Privacy Policy
Privacy Policy
==============
Last updated: May 26, 2026
This Privacy Policy describes Our policies and procedures on the collection,
use and disclosure of Your information when You use the Service and tells You
about Your privacy rights and how the law protects You.
We use Your Personal Data to provide and improve the Service. By using the
Service, You agree to the collection and use of information in accordance with
this Privacy Policy. This Privacy Policy has been created with the help of the
[Privacy Policy Generator](https://www.termsfeed.com/privacy-policy-
generator/).
Interpretation and Definitions
––––––––––
Interpretation
~~~~~~~~~~~~~~
The words whose initial letters are capitalized have meanings defined under
the following conditions. The following definitions shall have the same
meaning regardless of whether they appear in singular or in plural.
Definitions
~~~~~~~~~~~
For the purposes of this Privacy Policy:
* Account means a unique account created for You to access our Service or
parts of our Service.
* Affiliate means an entity that controls, is controlled by, or is under
common control with a party, where „control” means ownership of 50% or
more of the shares, equity interest or other securities entitled to vote
for election of directors or other managing authority.
* Application refers to Color Mi Hair, the software program provided by the
Company.
* Company (referred to as either „the Company”, „We”, „Us” or „Our” in this
Privacy Policy) refers to RYA DEV TECHNOLOGY SRL, Romania, Arges, Pitesti,
str. Episcop Grigorie Leu nr. 97.
* Country refers to: Romania
* Device means any device that can access the Service such as a computer, a
cell phone or a digital tablet.
* Personal Data (or „Personal Information”) is any information that relates
to an identified or identifiable individual.
We use „Personal Data” and „Personal Information” interchangeably unless a
law uses a specific term.
* Service refers to the Application.
* Service Provider means any natural or legal person who processes the data
on behalf of the Company. It refers to third-party companies or
individuals employed by the Company to facilitate the Service, to provide
the Service on behalf of the Company, to perform services related to the
Service or to assist the Company in analyzing how the Service is used.
* Usage Data refers to data collected automatically, either generated by the
use of the Service or from the Service infrastructure itself (for example,
the duration of a page visit).
* You means the individual accessing or using the Service, or the company,
or other legal entity on behalf of which such individual is accessing or
using the Service, as applicable.
Collecting and Using Your Personal Data
–––––––––––––
Types of Data Collected
~~~~~~~~~~~~~~~~~~~~~~~
Personal Data
*************
While using Our Service, We may ask You to provide Us with certain personally
identifiable information that can be used to contact or identify You.
Personally identifiable information may include, but is not limited to:
* Email address
* First name and last name
* Phone number
* City
* Country
* Professional certification documents (e.g. hairdressing diploma), for Collaborator accounts only
Usage Data
**********
The Application does not use third-party analytics, crash-reporting,
advertising, or device-tracking tools. We do not collect device
identifiers, advertising identifiers, or diagnostic/usage analytics
from your device.
Our backend provider (Google Firebase) may process standard technical
information, such as IP address and timestamps, in server logs for
security and reliability purposes. This data is handled by Google as
described in Google’s Privacy Policy.
Information Collected while Using the Application
*************************************************
While using Our Application, in order to provide features of Our Application,
We may collect, with Your prior permission:
* Pictures and other information from your Device’s camera and photo library
We use this information to provide features of Our Service, to improve and
customize Our Service. The information may be uploaded to the Company’s
servers and/or a Service Provider’s server or it may be simply stored on Your
device.
You can enable or disable access to this information at any time, through Your
Device settings.
In addition, Collaborator accounts are required to upload a professional
certification document (e.g. a hairdressing diploma) during account
registration. This document is uploaded to and stored on the Company’s servers
and reviewed by Our team solely for the purpose of verifying Collaborator
account eligibility.
Use of Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~
The Company may use Personal Data for the following purposes:
* To provide and maintain our Service , including to monitor the usage of
our Service.
