Heseda

Privacy Policy

Last updated: March 28, 2026

1. Who We Are

Heseda AI LLC (“Heseda,” “we,” “us”) is a California limited liability company that operates heseda.ai (the AI skincare product) and heseda.com (this company website).

2. Data We Collect

On heseda.com (this site)

  • Analytics cookies — Google Analytics 4 collects anonymized usage data (pages viewed, device type, country).
  • Partner application forms — Company name, email, product category, and budget range submitted voluntarily.

On heseda.ai (the product)

  • Account data — Name and email via Google or Kakao OAuth sign-in.
  • Skin profile — Skin type, concerns, allergies, budget, and preferences extracted from AI conversations.
  • Conversation history — Chat messages (retained up to 24 hours for session context, then discarded).
  • Purchase & order data — Shipping address, order history, and sample request records.
  • Push notification tokens — FCM device tokens for optional notifications.

3. How We Use Your Data

  • AI recommendations — Your skin profile is sent to OpenAI's GPT-5 API to generate personalized product recommendations.
  • Affiliate matching — Your country/region is used to route product links to the correct marketplace (Amazon, Coupang, iHerb, YesStyle, etc.).
  • Email communications — Sample confirmations, feedback requests, and order updates via SendGrid.
  • Analytics — Aggregated, anonymized insights to improve the product.

4. Third-Party Services

We share data with these service providers:

ServicePurposeData Shared
Firebase (Google)Authentication & databaseAccount info, skin profile
OpenAIAI recommendationsConversation text, profile data
SendGridEmailsEmail address, name
StripePaymentsPayment info (handled by Stripe)
Google AnalyticsUsage analyticsAnonymized browsing data

We never sell individual user data to third parties.

5. Your Rights

Depending on your location, you may have the following rights under GDPR (EU), LGPD (Brazil), CCPA (California), or other privacy laws:

  • Access — Request a copy of your personal data.
  • Correction — Request correction of inaccurate data.
  • Deletion — Request deletion of your data (“right to be forgotten”).
  • Portability — Request your data in a machine-readable format.
  • Opt-out — Opt out of marketing emails at any time.

To exercise any right, email dev@heseda.com. We respond within 30 days.

6. Data Retention

  • Skin profiles — Retained while your account is active. Deleted within 30 days of account deletion request.
  • Conversations — Active session retained up to 24 hours; then discarded.
  • Orders — Retained for 7 years (legal/tax requirements).
  • Analytics — Aggregated data retained indefinitely; individual-level data purged after 14 months.

7. Cookies

This site uses Google Analytics cookies for anonymized usage tracking. You can opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.

8. Children's Privacy

Heseda is not intended for users under 13 years old. We do not knowingly collect data from children. If you believe a child has provided data, contact us to have it removed.

9. Changes

We may update this policy periodically. Changes will be posted on this page with an updated date.

10. Contact

Heseda AI LLC
California, USA
dev@heseda.com