Privacy policy — kepek.net

Short version: we do not store your photos. They are deleted from memory as soon as the analysis finishes. If you create an account we keep only your email, name and summary scores. We never sell your data.

1. Data controller

kepek.net (the operator of this site) is the data controller. Contact: [email protected].

2. What we collect

Scalp photos — Images you upload are held in volatile (in-memory) storage only during the AI analysis. They are deleted the moment the job completes. They are never written to disk or object storage.

Analysis results — Score, sub-metrics, observation text and the suggested care plan. Text only, no images.

Account information (if you register) — Name, email, language preference, notification settings.

Technical data — Browser type, session UUID, IP hash, click events (affiliate). Raw IPs are not stored; they are SHA-256 hashed with a daily-rotating salt.

3. How we use the data

To deliver scalp observation and suggest a care plan
To secure your account (sessions, password reset)
To manage newsletter subscriptions (only emails you opted into)
To improve the system using aggregate, anonymous usage statistics
To comply with legal obligations

4. AI training

We do not use your uploaded photos to train AI models. Our model is trained on licensed datasets and examples labelled by our in-house trichology team.

5. Third-party sharing

We do not sell your data. We only share it in the following cases:

Infrastructure providers — hosting, transactional email (Resend), AI inference (OpenAI, anonymous image only). All bound by GDPR-aligned data-processing agreements.
Legal obligation — court order or statutory requirement.

6. OpenAI API

The visual scalp analysis runs on OpenAI's gpt-4o-mini vision model. Per OpenAI's API data usage policy, data submitted via API is not used for training and is purged from OpenAI's servers within 30 days. On our side, your photo is removed from memory the moment the analysis finishes and is never written to any persistent store.

To minimise the chance of capturing sensitive information, we suggest you frame the photo top-down on the parting. The face and surroundings should not be visible.

7. Cookies

We use strictly necessary cookies only: session management and remembering your preferences. There are no third-party advertising or analytics cookies. We use Plausible, a privacy-first alternative, instead of Google Analytics.

8. Affiliate links

The "Buy" buttons on product pages are affiliate tracking links. A click first passes through kepek before being redirected to the merchant. We store: anonymous session UUID, the clicked product, the IP hash and the user agent. Your name and email are never shared with the affiliate partner.

9. Your rights

Under applicable data-protection law (GDPR for users in the EU/UK, KVKK for users in Türkiye), you have the right to:

Know whether your personal data is being processed
Request information about the processing
Learn the purpose of processing and whether it matches that purpose
Request correction, deletion or destruction of your data
Find out whether your data has been transferred to third parties
Object to a decision produced by an automated analysis if it disadvantages you

To exercise these rights, write to [email protected]. We respond within 30 days.

10. Data retention

Scalp photo: 0 seconds (never stored)
Analysis result (registered user): until the account is deleted
Analysis result (guest): 30 days, then anonymised
Account information: until the account is deleted
IP hash + audit log: 12 months
Newsletter subscription: until you unsubscribe

11. Children

kepek.net is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18.

12. Policy changes

If this policy is updated, we will notify registered users by email of any material change. The change history is recorded below.

Privacy policy.