Privacy Policy

Last updated: 09 December 2024

SalonSync ("we", "us", "our") connects clients with salons, barbers, wellness professionals, and other service providers across Ireland. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and Irish data protection law.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, mobile number when creating an account
• Booking Information: Service preferences, appointment details, special requests
• Business Information (for owners): Business name, address, opening hours, services offered, staff details, pricing
• Payment Information: Processed securely through Stripe (we never store full card details)
• Communications: Messages between you and service providers, support inquiries

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent in app
• Device Information: Device type, operating system, browser type, IP address
• Location Data: With your permission, to show nearby businesses and enable mobile/at-home services
• Cookies: Essential cookies for authentication and preferences (see Section 8)

1.3 AI Assistant Data

When salon owners use our AI assistant feature:

• Voice commands and text queries are processed to provide inventory checks and business insights
• Queries and responses are logged for service improvement and security verification
• AI interactions are only accessible to verified salon owners
• No client data is processed through AI without explicit consent

2. How We Use Your Information

2.1 Service Delivery

• Create and manage your account
• Process bookings and send confirmations
• Enable communication between clients and businesses
• Process payments and deposits securely
• Send appointment reminders and notifications

2.2 Business Operations

• Provide salon owners with booking management tools
• Enable AI assistant features for inventory and business insights
• Generate analytics and reports for business owners
• Improve and develop new features
• Prevent fraud and ensure security

2.3 Legal Basis for Processing (GDPR)

• Contract Performance: To provide booking services you've requested
• Legitimate Interest: To improve our service, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential features (you can withdraw anytime)
• Legal Obligation: To comply with Irish and EU law

3. Information Sharing

We never sell your personal data. We only share information as follows:

3.1 With Service Providers

When you book an appointment, we share your name, contact details, and booking information with the selected business and relevant staff to provide the service.

3.2 With Service Partners

• Google Firebase: Authentication, database, cloud storage (data processed in EU/EEA where possible)
• Stripe: Secure payment processing (PCI DSS compliant)
• OpenAI: AI assistant processing (for salon owners only, with data anonymization)

3.3 Legal Requirements

We may disclose information if required by Irish or EU law, court order, or to protect our rights and safety.

4. Data Storage and Security

• Location: Data primarily stored in EU/EEA data centers via Firebase
• Retention: Account data retained while your account is active. Booking history retained for 7 years for accounting/legal purposes
• Security: Industry-standard encryption (TLS/SSL), secure authentication, regular security audits
• Backups: Encrypted backups stored securely for disaster recovery

5. Your Rights (GDPR)

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we use your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: For marketing or optional features
• Lodge a Complaint: With the Irish Data Protection Commission (www.dataprotection.ie)

To exercise these rights, contact us at privacy@salonsync.ie. We'll respond within 30 days.

6. Children's Privacy

SalonSync is not intended for users under 16. We do not knowingly collect data from children. Parents booking for minors remain responsible for the booking.

7. International Transfers

While we prioritize EU/EEA data storage, some service partners (e.g., OpenAI) may process data outside the EEA. We ensure adequate safeguards through:

• Standard Contractual Clauses approved by the EU Commission
• Data minimization and anonymization where possible
• Regular privacy impact assessments

8. Cookies and Tracking

Essential Cookies

Required for login, security, and core functionality. You cannot opt out of these.

Analytics Cookies

Help us understand how users interact with our service. You can opt out via browser settings.

We do not use third-party advertising cookies or sell data to advertisers.

9. Updates to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be communicated via email or in-app notification. Continued use after changes indicates acceptance.

10. Contact Us

For privacy questions, data requests, or concerns:

• Email: privacy@salonsync.ie
• General support: support@salonsync.ie

Data Controller: SalonSync, Ireland

Irish Data Protection Commission: www.dataprotection.ie