Privacy Policy

Strop — Haircut photo management

Last updated: May 22, 2026

1. Introduction

This Privacy Policy describes how the Strop application (hereinafter “Application” or “Strop”) handles the personal data of its users, in compliance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and other applicable legislation.

Strop is a haircut photo management application designed for barbers and hairdressing professionals. It allows you to photograph haircuts, associate photos with clients, and view the visual history of each client.

Core principle: All data is stored on your device. Strop does not have its own servers and does not collect any information about application usage. Cloud backup is an optional, opt-in feature — when enabled, data is sent exclusively to the user's personal account (Google Drive or iCloud), never to Strop's servers.

2. Data controller

The data controller is:

3. Data accessed and collected

Strop may access the following types of data, always with your explicit authorisation through operating system permissions:

Data type Description Required
Captured photographs Haircut photos taken with the device camera Yes
Gallery photographs Photos selected by the user from the photo library No
Contact data Name and identification of existing contacts on the device, for association with clients No
Contact creation On Android, Strop can create new contacts when the user adds a new client No
Internal metadata Haircut dates, notes, and associations between photos and clients, created within the application Yes
Phone number Optional. Asked during onboarding. Stored locally on the device. If the user enables cloud backup (granting marketing consent), the phone number is also transmitted to Strop's Firebase backend so Glie can contact the user about Strop and related products. No
Email address Captured when the user enables cloud backup, via Sign in with Apple (iOS) or Google Sign-In (Android). On iOS, the email may be a private-relay proxy (xxx@privaterelay.appleid.com) if the user picked "Hide my email". Stored locally and transmitted to Strop's Firebase backend for the same marketing-contact purpose as the phone number. No

Strop does not collect: location, device identifiers other than the Firebase Analytics per-install ID, diagnostic data beyond Firebase Crashlytics crash reports, IP addresses retained beyond network delivery, financial data, authentication credentials, browsing history, or any other data beyond those listed above.

4. Device permissions

The Application requests the following operating system permissions. Each permission is requested when the corresponding feature is used for the first time, and can be revoked at any time in the device settings.

4.1. Camera

Used to capture haircut photographs. Without this permission, it is not possible to take photos within the application (you can alternatively import photos from the gallery).

4.2. Photo library / Storage

Used to save photographs on the device and to import existing photos. Photos always remain in the device's local storage.

4.3. Contacts (read)

Used to display the list of existing contacts on the device, allowing the user to associate existing clients. Strop only reads the names of the contacts selected by the user.

4.4. Contacts (write — Android only)

On Android, when the user chooses to create a new client that does not yet exist in the device's contacts, Strop can create a new contact entry. This action is always explicitly initiated by the user.

5. Purpose of data processing

The data accessed by Strop is used exclusively for:

No data is used for advertising purposes, behavioural analysis, profiling, or any other purpose not described above.

7. Data storage

100% local storage. All data is stored exclusively on the user's device. Strop does not have servers, remote databases, or any cloud infrastructure.

This means that:

Photographs are saved in the application's storage area and/or in the device's photo gallery, depending on the user's action.

7.1. Cloud Backup (Optional)

Strop offers an optional feature to back up your data to the cloud:

Explicit consent: Cloud backup is only enabled after the user gives explicit consent within the application. It is never enabled automatically.

What is sent:

Where to: Data is sent exclusively to the user's personal account (Google Drive or iCloud). Strop does not have servers and does not have access to the data stored in the user's cloud.

Encryption: The transfer is encrypted in transit (HTTPS/TLS). Cloud storage benefits from the native encryption of Google Drive and iCloud.

User control: The user can disable backup at any time in the Application's Settings. Cloud data can be deleted by the user directly in Google Drive or iCloud.

8. Data sharing

Strop does not share, sell, rent, or transmit any personal data to third parties. There are no data partners, advertising networks, or integrated analytics services.

8.1. Sharing to Instagram

Strop allows sharing photographs directly to the Instagram application, when installed on the device. This sharing:

9. Third-party services

Strop integrates the following third-party services from Google (Firebase), subject to user consent on the first launch of the Application:

9.1. Firebase Analytics and Crashlytics (Google)

Used to collect anonymous application usage data and error reports (crashes), with prior user consent. Collection is disabled by default and is only enabled if the user accepts on the consent screen presented on first launch.

9.2. Firebase Remote Config (Google)

Used to manage application configurations remotely (for example, forcing an update in case of a version with critical errors). Does not collect personal data.

9.3. Firebase Firestore (Google) — lead capture

When the user enables cloud backup, Strop transmits the user's phone number (when provided) and email address (returned by Sign in with Apple or Google Sign-In) to a Firestore collection (strop_leads) hosted on Strop's Firebase project. Enabling backup constitutes consent for Glie to contact the user about Strop and related products.

9.4. Services NOT used

Strop does not integrate:

10. Data retention

10.1. Data on the device

Work data (clients, haircuts, photos, notes) remains on the device for as long as the user keeps it. There is no automatic retention, data expiration, or forced deletion policy.

Local data is deleted when:

10.2. Data in third-party services

11. Your rights

Under the GDPR, users have the following rights regarding their personal data:

Since all data resides exclusively on your device, the exercise of most of these rights is done directly by the user, without the need to contact us. However, we are available for any clarification at privacidade@strop.app.

12. Data deletion

Strop provides the following data deletion options:

Important note: Photographs that have been saved separately to the device's gallery or shared to other applications (such as Instagram) are not affected by data deletion within Strop and must be managed separately.

13. Minors

Strop is intended for barbering and hairdressing professionals. The Application is not directed at minors under 16 years of age, does not intentionally collect data from minors, and does not present content targeted at minors.

If you become aware that a minor under 16 years of age is using the Application without parental consent, please contact us at privacidade@strop.app.

14. Security

The security of your data benefits directly from the Application's local architecture:

We recommend that you keep your device protected with a screen lock and that you keep the operating system up to date.

15. Changes to this policy

This Privacy Policy may be updated periodically to reflect changes in the Application or in legal requirements. Any changes will be published on this page, with the updated date revised at the top of the document.

In the event of significant changes, users will be notified through the Application before the activation of new features involving data transfer, and explicit consent will be requested.

16. Contact

For questions, clarifications, or to exercise your rights under this Privacy Policy or regarding the processing of your personal data, please contact us:

We are committed to responding to all requests within a maximum of 30 days, as provided for by the GDPR.