Privacy Policy

1. Controller Information (Art. 13 GDPR)

The data controller for the Salonist platform itself is:

Millevazion, Sebastien Dubuisson Einzelunternehmen
Schönfliesser Str. 5
10439 Berlin
Deutschland

E-Mail: hello@salonist.app

Important: For client data collected through salons using Salonist, the salon owner is the data controller. Salonist acts solely as a data processor on behalf of the salon owner. If you are a salon client, please contact your salon directly regarding your personal data.

2. Platform Role

Salonist is a technology platform that provides tools for salon owners to manage reviews, pre-visit forms, and client circles. Salonist operates in two distinct roles:

• Data Controller — for platform account data (salon owner registration, login credentials, platform usage).
• Data Processor — for all client data collected by salon owners through the platform. This data is owned and controlled exclusively by the salon owner. Salonist processes it only under the salon owner's instructions and has no independent right to use, share, or retain it.

3. Scope

This Privacy Policy explains how we process personal data when you use Salonist ("the Service"). The Service helps salon owners collect reviews, manage pre-visit forms, and build client circles.

4. Lawful Basis for Processing (Art. 6 GDPR)

• Consent (Art. 6(1)(a)) — For optional marketing communication choices and for any optional review photos or publication steps the client actively submits.
• Contract performance (Art. 6(1)(b)) — To provide the Service to salon owners.
• Legitimate interest (Art. 6(1)(f)) — For service security, abuse prevention, and limited operational logs such as rate limiting.

5. Categories of Personal Data

5.1 Salon Owner Data

• Name, email address
• Google account identifier (if using Google Sign-In)
• Salon name, logo, branding preferences

5.2 Client Data (collected by salon owners)

• First name
• Email address, phone number
• Review text and star ratings
• Photos uploaded with reviews
• Signed pre-visit declarations and treatment selections
• Consent records

5.3 Billing Data

• Subscription status, plan, and billing period
• Payment metadata held by Stripe (we do not store card numbers ourselves)

6. Data Processors

• Vercel — application hosting and CDN
• Supabase — database, authentication, storage, and server-side functions
• Resend — transactional email delivery
• Stripe — subscription billing and payment processing
• Google — authentication (Google Sign-In)

All processors operate under GDPR-compliant Data Processing Agreements.

7. Google User Data

When you choose "Sign in with Google" to create or access a Salonist salon owner account, we receive the following information from your Google account via the standard openid, email, and profile OAuth scopes:

• your name
• your email address
• your profile picture URL
• your Google account identifier (the OpenID sub value)

Purpose. This information is used solely to create and authenticate your Salonist salon owner account, so you can sign in without setting a password. We do not request access to your Gmail, Google Drive, Google Calendar, Google Contacts, or any other Google service.

Storage. This information is stored in our authentication database (Supabase, EU region) as part of your Salonist account record, and is retained for as long as your account is active. It is deleted when you delete your account.

Sharing and use restrictions. We do not sell, transfer, or share information received from Google APIs with third parties. We do not use it for advertising, do not use it to train generalized or third-party AI/ML models, and do not allow humans to read it except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) where required by law, or (d) where the data has been aggregated and de-identified.

Limited Use. Salonist's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Revocation and deletion. You can revoke Salonist's access to your Google account at any time at myaccount.google.com/permissions. To delete your Salonist account and the associated Google-provided data, email hello@salonist.app.

8. Data Retention

• Client data is retained until deleted by the salon owner
• Salon owner account data is retained until account deletion
• After subscription cancellation, account data is retained for 30 days to allow data export, then may be permanently deleted
• Billing records are retained for the period required by applicable tax and accounting law (typically 10 years in Germany)

9. International Data Transfers

Where data is transferred outside the EU/EEA, appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

10. No Tracking or Advertising

• Salonist does not use cookies for tracking or advertising
• We do not use analytics tools for behavioral profiling
• We do not sell or monetize user data

11. User Rights (Art. 15–22 GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Delete your data
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time

For platform account holders: hello@salonist.app

12. Security Measures

• Encrypted connections (TLS)
• Row-level security on database tables
• Access controls, rate limiting, and data minimization

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in your EU member state of residence.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email.

15. Contact

Email: hello@salonist.app
Website: salonist.app