded and converted to text; we keep the resulting text.
  • Profile photoan image you optionally choose for your profile.
  • Contactsonly if you grant permission, and only the contact details you select, used to help you invite clients.
  • Waitlist informationif you sign up on our website, the name, email, and role you submit.
  • Device and usage informationbasic technical data such as app version and device type, used to operate and improve the Service.

Special categories of data

Some of the information you provide may be treated as "special category" data under the GDPR. Photos of hair or skin submitted for analysis can reveal information related to your health or appearance, and voice recordings may be considered biometric data. We process this information only to provide the features you ask for — primarily to generate recommendations — and only on the basis of your explicit consent. You can withdraw that consent at any time, which stops further processing without affecting what we did beforehand.

How we use information and our legal bases

We use your information for the purposes below. Under the GDPR, each purpose relies on a legal basis:

  • Providing the Servicerunning sign-in, creating and sending protocols, and the beauty scan. Legal basis: performance of our contract with you.
  • Generating recommendationsanalysing photos and transcribing voice to produce care protocols. Legal basis: your explicit consent (see "Special categories of data").
  • Using your contactshelping you invite clients, where you grant permission. Legal basis: your consent.
  • Security and improvementkeeping the Service safe, preventing abuse, diagnosing problems, and improving features. Legal basis: our legitimate interests.
  • Communicating with yousending service messages and, if you joined our waitlist, updates about beautyflo. Legal basis: performance of our contract, or your consent for marketing messages.

AI processing

To generate recommendations and transcribe voice answers, photos and audio (or the text derived from them) are sent to our AI provider for processing. This content is processed to return results to you and is not used by the provider to train its models, in accordance with its applicable API terms.

These recommendations support your professional judgement; they are not decisions that produce legal or similarly significant effects, and you, the professional, review and approve protocols before they are sent. Where you interact with an AI feature, we make that clear within the app.

Service providers

We share information only with providers that help us run the Service, under agreements that limit their use of it:

  • Authentication providersecure email sign-in.
  • AI providerimage analysis, voice transcription, and recommendation generation.
  • Cloud storage providerstoring uploaded photos.
  • Hosting and database providerrunning our servers and storing your account and protocol data.
  • Email providersending waitlist and service emails.

We do not sell your personal information, and we do not use advertising or tracking cookies.

International transfers

Your information may be processed in countries outside the European Economic Area, including by some of our service providers. Where that happens, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an adequacy decision — to protect your information.

Data retention

We keep your information for as long as your account is active or as needed to provide the Service. When you ask us to delete your account, we delete your personal information, except where we must keep limited records to meet legal obligations.

Security

We use industry-standard measures, including encryption in transit (HTTPS), to protect your information. No method of transmission or storage is completely secure, but we work to safeguard your data.

Your rights and choices

Under the GDPR you have the right to:

  • Accessobtain a copy of the personal information we hold about you.
  • Rectificationhave inaccurate or incomplete information corrected.
  • Erasureask us to delete your personal information.
  • Restriction and objectionlimit or object to certain processing.
  • Portabilityreceive your information in a structured, commonly used format.
  • Withdraw consentwithdraw consent you have given at any time, without affecting processing carried out before the withdrawal.

You can also manage permissions such as contacts, camera, and microphone access in your device settings at any time, and you can delete your account and associated data from within the app or by contacting us.

To make a request, contact us at info@beautyflo.co. You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens.

Children

The Service is intended for beauty professionals and is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date above. If the changes are significant, we will take reasonable steps to let you know.

Contact us

If you have questions about this policy or your data, contact us at info@beautyflo.co, or write to us at HueCraft B.V., Ameidestraat 5, 5701NN Helmond, Netherlands.