* To manage Your Account: to manage Your registration as a user of the
Service. The Personal Data You provide can give You access to different
functionalities of the Service that are available to You as a registered
user.
* For the performance of a contract: the development, compliance and
undertaking of the purchase contract for the products, items or services
You have purchased or of any other contract with Us through the Service.
* To contact You: To contact You by email, telephone calls, SMS, or other
equivalent forms of electronic communication, such as a mobile
application’s push notifications regarding updates or informative
communications related to the functionalities, products or contracted
services, including the security updates, when necessary or reasonable for
their implementation.
* To provide You with news, special offers, and general information about
other goods, services and events which We offer that are similar to those
that you have already purchased or inquired about unless You have opted
not to receive such information.
* To manage Your requests: To attend and manage Your requests to Us.
* For business transfers: We may use Your Personal Data to evaluate or
conduct a merger, divestiture, restructuring, reorganization, dissolution,
or other sale or transfer of some or all of Our assets, whether as a going
concern or as part of bankruptcy, liquidation, or similar proceeding, in
which Personal Data held by Us about our Service users is among the assets
transferred.
* For service improvement: We may use aggregated, non-identifying
information to maintain and improve the Service.
We may share Your Personal Data in the following situations:
* With Service Providers: We may share Your Personal Data with service
providers who host and operate the Service on Our behalf (such as Google
Firebase), strictly to provide and maintain the Service.
* For business transfers: We may share or transfer Your Personal Data in
connection with, or during negotiations of, any merger, sale of Company
assets, financing, or acquisition of all or a portion of Our business to
another company.
* With Affiliates: We may share Your Personal Data with Our affiliates, in
which case we will require those affiliates to honor this Privacy Policy.
Affiliates include Our parent company and any other subsidiaries, joint
venture partners or other companies that We control or that are under
common control with Us.
* With business partners: We may share Your Personal Data with Our business
partners to offer You certain products, services or promotions.
* With other users: If Our Service offers public areas, when You share
Personal Data or otherwise interact in the public areas with other users,
such information may be viewed by all users and may be publicly
distributed outside.
* With Your consent : We may disclose Your Personal Data for any other
purpose with Your consent.
Third-Party Service Providers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We use the following third-party services to operate the App. These providers
process Personal Data on Our behalf as data processors:
We select and use service providers only where their standard contractual
terms and security commitments provide protections for Personal Data that are
the same as or equivalent to the protections described in this Privacy Policy
and required by applicable law and applicable app platform rules.
* Google LLC (Firebase) — provides authentication, cloud database
(Firestore), cloud storage, and server-side functions. Data processed by
Firebase may be stored on Google’s infrastructure. Google’s Privacy Policy
is available at: https://policies.google.com/privacy. Firebase is provided
under Google’s applicable Firebase terms, including the Firebase Data
Processing and Security Terms available at:
https://firebase.google.com/terms/data-processing-terms/
Legal Basis for Processing (GDPR)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Where GDPR applies, we rely on the following legal bases under Article 6:
* Providing and maintaining the Service; managing Your Account; fulfilling
contractual obligations — Contract performance (Art. 6(1)(b))
* Security and service communications (push notifications, account emails)
— Contract performance (Art. 6(1)(b))
* Verifying Collaborator eligibility (diploma upload)
— Contract performance (Art. 6(1)(b))
* Promotional communications (news, offers)
— Legitimate interests (Art. 6(1)(f)) (You may opt out at any time)
* Business transfers — Legitimate interests (Art. 6(1)(f))
* Camera and photo library access
— Consent (Art. 6(1)(a)) (revocable via Your device settings)
* Responding to legal obligations and law enforcement
— Legal obligation (Art. 6(1)(c))
Where processing is based on consent, You may withdraw that consent at any
time without affecting the lawfulness of prior processing.
