Privacy Policy

1. Introduction

This Privacy Policy applies to the Backbar Zen mobile application and all related services. It describes how we collect, use, disclose, and safeguard your information when you use our salon management platform.

This policy applies to users in the United States and Canada. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

A. Information You (the Salon Professional) Provide

• Account Information: Name, email address, salon details, and other information required for account setup via Supabase authentication.
• Client Data: You are responsible for the data you enter about your clients, including their names, contact information, appointment history, service notes, preferences, and any photos you upload to their profiles.
• Subscription Information: Monthly subscription payments are processed through Apple iOS in-app purchases. We do not store or have direct access to your payment details - these are handled entirely by Apple.
• Stripe Connect Integration: If you choose to connect Stripe for payment processing with your clients, we provide integration points only. Your Stripe account and payment data remain under your control.
• AI-Related Data: Product images, inventory data, and stylist preferences (see Section 3 for detailed usage).

B. Information Collected Automatically

• Usage & Device Data: IP address, device type (e.g., iPhone), operating system version, actions taken within the app, crash reports, and performance data.
• Capacitor Data: Information required for native functions to work, such as access permissions for Camera (for uploading photos) or Push Notifications.

C. Information from Third Parties

• Authentication: We receive profile information (e.g., name, email) from Apple (via Apple Sign-In) or other providers you use to sign up/log in through Supabase authentication.
• Apple In-App Purchases: We receive subscription status and transaction confirmations from Apple for your monthly subscription.
• Stripe Connect (Optional): If you connect Stripe, we receive only the necessary integration data to facilitate the connection - we do not process or store your client payment information.

3. How We Use Your Data

• Core Service Delivery: To operate the platform, manage appointments, store client data on your behalf, process inventory management, and manage your subscription status through Apple.
• AI Product Recognition: To improve our product recognition AI, we use anonymized product images and data from your inventory. This data is stripped of any personal or salon-specific identifiers before use for training purposes.
• AI Stylist Preferences: To provide personalized style recommendations. This preference data is stored locally on your device, encrypted at rest, and is not transmitted to us or used for any training purposes.
• Security: To protect your account, prevent fraud, detect unauthorized access, and enforce our Terms of Service.
• Communication: To send you essential service updates, subscription information, security alerts, and (with your explicit consent) marketing materials.
• Improvement & Support: To analyze app usage patterns, fix bugs, improve performance, and provide customer support.
• Integration Services: To provide Stripe Connect integration points if you choose to connect your Stripe account for client payment processing.

4. How We Share Your Data

With Service Providers (Sub-processors)

We share data with essential third-party services that are contractually bound to protect it:

• Supabase: For all database hosting, storage, backend functions, and user authentication with Row Level Security implementation.
• Apple: For processing monthly subscription payments through iOS in-app purchases, delivering Push Notifications (APNS), and facilitating Apple Pay transactions.
• Stripe (Optional Integration): Only if you choose to connect Stripe - we provide integration points but do not process or store your client payment data.

Other Sharing Scenarios

• For Legal Reasons: If required by law, court order, or to protect the rights, safety, and security of our company, users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Your Privacy Rights (U.S. & Canada)

PIPEDA (Canada)

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information, request corrections, and file complaints with the Privacy Commissioner of Canada.

CCPA/CPRA (California)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to opt-out of the sale of personal information (we do not sell personal information) and the right to non-discrimination for exercising privacy rights.

6. Data Security

We implement robust technical and organizational measures to protect your data, including:

• Supabase Row Level Security (RLS): Ensuring you can only access your own salon's data
• Supabase Authentication: Secure user authentication and session management
• End-to-End Encryption: All data transmission uses HTTPS/TLS encryption
• Encryption at Rest: Sensitive information is encrypted when stored
• Access Controls: Strict authentication and authorization protocols
• Regular Security Audits: Ongoing monitoring and security assessments
• Payment Security: Subscription payments handled entirely by Apple's secure infrastructure

However, no electronic transmission or storage system is 100% secure, and we cannot guarantee absolute security.

7. Data of Salon Clients

• You are responsible for obtaining the necessary consent from your clients to collect, store, and process their information within Backbar Zen.
• Our access to this data is strictly limited to what is necessary for providing the Service and technical support.
• You must comply with applicable privacy laws regarding your clients' data, including providing them with appropriate privacy notices.
• You can export or delete client data at any time through the app or by contacting support.

Future-proofing clause: This policy will be updated if we introduce features allowing clients to create their own accounts or directly interact with the platform.

8. International Data Transfers

Your data is processed and stored in the United States through our service providers (Supabase, Apple, etc.). By using the Service, you consent to this transfer and processing.

We ensure that all international transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

9. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Specifically:

• Account data is retained while your account is active
• Client data is retained according to your preferences and legal requirements
• Subscription data is managed by Apple according to their retention policies
• Stripe integration data (if connected) is retained only as necessary for the integration to function
• Usage data may be retained in anonymized form for analytics purposes

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

10. Children's Privacy

Our Service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Sending you an email notification
• Providing an in-app notification

Changes become effective immediately upon posting unless otherwise specified.

12. Contact Information