Privacy Policy

Last updated: April 5, 2026

Styloving ("we", "us", "our") operates the Styloving platform. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with GDPR and applicable EU data protection laws. The current public rollout is focused on salon owners, while end users can still book through public booking links.

1. Data Controller

Styloving acts as a data processor for salon owners using the platform to manage their business. Salon owners are the data controllers for their client records. For data collected directly by Styloving (account registration, platform usage, and public booking form submissions), Styloving acts as the data controller.

2. Data We Collect

We collect the following categories of personal data depending on how you interact with our platform:

Account Holders (Salon Owners)

  • Name, email address, phone number
  • Salon business information (name, address, VAT number)
  • Payment and billing information
  • Usage data and platform activity logs

Public Booking Users

  • Name, email address, phone number (when booking)
  • Appointment history and service preferences
  • Notes provided during booking
  • IP address and browser information (for security, geolocation, and analytics)

Website Visitors

  • IP address (for approximate geolocation)
  • Browser type and language preferences
  • Pages visited and interaction data
  • Cookie data (with your consent)
  • Advertising and campaign attribution identifiers (for example Meta Pixel cookie IDs and click IDs, only with your consent)

3. How We Use Your Data

We process your personal data for the following purposes:

  • To provide and maintain the Styloving platform
  • To process appointment bookings and send confirmations
  • To communicate with you about your account or bookings
  • To detect your approximate location for showing nearby salons
  • To improve our services and user experience
  • To measure marketing campaign performance (including trial starts and onboarding completion events)
  • To comply with legal obligations
  • To prevent fraud and ensure platform security

4. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

  • Contract performance — to provide the services you signed up for
  • Legitimate interests — to improve our platform and prevent fraud
  • Consent — for cookies, analytics, marketing communications, geolocation, and advertising measurement technologies (including Meta Pixel)
  • Legal obligation — to comply with tax and business regulations

5. Third-Party Services

We share data with the following third-party services, all of which are GDPR-compliant:

  • Supabase — Database hosting and authentication (EU data centers)
  • Resend — Transactional email delivery
  • Vercel — Website hosting and deployment
  • Anthropic — AI-powered catalog import (data processed per request, not stored)
  • Mapbox — Map display (receives approximate coordinates only)
  • Meta Platforms Ireland Ltd. — Meta Pixel for consent-based ad attribution, campaign measurement, and retargeting audiences

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy. Account data is retained for the duration of your account plus 30 days after deletion. Booking data is retained for 2 years for business record purposes. You may request earlier deletion at any time.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, and regular security reviews. All data is stored in EU-based data centers.

8. Cookies

We use the following types of cookies:

  • Essential cookies — Required for the platform to function (authentication, language preference)
  • Functional cookies — Remember your preferences (selected city, cookie consent choice)
  • Analytics cookies — Help us understand how visitors use our site (only with your consent)
  • Marketing cookies — Used for campaign attribution, ad measurement, and remarketing (including Meta Pixel), only with your consent

You can manage your cookie preferences through the cookie consent banner or your browser settings. Meta Pixel and similar marketing technologies are loaded only after you select "Accept".

9. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right of access — Request a copy of your personal data
  • Right to rectification — Correct inaccurate or incomplete data
  • Right to erasure — Request deletion of your personal data
  • Right to data portability — Receive your data in a machine-readable format
  • Right to restrict processing — Limit how we use your data
  • Right to object — Object to processing based on legitimate interests
  • Right to withdraw consent — Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.

10. Children's Privacy

Our platform is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data is primarily stored and processed within the European Union. Where data is transferred outside the EU (e.g., for specific third-party services), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform or sending you an email. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@styloving.com