Privacy Policy

Who we are

Soft Success Technologies Ltd ("we", "us"), trading as Salonier, operates the Salonier booking platform and related sites.

• Registered in: England & Wales • Company No.: 16078502
• Registered office: 128 City Road, London, EC1V 2NX, United Kingdom
• Contact (privacy): privacy@salonier.com

We comply with UK GDPR and the UK Data Protection Act 2018 requirements.

What this policy covers

How we collect, use, share, secure and retain personal data of:

• Salon owners and staff using the owner dashboard
• Clients booking appointments through Salonier pages
• Visitors to our websites

The data we collect

• Account and profile: name, email, password hash, phone, business details.
• Booking data: client name, contact details, appointment details, notes entered by the owner.
• Payments (via Stripe): last-4, card brand, and payment status metadata. We do not store card numbers.
• Device/usage: IP (truncated where possible), user agent, pages viewed, cookies/consent choices.
• Support: messages and attachments you send us.

How we use data (lawful bases)

• Provide and improve the service (contract / legitimate interests).
• Process deposits and subscription fees via Stripe (contract).
• Security, fraud prevention, and abuse detection (legitimate interests).
• Legal obligations (tax, accounting, regulatory).
• Marketing (optional): only with your consent; you can opt out anytime.

Marketing Communications and Consent

We only send marketing communications (product updates, special offers, tips) if you have explicitly consented.

• Opt-in: Marketing consent is always opt-in. Checkboxes are unchecked by default.
• Transactional vs Marketing: We will always send transactional emails (booking confirmations, password resets) regardless of marketing preferences.
• Withdraw consent: You can unsubscribe at any time via:
  • Unsubscribe link in any marketing email
  • Your account settings in the owner portal
  • Emailing privacy@salonier.com
• Consent tracking: We record when you provide or withdraw consent, including timestamp and consent version for GDPR compliance.
• No impact on service: Opting out of marketing does not affect your use of Salonier services.

We do not sell or share your email address with third parties for their marketing purposes.

Cookies and analytics

We use strictly necessary cookies to run the site. Non-essential cookies (e.g., analytics/marketing) load only after consent. You can change your choices anytime via "Cookie settings". See our Cookies section/page for details.

Sharing and processors

We share data with service providers under data-processing agreements:

• Stripe (payments / payouts, Radar, disputes)
• AWS (hosting/infrastructure)
• Email provider (e.g., Amazon SES) for transactional emails
• Analytics/monitoring (only if enabled and with consent for non-essential cookies)

We don't sell personal data. If required by law, we may disclose data to authorities.

Data Processors and Agreements

Salonier has signed Data Processing Agreements (DPAs) with Stripe Payments Europe Ltd (payment processing) and Amazon Web Services Inc. (cloud hosting and email services) to ensure GDPR-compliant processing of personal data.

These DPAs contractually ensure that all vendors processing personal data on our behalf comply with GDPR and UK Data Protection Act 2018 requirements. Our data processors include:

• Stripe Payments Europe Ltd - Payment processing and transaction management
• Amazon Web Services Inc. (AWS) - Cloud infrastructure hosting, database storage, and email services

All data processors are carefully selected and contractually required to:

• Process data only on our documented instructions
• Maintain appropriate technical and organizational security measures
• Assist with data subject rights requests
• Notify us immediately of any data breaches
• Delete or return data when no longer needed for processing
• Submit to audits and inspections

International transfers

Where processors store data outside the UK/EEA, we rely on approved safeguards (e.g., Standard Contractual Clauses).

Retention

• Account/owner records: while the account is active and for up to 6 years for tax/financial compliance.
• Bookings: retained per salon owner's settings and our legal obligations.
• Payment records: per financial regulations.

We delete or anonymise data when no longer needed.

Your Data-Subject Rights

Subject to applicable law (including GDPR and UK GDPR), you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of processing
• Objection: Object to processing based on legitimate interests
• Portability: Receive your data in a portable format
• Withdraw consent: Where processing is based on consent

Right to complain: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority if you believe your data protection rights have been violated.

Controller / processor roles

• For client booking data, the salon owner is typically the controller; Salonier acts as a processor providing the platform.
• For owner accounts, billing, risk and platform operations, Salonier is the controller.

Children and sensitive data

Salonier is not directed to children. Salon owners should avoid collecting special-category data (e.g., health) unless strictly necessary and with appropriate safeguards.

Security

We use encryption in transit, access controls, and least-privilege design. No method is 100% secure; we monitor and improve continuously. If we detect a breach, we will notify affected parties and authorities as required.

Changes

We may update this policy. We'll post changes here and update the "Last updated" date.

Contact

Questions or complaints: privacy@salonier.com

UK supervisory authority: ICO (Information Commissioner's Office).