Privacy Policy

This Privacy Notice is issued by Insalonia ("Insalonia", "we", "us", "our"), the operator of the Insalonia booking and salon management platform (the "Service"). Insalonia is the data controller for the personal data described in this notice. For any privacy question, contact us at info@insalonia.com.

• Account data: name, email address, password (hashed), phone number.
• Business profile: business name, address, services, opening hours, branding.
• Customer / booking data: client names, contact details and appointment history that you or your customers submit through the booking page.
• Communications: support messages, SMS and AI assistant transcripts.
• Usage and device data: log data, IP address, browser type, pages viewed, timestamps.
• Cookies: strictly necessary cookies for authentication and session management.

Payment card details are collected and processed directly by Paddle as our Merchant of Record; Insalonia does not store full card numbers.

• Creating and operating your account — performance of a contract.
• Providing booking, calendar, SMS, AI assistant and review features — performance of a contract.
• Billing and subscription management via Paddle — performance of a contract / legal obligation.
• Security, fraud prevention and abuse detection — legitimate interests.
• Product improvement and analytics — legitimate interests.
• Service emails and important notices — legitimate interests / contract.
• Marketing communications — consent, which you can withdraw at any time.

• Paddle.com Market Limited — Merchant of Record for all paid orders; handles payments, invoicing, tax compliance and refunds.
• Hosting and infrastructure providers used to run the Service.
• SMS and AI calling providers used to deliver booking notifications and the phone assistant.
• Professional advisers (legal, accounting) where necessary.
• Authorities, where required by law.

Where personal data is transferred outside the UK / EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

We keep personal data only as long as necessary for the purposes set out above, to comply with legal obligations (such as tax and accounting), and to resolve disputes. When no longer needed, data is deleted or anonymised.

Subject to applicable law you have the right to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent. You may also lodge a complaint with your local supervisory authority. We aim to respond to verified requests within one month.

We use appropriate technical and organisational measures including encryption in transit, access controls and regular security reviews to protect your personal data.

We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or by email.

Questions or requests: info@insalonia.com.