Retention of Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Company will retain Your Personal Data only for as long as is necessary
for the purposes set out in this Privacy Policy. We will retain and use Your
Personal Data to the extent necessary to comply with our legal obligations
(for example, if We are required to retain Your data to comply with applicable
laws), resolve disputes, and enforce our legal agreements and policies.
Where possible, We apply shorter retention periods and/or reduce
identifiability by deleting, aggregating, or anonymizing data. Unless
otherwise stated, the retention periods below are maximum periods („up to”)
and We may delete or anonymize data sooner when it is no longer needed for the
relevant purpose. We apply different retention periods to different categories
of Personal Data based on the purpose of processing and legal obligations:
* Account Information
* User Accounts: retained for the duration of your account relationship
plus up to 24 months after account closure to handle any post-
termination issues or resolve disputes.
* Saved Formula Records and Photos
* Saved formula records, including any photos You choose to upload from
Your camera or photo library: retained for the duration of your account
relationship or until the relevant saved formula data is no longer
needed to provide the saved formula feature. These records and uploaded
photos are deleted when Your account is deleted, unless We are legally
required or otherwise permitted to retain limited information.
* Photos You select from Your camera or photo library but do not save or
upload as part of a saved formula are not retained by Us.
* Collaborator Verification Data
* Professional certification documents, such as hairdressing diplomas:
retained while Your Collaborator account is pending review and, if
approved, for the duration of Your Collaborator account relationship so
We can maintain and verify Collaborator eligibility. These documents are
deleted when Your account is deleted, unless We are legally required or
otherwise permitted to retain limited information.
* Customer Support Data
* Support tickets and correspondence: up to 24 months from the date of
ticket closure to resolve follow-up inquiries, track service quality,
and defend against potential legal claims
Technical Logs
Server logs (such as IP addresses and access times) processed by our
backend provider (Google Firebase) for security and reliability:
retained according to Google Firebase’s standard log retention practices.
Usage Data is retained in accordance with the retention periods described
above, and may be retained longer only where necessary for security, fraud
prevention, or legal compliance.
We may retain Personal Data beyond the periods stated above for different
reasons:
* Legal obligation: We are required by law to retain specific data (e.g.,
financial records for tax authorities).
* Legal claims: Data is necessary to establish, exercise, or defend legal
claims.
* Your explicit request: You ask Us to retain specific information.
* Technical limitations: Data exists in backup systems that are scheduled
for routine deletion.
You may request information about how long We will retain Your Personal Data
by contacting Us.
When retention periods expire, We securely delete or anonymize Personal Data
according to the following procedures:
* Deletion: Personal Data is removed from Our systems and no longer actively
processed.
* Backup retention: Residual copies may remain in encrypted backups for a
limited period consistent with our backup retention schedule and are not
restored except where necessary for security, disaster recovery, or legal
compliance.
* Anonymization: In some cases, We convert Personal Data into
statistical data that cannot be linked back to You. This anonymized data
may be retained indefinitely.
Transfer of Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your information, including Personal Data, is processed at the Company’s
operating offices and in any other places where the parties involved in the
processing are located. It means that this information may be transferred to —
and maintained on — computers located outside of Your state, province, country
or other governmental jurisdiction where the data protection laws may differ
from those from Your jurisdiction.
Where required by applicable law, We will ensure that international transfers
of Your Personal Data are subject to appropriate safeguards and supplementary
measures where appropriate. The Company will take all steps reasonably
necessary to ensure that Your data is treated securely and in accordance with
this Privacy Policy and no transfer of Your Personal Data will take place to
an organization or a country unless there are adequate controls in place
including the security of Your data and other personal information.
Delete Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~
You have the right to delete or request that We assist in deleting the
Personal Data that We have collected about You.
You can initiate deletion of Your account from within the App by signing in
and opening Settings > Identity > Delete account, then confirming Delete
permanently. This starts deletion of Your entire account record and associated
Personal Data that We are not legally required or otherwise permitted to
retain, including account data, formula history, and saved preferences. For
security, You may be asked to sign in again before retrying account deletion.
