Privacy Policy

1. Introduction

Welcome to SalonLink (“we”, “us”, or “our”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our website and services at salonlink.com (the “Service”).

If you have any questions about this policy, please contact us at privacy@salonlink.com.

2. Information We Collect

2.1 Information You Provide

• Account information: When you register, we collect your email address and password (stored as a secure hash).
• Business profile data: Spa/salon name, description (bio), logo, address, phone number, and custom URL slug.
• Links and content: Social media URLs, booking links, and other links you add to your profile.
• Google Review URL: If you choose to connect your Google Business review page.

2.2 Information Collected Automatically

• Usage data: Page visits, link clicks, timestamps, and interaction patterns with the Service.
• Device and browser information: Browser type, operating system, screen resolution, and language preferences (collected via standard HTTP headers).
• IP address: Collected for security purposes and general geographic analytics.
• Cookies: See our Cookie Policy for details on what cookies we use and why.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Authenticate your account and manage your session.
• Display your public profile page and links to visitors who access your custom URL or scan your QR code.
• Generate analytics for your dashboard (page visits, link clicks).
• Send essential service communications (e.g., account verification, security alerts, important updates).
• Detect, prevent, and address fraud, abuse, or technical issues.
• Comply with legal obligations.

4. Data Storage & Processing

Your data is stored and processed using the following infrastructure:

• Supabase: Our primary database and authentication provider, hosted on AWS infrastructure. Data may be stored in the United States and/or European Union.
• Vercel: Our hosting provider for the web application, with edge servers distributed globally.

We use industry-standard security measures including encryption in transit (TLS/SSL), encrypted password storage (hashing), and access controls to protect your data.

5. Data Sharing & Third Parties

We do not sell your personal data. We only share your information in the following limited circumstances:

• Service providers: We use Supabase (database & authentication) and Vercel (hosting) to operate the Service. These providers process data on our behalf under strict data processing agreements.
• Public profile: Information you add to your public profile (spa name, bio, links, logo) is intentionally made publicly accessible via your custom URL.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can request that we correct any inaccurate or incomplete data.
• Right to erasure (Art. 17): You can request that we delete your personal data (“right to be forgotten”).
• Right to restriction of processing (Art. 18): You can request that we limit how we process your data.
• Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to object (Art. 21): You can object to the processing of your personal data for certain purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@salonlink.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Your Rights Under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know: You can request what personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to delete: You can request the deletion of your personal information.
• Right to opt-out of sale: We do not sell personal information. However, you may still exercise this right at any time.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, email us at privacy@salonlink.com. We will verify your identity before processing your request and respond within 45 days.

8. Data Retention

• Active accounts: We retain your data for as long as your account is active and the Service is in use.
• Deleted accounts: When you delete your account, we will remove your personal data within 30 days. Some anonymized, aggregated data may be retained for analytical purposes.
• Legal obligations: We may retain certain data longer if required by law (e.g., tax records, fraud prevention).

9. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the data recipient’s participation in recognized frameworks.

10. Children’s Privacy

SalonLink is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@salonlink.com.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS/SSL) and at rest.
• Secure password hashing (never stored in plain text).
• Regular security assessments and monitoring.
• Access controls limiting who can access personal data.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, sending a notice via email or through the Service.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@salonlink.com
• Response time: We aim to respond within 30 days of receiving your request.