2. What we collect
- Account data: name, email, salon name, photos you upload.
- Client data you add: client names, phone numbers, notes, treatment history, photos and digital maps. You are the data controller for this — we process it on your behalf.
- Booking & payment data: appointment times, services, prices, payment status. Card details are handled by Stripe — we never see them.
- Usage data: pages visited, errors, device type — used to improve the app.
3. How we use it
To run your account, send reminders you configure (via Twilio SMS/WhatsApp), process payments (via Stripe), provide AI features (via secure providers), and improve the product.
4. Who we share it with
- Stripe — payment processing.
- Twilio — SMS/WhatsApp delivery.
- Supabase / Lovable Cloud — secure database and file hosting.
- AI providers (Google, OpenAI) — when you use the PA chat feature, your prompt is sent for a response. We do not train models on your data.
We never sell your data.
5. Your rights (GDPR / CCPA)
You can access, export, correct or delete your data at any time. Use the “Delete account” button in Settings to permanently erase everything, or email us.
6. Data retention
We keep your data while your account is active. Deleting your account erases all your data within 30 days. Backup snapshots are purged within 60 days.
7. Security
All data is encrypted in transit (TLS) and at rest. Access is gated by row-level security policies — only you can see your salon's data.
8. International transfers
Data may be processed in the EU, UK or US. We rely on Standard Contractual Clauses where applicable.
9. Children
My Salon PA is not intended for users under 16.
10. Changes
We'll notify you in-app if this policy materially changes.