Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Create an account: Name, email address, password (hashed), and authentication tokens via Google OAuth if chosen.
• Set up your salon: Business name, address, phone number, website URL, social media links, brand colors, logo, and gallery images.
• Add team members: Staff names, email addresses, working schedules, and service assignments.
• Make bookings (as a client): Name, phone number, email address (optional), appointment preferences, and booking notes.
• Process payments: Payment card information is collected and processed directly by Stripe; we do not store your full card details.
• Contact us: Any information you provide in support requests or communications.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device information: Device type, operating system, unique device identifiers, and mobile network information.
• Usage data: Features accessed, actions taken, screens viewed, and interaction patterns.
• Log data: IP address, browser type, access times, pages viewed, and referring URLs.
• Error data: Crash reports, error messages, and diagnostic information to improve Service stability.

1.3 Information from Third Parties

We may receive information from:

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture.
• Stripe: Payment status, transaction IDs, and account verification status for connected accounts.

1.4 Waitlist Notice at Collection

If you join our waitlist, we collect your email address and optional profile answers (location count, staff size, salon type) to send launch updates, prioritize onboarding, and analyze launch demand. We retain waitlist records until you unsubscribe or request deletion, subject to legal recordkeeping requirements.

1.5 Controller Roles

For salon client data, the salon you book with may act as an independent controller for its own business purposes (for example, appointment records, tax documentation, and local legal compliance). Studioloop acts as a controller for platform account and product operations data described in this Policy.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process bookings, payments, and business transactions
• Send appointment confirmations, reminders, and Service-related communications
• Provide customer support and respond to inquiries
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Enforce our Terms of Service and protect against fraud
• Send marketing communications (with your consent, where required)
• Comply with legal obligations

3. Third-Party Services and SDKs

We integrate the following third-party services that may collect and process your data. This disclosure is provided for transparency and app platform compliance requirements:

3.1 Payment Processing

Stripe, Inc. processes all payments. When you make or receive payments through the Service, Stripe collects:

• Payment card information (card number, expiration, CVC)
• Billing name and address
• Transaction history and amounts
• Device information for fraud prevention

This data is linked to your identity for payment processing. Stripe's use of this information is governed by the Stripe Privacy Policy.

3.2 Analytics (Mobile App)

PostHog collects usage analytics to help us understand how users interact with the app. Data collected includes:

• Anonymous user identifier
• Screen views and navigation patterns
• Feature usage and interaction events
• App version and device type
• Session duration and frequency

This data is linked to your user account for product improvement. You can opt out of analytics collection in the mobile app under Settings → Privacy. When opted out, no analytics data is collected or transmitted.

3.3 Error Tracking (Mobile App)

Sentry collects error reports and diagnostic information to help us identify and fix bugs. Data collected includes:

• Crash reports and error stack traces
• Device model, OS version, and app version
• Performance metrics (app launch time, screen load times)
• User actions leading up to an error (breadcrumbs)
• Account identifiers if the error occurs within an authenticated session

Diagnostic data is retained for 90 days, then automatically deleted. This data is used for app stability and incident response to improve reliability. Reports may include account or device identifiers needed for troubleshooting, but personal customer data (booking details, contact info) is excluded.

3.4 Authentication

Console (Web): Sign in with Google collects your name, email address, and profile picture. This data is linked to your identity to provide account access.

Mobile App: Authentication is via SMS-based OTP (one-time password). We collect and verify your phone number.

3.5 Email Communications

Resend processes transactional emails (booking confirmations, reminders, invitations). Email addresses and message content are processed according to Resend's Privacy Policy.

3.6 Image Hosting

Cloudinary hosts and optimizes images (salon photos, logos). Images may be cached on Cloudinary's CDN servers globally.

3.7 AI Features - Privacy First

Console (Web): OpenRouter/Google Gemini powers the Studio Assistant, which helps salon owners with business questions about bookings, clients, scheduling, and operations.

Data Protection Architecture

The Studio Assistant uses a privacy-first architecture with multiple layers of protection:

1. Client-side Anonymization: Before any data leaves your server, client names, email addresses, and phone numbers are removed and replaced with anonymized identifiers (CLIENT_001, STAFF_001, etc.)
2. Zero Data Retention (ZDR): The remaining anonymized data is sent to OpenRouter with ZDR enforced at the request level by contractual requirement, requiring in-memory processing only
3. Automatic De-anonymization: When the response returns from Google Gemini, anonymized identifiers are automatically replaced with real names, so you see human-readable results

What This Means

• Client personal data never leaves your server: Names, emails, phone numbers are anonymized locally before sending
• Google Gemini never sees personal information: The AI processes anonymized data only (CLIENT_001 instead of "Sarah Johnson")
• No data retained: Anonymized data is contractually required to be processed in-memory only and not retained (ZDR policy)
• No model training: Anonymized data is contractually prohibited from being used for AI model training
• You see normal results: Responses are automatically de-anonymized, so your output reads naturally ("Sarah's booking was confirmed")

Data Sent to OpenRouter/Gemini

Only anonymized business data is sent (personal identifiers removed):

