Privacy Policy

Effective date: March 17, 2026  |  Last updated: March 31, 2026

FreshPass ("we," "us," or "our") operates the FreshPass mobile application and website at getfreshpass.com (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use and share it, and your rights regarding that data.

By creating an account or using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

1.2 Information Collected Through Third-Party Login

You may sign in using Facebook, Google, or Apple. When you do, we receive the following from the provider:

We do not receive or store your social-login passwords. We do not post on your behalf or access your friends list.

1.3 Information Collected Automatically

1.4 Face & Image Data (AI Hair Try-On)

Our AI Hair Try-On feature allows you to upload a photo to receive personalised hairstyle previews. When you use this feature:

2. How We Use Your Information

We use the data we collect to:

3. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

RecipientData sharedPurpose
Stripe, Inc. Name, email, phone, billing address, payment method details, transaction amounts Payment processing, subscription billing, business payouts (Stripe Connect)
Facebook / Meta Authentication tokens (during login) Social sign-in authentication
Google Authentication tokens (during login); address/location queries Social sign-in; Google Maps proximity search
Apple Authentication tokens (during login) Social sign-in authentication
Expo (expo.dev) Push tokens, notification content Delivering push notifications to your mobile device
Replicate, Inc. (AI processing) User-submitted face images, text prompts, business ID. Facial attributes (face shape, skin tone, approximate age) are derived during processing. Hair try-on simulations and social-media content generation. Images are deleted within 24 hours of processing. Not used for AI model training.
Email service provider Email address, name, notification content Sending transactional emails (appointment confirmations, verification codes, etc.)
Businesses on FreshPass Your name, contact info, appointment details, reviews Fulfilling bookings and enabling customer–business communication

We may also disclose data if required by law, court order, or governmental regulation, or to protect the rights, safety, or property of FreshPass, our users, or the public.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

To exercise any of these rights, contact us at support@fresh-pass.com. We will respond within 30 days.

7. Facebook Data Use

This section describes how we handle data received through Facebook Login, in compliance with the Meta Platform Terms and Developer Policies.

7.1 Data We Receive from Facebook

When you choose to log in with Facebook, we request only the following permissions:

We support both the standard access-token flow and Facebook Limited Login (OIDC). No additional permissions are requested.

7.2 How We Use Facebook Data

7.3 Data Retention & Deletion

7.4 Revoking Access

7.5 Data Deletion Callback

FreshPass supports Facebook's Data Deletion Request Callback. When you remove FreshPass from your Facebook settings, Facebook sends us a deletion request, and we automatically delete all data associated with your Facebook user ID. You may also use our User Data Deletion Instructions page to initiate deletion directly.

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at support@fresh-pass.com.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Stripe, Expo, Google, Meta, Apple, Replicate) operate. In particular, face images submitted to the AI Hair Try-On feature are processed on Replicate's servers in the United States. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.

10. Cookies and Similar Technologies

Our web application uses session cookies to maintain your login state and language preference. We do not use third-party advertising or analytics cookies. The mobile application does not use cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through in-app notifications or email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: