Free worldwide shipping on orders over $150 Made in Singapore Award-winning organic formula

Legal

Privacy policy

We take your privacy seriously. This policy explains how we collect, use, and protect your personal data when you use our website and services.

1. Information we collect

When you use our website, make a purchase, or contact us, we may collect the following information:

  • Personal identifiers — name, email address, phone number, shipping address, and billing address.
  • Account data — username, password (hashed), order history, subscription preferences, and saved addresses.
  • Transaction data — purchase details, payment method type (we do not store full credit card numbers; payments are processed securely by Stripe).
  • Communication data — messages sent through our contact form, hair analysis submissions, and customer service inquiries.
  • Technical data — IP address, browser type, device information, and website usage patterns collected through cookies and analytics.

2. How we use your information

We use your personal data to:

  • Process and fulfil your orders, including shipping and returns.
  • Manage your account, subscriptions, and preferences.
  • Communicate with you about your orders, hair analysis results, and customer service inquiries.
  • Send marketing emails (only with your consent — you can unsubscribe anytime).
  • Improve our website, products, and customer experience.
  • Comply with legal obligations and prevent fraud.

3. Payment processing

All payments are processed through Stripe, a PCI-DSS compliant payment processor. We do not store your full credit card details on our servers. Stripe's use of your personal data is governed by their own privacy policy.

4. Data storage & security

Your data is stored on secure servers using Firebase (Google Cloud) infrastructure. We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. While we take all reasonable precautions, no method of electronic storage is 100% secure.

5. Data retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you close your account, we will delete or anonymise your data within 90 days, except where we are required to retain it for legal or regulatory reasons (e.g., transaction records for tax purposes).

6. Cookies

We use essential cookies for site functionality (e.g., keeping you signed in, remembering your cart) and analytics cookies to understand how visitors use our site. You can disable cookies in your browser settings, but some features may not work correctly.

7. Third-party services

We share data with trusted third parties only as necessary to operate our business: Firebase (authentication and data storage), Stripe (payment processing), Resend (transactional emails), and Google Analytics (website analytics). Each provider is contractually bound to protect your data.

8. Your rights

Under Singapore's Personal Data Protection Act (PDPA) and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data (subject to legal retention requirements).
  • Withdraw consent for marketing communications.
  • Request a copy of your data in a portable format.

To exercise any of these rights, contact us using the details below.

9. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our website. The latest version will always be available at this page.

10. Contact us

If you have questions about this privacy policy or how we handle your data, contact us:

Last updated: May 2026