• Booking details (dates, times, services) ✓
• Staff assignments (anonymized IDs only) ✓
• Service catalogs and pricing ✓
• Business analytics and summaries ✓
• Client names ✗ (anonymized locally)
• Phone numbers ✗ (anonymized locally)
• Email addresses ✗ (anonymized locally)

Data Processing Details (GDPR Article 28)

When you use the Studio Assistant:

• Consent: You must explicitly consent before first use via our consent modal. Consent can be withdrawn at any time.
• Data Flow: Your data is anonymized locally, then sent to OpenRouter with ZDR enforced, routed to Google Gemini for processing, with automatic de-anonymization on return.
• Data Processors: OpenRouter and Google Gemini are our data processors. We have Data Processing Agreements requiring them to implement ZDR and appropriate security measures (GDPR Article 32).
• Data Retention: Zero days by contractual requirement. Anonymized data is required to be processed in-memory and not retained by any party. Request-level ZDR enforcement (`zdr: true` parameter) is used to enforce this.
• Sub-processors: OpenRouter uses Google Gemini as a sub-processor. We monitor their ZDR compliance quarterly.
• Your Rights: You can request confirmation of zero retention, access to processing details, or discontinue use of the assistant via privacy@studioloop.com.

Important for Salon Owners: Because personal client data (names, emails, phone numbers) is anonymized before leaving your server and never seen by external AI services, the strict GDPR requirements for third-party processors are significantly reduced. However, you are still responsible for:

• Complying with local data protection laws regarding your own use of analytics and business data
• Ensuring your Terms of Service and client information disclosures comply with local law
• Informing clients if you process their booking data for business analytics (whether with or without AI)

Mobile App: The mobile app does not use AI features and does not send any personal data to third-party services.

3.8 Bot Protection

Cloudflare Turnstile protects the booking widget from automated abuse. This service may collect browser characteristics and interaction patterns to distinguish humans from bots.

4. Mobile App Data Collection (iOS App Store)

This section provides a summary of data collected by the Studioloop mobile app, as required by Apple's App Store policies. The client mobile app is currently available on iOS only. Android app availability is not yet announced.

Important: The mobile app does not use AI features and does not send any personal data to third-party AI services. All AI processing occurs in the console (web) application used by salon owners.

4.1 Data Linked to Your Identity

• Contact Info: Name, email address, phone number (for account and bookings)
• Identifiers: User ID (for authentication and personalization)
• Financial Info: Payment information (processed by Stripe, not stored by us)
• Usage Data: Product interaction, feature usage (for app improvement)

4.2 Data Not Linked to Your Identity

• Diagnostics: Crash data, performance data (collected by Sentry)

4.3 Data Used for Tracking

Cross-App Tracking: The app does not request permission to track you across other apps using the Advertising Identifier (IDFA) via App Tracking Transparency. We do not use your data for cross-app tracking or advertising purposes.

Analytics Within App: Analytics data collected by PostHog is used solely to improve the Studioloop app and is not shared with third-party advertisers. This data is collected anonymously within the app and is not used to track you across other apps or websites.

4.4 Device Permissions

The mobile app may request the following permissions:

• Camera: To scan salon QR codes and take photos for uploads
• Photo Library: To select images for profile or uploads
• Notifications: To send appointment reminders and booking confirmations

You can manage these permissions in your device settings at any time.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

• With salon owners (if you're a client): Your booking details, contact information, and loyalty data are shared with the salons you book with for their business operations (appointment management, loyalty tracking, communication). By completing a booking, you consent to this data sharing. You can view our full Privacy Policy before confirming your booking.
• With service providers: Third-party vendors who perform services on our behalf (as listed above).
• For legal compliance: When required by law, court order, or government request.
• For protection: To protect the rights, property, or safety of Studioloop, our users, or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

We do not sell or share your personal information for cross-context behavioral advertising.

6. Data Retention

We retain different categories of data for different periods based on legal obligations and legitimate business needs (GDPR Article 5(1)(e)):

Waitlist Subscribers: We retain your email and waitlist profile information (location count, staff size, salon type) while you remain on the waitlist. Upon unsubscribe request, records are deleted within 30 days. You can unsubscribe at any time via the link in waitlist emails or by emailing privacy@studioloop.com.

Salon owners may retain client booking history and loyalty data for their business records. If you wish to have your data removed from a specific salon, please contact that salon directly.

After account deletion, we may retain anonymized or aggregated data that cannot identify you.

7. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Secure password hashing
• Access controls and authentication
• Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Portability

You can request a copy of your personal data by contacting us.

8.2 Correction

You can update your account information through the Service settings.

8.3 Deletion

You can delete your account immediately in the mobile app via Profile → Delete Account. You may also request deletion via email to privacy@studioloop.com. Some information may be retained for legal or legitimate business purposes.

8.4 Marketing Opt-Out

You can unsubscribe from marketing emails using the link in each email or through your account settings.

8.5 Analytics Opt-Out

In the mobile app, you can disable analytics tracking in Settings → Privacy.

