Legal

Privacy Policy

Last updated: 1 June 2025  ·  Effective: 1 June 2025

1 Who We Are

SalonFlow ("we", "our", "the Platform") is a software-as-a-service product operated by SalonFlow Technologies, India. Our primary contact is support@salonflow.in.

This Privacy Policy explains how we collect, use, store, share, and protect the personal data of salon owners, managers, and their clients ("Users") who access the platform at salonflow.in. By using SalonFlow you agree to the practices described in this policy.

2 Information We Collect

Account data: Salon name, owner name, email address, phone number, city, and address provided during registration or onboarding.

Booking & service data: Appointment records, client names, service descriptions, and pricing that you enter into the platform.

Payment data: UPI IDs you provide for advance-payment collection. We do not process or store card numbers. Payments via Razorpay are governed by Razorpay's own privacy policy.

WhatsApp session data: When you link your WhatsApp number via QR scan, we process inbound and outbound messages solely to operate the booking automation. We do not read, store, or analyse conversation content beyond confirming or cancelling bookings.

Usage data: Log files, IP addresses, browser type, pages viewed, and feature interactions — collected automatically to improve the service and detect abuse.

Communications: Emails or messages you send to our support team.

3 Legal Basis for Processing

We process your data on the following bases under applicable law (GDPR / India's DPDP Act 2023):

  • Contract performance — to deliver the Service you subscribed to
  • Legitimate interests — fraud prevention, security, and platform improvement
  • Consent — for optional marketing communications, which you may withdraw at any time
  • Legal obligation — to comply with Indian law (IT Act 2000, IT Rules 2011, DPDP Act 2023)

4 How We Use Your Data

  • Operate, maintain, and improve the SalonFlow platform
  • Send transactional emails (verification, password reset, booking confirmations)
  • Send WhatsApp booking messages via your linked number
  • Process subscription payments through Razorpay
  • Detect, prevent, and respond to fraud, abuse, or security threats
  • Comply with applicable Indian laws and respond to lawful government requests
  • Send product updates or feature announcements (opt-out available at any time)

5 Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following sub-processors:

  • Razorpay Software Pvt. Ltd. — payment processing (their privacy policy applies)
  • Hostinger International Ltd. — email delivery via SMTP
  • Google LLC — Firebase Authentication, Google Maps Places API
  • Cloud infrastructure provider — database and application hosting
  • Law enforcement / courts — when required by a valid legal order under Indian law

All sub-processors are bound by data-processing agreements and are required to maintain appropriate security standards.

6 Data Retention

We retain account data for as long as your account is active and for 90 days after deletion to allow recovery or legal compliance. Booking records are retained for 3 years for business and tax purposes.

You may request deletion at any time by emailing us — we will action requests within 30 days except where retention is required by law.

7 Data Security

We employ industry-standard security measures:

  • TLS/SSL encryption for all data in transit
  • bcrypt hashing for all passwords — never stored in plain text
  • Encrypted storage for sensitive fields
  • Access controls limiting data access to authorised personnel only
  • Regular security reviews and dependency updates

However, no internet-based system is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.

8 Cookies

We use strictly necessary session cookies for authentication and CSRF protection. We do not use third-party advertising cookies. Analytics data is collected in aggregate and anonymised. You may disable cookies in your browser settings, but some features of the platform may not function correctly without them.

9 Your Rights

Under applicable law you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request erasure of your data (subject to legal retention obligations)
  • Data portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — opt out of marketing communications at any time

To exercise any right, email support@salonflow.in. We will respond within 30 days.

10 Children

SalonFlow is not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11 Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For material changes, we will provide at least 14 days' notice via email or an in-app notification. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

12 Contact & Grievance Officer

For privacy concerns, data requests, or grievances (as required under India's IT Rules 2011 and DPDP Act 2023):

Email: support@salonflow.in
Response time: Within 30 days of receipt.

If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority.

© 2025 SalonFlow Technologies  ·  Privacy  ·  Terms  ·  Refund Policy  ·  support@salonflow.in