My Salon PA

Privacy Policy

Last updated: 2 June 2026

1. Who we are

My Salon PA Ltd ("we", "us") provides the My Salon PA application and website at mysalonpa.com. We are the data controller for personal data processed about you. Contact: hello@mysalonpa.com.

2. What we collect

  • Account data: name, email, password hash, sign-in provider (Apple, Google), phone number.
  • Salon data you enter: clients, bookings, services, prices, notes, photos, consent forms, signatures.
  • Payment data: handled by Stripe / RevenueCat — we store only transaction metadata, never full card numbers.
  • Usage & device data: device type, OS, IP (truncated), error logs, page views.
  • Optional permissions (mobile app): camera, photo library, contacts, calendar, push notifications — only when you grant them.

3. How we use it

To run your account, sync your bookings, send reminders, process payments, prevent fraud, improve the product, and comply with law. We do not sell your data. We do not use your salon's client data to train AI models.

4. Third parties we share with

  • Lovable Cloud — backend hosting and database (EU / US).
  • Stripe — card payments and subscriptions.
  • Apple App Store / Google Play (via RevenueCat) — in-app subscriptions on mobile.
  • ClickSend / Twilio — SMS reminders.
  • Resend — transactional email.
  • Google / Apple — sign-in (only the identity token, never your contacts).
Each is bound by a data-processing agreement. None receive data for their own marketing.

5. Where data is stored

Primary storage is in the EU (Frankfurt). Backups may be replicated to US regions. Stripe and Twilio may process data in the US — we rely on Standard Contractual Clauses.

6. How long we keep it

Active account data is kept while your account is open. After deletion, we erase personal data within 30 days. Anonymised analytics and legally-required financial records (invoices) are kept for 7 years.

7. Your rights

Under GDPR, UK GDPR and CCPA you can: access, correct, export, delete, restrict, or object to processing of your data. Email us or use the in-app delete-my-account page. We respond within 30 days.

8. Children

My Salon PA is not for under-16s. We do not knowingly collect data from children.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Row-level security isolates every salon's data. We run regular security audits.

10. Changes

We'll email you before any material change. Continuing to use the service after the change means you accept the updated policy.

Questions? hello@mysalonpa.com