Privacy Policy

Last Updated: October 24, 2025

Privacy-First Design

We do NOT store your photos on our servers. Your images are processed temporarily for AI analysis and immediately deleted. No registration required, completely anonymous.

1. Introduction

Welcome to NorMark. We are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Our Core Principles:

Privacy-First: We do not store photos or require registration
Transparency: Open-source project with full code visibility
Compliance: We follow GDPR and CCPA standards globally
Minimal Data: We collect only what's necessary for the service

2. Information We Collect

2.1 Photos (Not Stored)

What we collect: Photos of your hairline that you upload for AI analysis.

How we process:

Photos are transmitted through Vercel servers (hosting provider) to OpenAI API
OpenAI's AI model analyzes the images to determine your Norwood Scale stage
We do NOT store photos on our own servers
Photos are automatically deleted from our system after analysis
OpenAI processes images according to their Privacy Policy

Important: While we don't store your photos, they are temporarily processed by OpenAI (third-party AI provider). Please review OpenAI's privacy policy for details on their data handling practices.

2.2 Email Addresses (Optional, Not Stored)

What we collect: Your email address, only if you choose to receive results via email.

How we use it:

We send your assessment results (including photos) to your email address via Namecrane
We do NOT store your email address
Namecrane (email service provider) does not save email contents after sending
The photos and results are saved in your email inbox, not on our servers

Email Service Provider: Namecrane (Privacy Policy)

2.3 Usage Data (Anonymous)

What we collect: Anonymous analytics data through Vercel Analytics.

Data includes:

Page views and visit duration
Device type and browser information
Geographic location (country/region level only)
Referral source (how you found our site)

Important: This data is completely anonymous and cannot identify individual users.

2.4 Cookies and Local Storage

We use minimal cookies and browser storage:

sessionStorage: Temporarily stores your assessment results in your browser (automatically cleared when you close the tab)
No tracking cookies: We do not use persistent cookies to track you across websites
Vercel Analytics: Uses minimal, anonymous cookies for analytics

3. Third-Party Services

We rely on trusted third-party providers to deliver our service. Your data may be processed by these services:

OpenAI (AI Provider)

Purpose: AI image analysis to determine Norwood Scale stage

Data shared: Your uploaded photos

View Privacy Policy

Namecrane (Email Service)

Purpose: Send assessment results to your email

Data shared: Your email address, photos, and results

Server Location: Europe (GDPR compliant)

Website: namecrane.com

View Privacy Policy

Vercel (Hosting & Analytics)

Purpose: Website hosting and anonymous analytics

Data shared: Anonymous usage data

View Privacy Policy

4. Data Storage and Security

Our Security Measures:

No Server-Side Storage: We do not store photos or email addresses on our servers
HTTPS Encryption: All data transmitted between your browser and our servers is encrypted
Third-Party Security: We rely on industry-leading providers (OpenAI, Vercel, Namecrane) with robust security measures
sessionStorage Only: Results are stored locally in your browser and automatically cleared when you close the tab
Open Source: Our code is transparent and can be audited by anyone

Note: While we implement best practices, no internet transmission is 100% secure. Please do not upload photos if you have serious privacy concerns.

5. International Data Transfers

Our service uses providers with servers in different countries, which means your data may be transferred internationally:

Vercel: Global CDN network
OpenAI: Servers primarily in the United States
Namecrane: Email servers in Europe (GDPR compliant)

We comply with GDPR standards for international data transfers. By using our service, you acknowledge and consent to this processing.

6. Your Rights (GDPR & CCPA)

Under GDPR and CCPA, you have the following rights:

Right to Access: Since we don't store your data, there is no data to access.

Right to Deletion: Your photos and results are automatically deleted. sessionStorage is cleared when you close your browser tab.

Right to Opt-Out:

Analytics: Disable JavaScript in your browser
Email: Simply don't provide your email address

Right to Data Portability: Not applicable (no stored data).

Do Not Sell My Personal Information (CCPA): We do NOT sell your personal information.

7. Children's Privacy

Age Restriction: Our service is intended for users aged 18 and above.

COPPA Compliance: We do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

Parental Responsibility: If you are under 18, please use this service only with parental supervision.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How we notify you:

The "Last Updated" date at the top of this page will be changed
For significant changes, we may display a notice on our homepage

Your responsibility: We encourage you to review this policy periodically.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@norwood-scale.com

Response Time: We typically respond within 24-48 hours

For Technical Issues: Please also check our FAQ section

This privacy policy is effective as of October 24, 2025. We comply with GDPR (European Union) and CCPA (California) standards to ensure your data is protected regardless of your location.