8.6 How to Exercise Rights

To exercise privacy rights, email privacy@studioloop.com. We may need to verify your identity before fulfilling requests and will respond within the timelines required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including by service providers that operate globally. Where required under GDPR, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Article 46(2)(c) as the lawful transfer mechanism for data leaving the EEA. Copies of applicable SCCs are available upon request at privacy@studioloop.com.

10. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

• Your rights: You have the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent where processing is based on consent.
• Complaints: You have the right to lodge a complaint with your local data protection authority. You can also submit a data request directly.

10.1 Processing Activities (GDPR Article 6)

The following table maps each processing activity to its legal basis under GDPR Article 6:

10.2 Data Processors (Article 28)

We engage the following data processors for essential services:

• Stripe: Payment processing (Data Processing Agreement: Stripe Privacy Policy)
• OpenRouter/Google Gemini: AI-powered Studio Assistant (Data Processing Agreement available upon request)
• Resend: Email communications (Data Processing Agreement: Resend DPA)
• PostHog: Analytics (Data Processing Agreement available upon request)
• Sentry: Error tracking (Data Processing Agreement: Sentry DPA)

Data Processing Agreements are in place with all processors requiring them to implement appropriate technical and organizational measures under Article 32 of GDPR.

10.3 Withdrawing Consent

For Studio Assistant and other consent-based processing, you can withdraw consent at any time:

• Studio Assistant: Disable in your account settings or stop using the feature
• Analytics: Opt out via Settings → Privacy in the mobile app
• Marketing: Click the unsubscribe link in any email

10.4 Data Breach Notification

In the event of a personal data breach, we will:

• Notify the supervisory authority: We will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals, as required by GDPR Article 33.
• Notify affected individuals: Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay via the email address on your account, as required by GDPR Article 34. Our notification will describe the nature of the breach, likely consequences, measures taken or proposed to address it, and a contact point for further information.
• Notify salon owners: If a breach involves client data held on behalf of a salon, we will notify the salon owner promptly so they can fulfill any independent controller notification obligations they may have.

10.5 Data Subject Requests

To exercise your GDPR rights (access, rectification, erasure, restriction, portability, objection), use our Data Request form or email privacy@studioloop.com with:

• Your name and email address associated with your account
• A description of your request
• Proof of identity (if requested)

We will respond within 30 days (or 60 days for complex requests) as required by GDPR Article 12. Requests are free of charge.

11. California Users (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Opt out of sale or sharing (we do not sell or share personal information)
• Non-discrimination for exercising your privacy rights

12. Children's Privacy

Account registration (for salon owners and staff) requires users to be at least 18 years old. Studioloop does not knowingly collect personal information from children under 13 (the COPPA threshold in the US). If we learn that we have inadvertently collected such information, we will delete it promptly.

Salons regularly serve clients of all ages, including minors. When a booking is made for a person under 13, a parent or guardian must provide their information and consent on behalf of the minor. Salon owners are independent data controllers for their client data and are responsible for their own legal compliance when processing data about minors.

Salon Owners and Minor Clients: If you process data about clients under 16 (or under 13 in jurisdictions applying COPPA), you must:

• Comply with all applicable laws regarding minors' personal information (including COPPA in the US, GDPR Article 8 in the EU/EEA, and applicable national laws)
• Obtain verifiable parental or guardian consent where required before collecting or processing data from minors
• Not display personal information or photos of minors without proper consent
• Ensure user-generated content (photos, reviews) complies with laws protecting minors

13. Cookies and Tracking

When you first visit our website, you'll see a cookie banner. By clicking "Accept All," you consent to all cookies. By clicking "Decline," only essential cookies are used. You can change your preference at any time by clearing your browser cookies or localStorage.

The specific cookies and storage we use are listed below (GDPR Article 7 disclosure):

We do not send personal data (email, name) to analytics services - only anonymized user IDs and event data. Consent preference is stored in localStorage, not as a cookie.

14. Your Rights & Data Deletion

Under GDPR and other privacy laws, you have the right to: (See our Data Request page for a structured form, step-by-step instructions, and expected timelines - free of charge.)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure (Right to be Forgotten): Request permanent deletion of your account and all data
• Restriction: Limit how we use your data
• Portability: Receive your data in a portable format
• Objection: Object to data processing for marketing or analytics

How to Delete Your Account

To delete your account and all associated data:

1. Go to Delete Account
2. Enter your email address and click "Request Deletion"
3. Check your email for a verification code (sent immediately)
4. Enter the code to confirm deletion
5. Your account will be permanently deleted within 24 hours

What gets deleted: Your user account, bookings, preferences, and all personal data associated with your account. Note: If you were a staff member, your login credentials are deleted, but historical booking records may be retained for reporting purposes (without your personal data).

To exercise any of these rights, use our Data Request page or email privacy@studioloop.com. We respond within 30 days (60 days for complex requests) as required by GDPR Article 12. All requests are free of charge.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Legal entity: Kaspar Noor
• Postal address: Mäe 3, Kiili, Harjumaa, Estonia
• Email: privacy@studioloop.com
• General inquiries: hello@studioloop.com