You may update or amend certain information at any time by signing in to Your
Account, if you have one, and visiting the profile or settings sections that
allow You to manage Your personal information. You may also contact Us to
request access to, correct, or delete any Personal Data that You have provided
to Us. Contacting Us is a fallback option and is not required to initiate
account deletion in the App.
Please note, however, that We may need to retain certain information when we
have a legal obligation or lawful basis to do so.
Disclosure of Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Business Transactions
*********************
If the Company is involved in a merger, acquisition or asset sale, Your
Personal Data may be transferred. We will provide notice before Your Personal
Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
***************
Under certain circumstances, the Company may be required to disclose Your
Personal Data if required to do so by law or in response to valid requests by
public authorities (e.g. a court or a government agency).
Other legal requirements
************************
The Company may disclose Your Personal Data in the good faith belief that such
action is necessary to:
* Comply with a legal obligation
* Protect and defend the rights or property of the Company
* Prevent or investigate possible wrongdoing in connection with the Service
* Protect the personal safety of Users of the Service or the public
* Protect against legal liability
Security of Your Personal Data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The security of Your Personal Data is important to Us, but remember that no
method of transmission over the Internet, or method of electronic storage is
100% secure. While We strive to use commercially reasonable means to protect
Your Personal Data, We cannot guarantee its absolute security.
Children’s Privacy
––––––
Our Service is intended for users who are at least 18 years old. We do not
knowingly collect Personal Data from anyone under the age of 18, and the App
does not collect date of birth as part of registration. If You are a parent or
guardian and You are aware that Your child has provided Us with Personal Data,
please contact Us. If We become aware that We have collected Personal Data
from anyone under the age of 18, We take steps to remove that information
from Our servers and may suspend or terminate the related account, subject to
legal retention requirements.
Your Data Protection Rights (GDPR)
––––––––––––
If You are located in the European Union, You have the following rights under
the General Data Protection Regulation (GDPR):
* Right of Access (Art. 15): You have the right to request a copy of the
Personal Data We hold about You.
* Right to Rectification (Art. 16): You have the right to request that We
correct any Personal Data You believe is inaccurate or incomplete.
* Right to Erasure (Art. 17): You have the right to request that We delete
Your Personal Data, subject to certain legal exceptions.
* Right to Restriction of Processing (Art. 18): You have the right to
request that We restrict the processing of Your Personal Data under
certain conditions.
* Right to Data Portability (Art. 20): You have the right to request that
We transfer Personal Data We have collected to another organisation, or
directly to You, in a structured, commonly used, machine-readable format.
* Right to Object (Art. 21): You have the right to object to Our processing
of Your Personal Data where We rely on legitimate interests as the legal
basis.
* Right to Withdraw Consent (Art. 7): Where processing is based on Your
consent, You have the right to withdraw that consent at any time.
Withdrawal does not affect the lawfulness of processing carried out before
withdrawal.
To exercise any of these rights, please contact Us at support@ryadev.com. We
will respond to Your request within 30 days.
If You believe that We have not addressed Your concern adequately, You have
the right to lodge a complaint with the Romanian National Supervisory
Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.
Links to Other Websites
––––––––
Our Service may contain links to other websites that are not operated by Us.
If You click on a third party link, You will be directed to that third party’s
site. We strongly advise You to review the Privacy Policy of every site You
visit.
We have no control over and assume no responsibility for the content, privacy
policies or practices of any third party sites or services.
Changes to this Privacy Policy
––––––––––
We may update Our Privacy Policy from time to time. We will notify You of any
changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior
to the change becoming effective and update the „Last updated” date at the top
of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this
page.
Contact Us
–––-
If you have any questions about this Privacy Policy, You can contact us:
* By email: support@ryadev.com