Privacy Policy

When a salon owner uses Styloving to manage clients and appointments, the salon owner is the controller of those client records and Styloving acts as a processor. For data we collect directly for our own service operations, such as account signup, billing, security logs, consent-based analytics, and support requests, Styloving is the controller.

We collect different data depending on whether you are a salon owner, a person booking an appointment, or a visitor browsing the site:

We process your personal data for the following purposes:

• To create, run, and secure your Styloving account
• To process bookings, reminders, appointment confirmations, and optional review-request workflows
• To manage subscriptions, one-time purchases, invoices, campaign reservations, entitlements, and billing support
• To store staff photos, salon images, and client photos when salon owners upload them
• To respond to support requests and service questions
• To show nearby salons when you use location-based discovery features
• To improve reliability, usability, onboarding performance, and product speed
• To comply with legal, tax, accounting, and security obligations
• To detect abuse, fraud, or unauthorized access

Under GDPR, we rely on the following legal bases depending on the activity:

• Contract performance — to provide the account, booking, subscription, one-time purchase, and billing services you request
• Legitimate interests — to secure the platform, prevent abuse, improve reliability, and operate basic product diagnostics
• Consent — for optional analytics, marketing cookies, ad measurement tools such as Google tag/Google Ads, and location-based discovery features when consent is required
• Legal obligation — to keep required tax, accounting, and compliance records

We use the providers below to operate Styloving. Each provider only receives the data needed for its part of the service:

• Supabase — Database hosting, authentication, and file storage metadata
• Vercel — Website/application hosting, performance analytics, and speed insights
• Stripe — Subscription billing, one-time purchases, checkout, coupons, campaign redemptions, and billing portal
• Resend — Transactional email delivery
• Anthropic — Optional AI-assisted catalog import
• Mapbox — Maps, geocoding, directions, and location display
• Google — Consent-based Google tag / Google Ads measurement
• Optional automation/webhook tools — Review-request or workflow automations configured for the service

We keep personal data only as long as it is needed for the purposes in this policy. Account data is generally kept while your account is active and for up to 30 days after deletion so recovery requests can be handled. Booking and operational records are generally kept for up to 2 years unless a longer period is required by law. Billing and tax records may be kept longer where accounting rules require it.

We use technical and organizational safeguards such as encryption in transit, access controls, audit logging, and provider security features. No online service can promise zero risk, but we work to reduce unauthorized access and to investigate security issues quickly.

We use the following cookie categories on the website:

• Essential cookies — Needed for sign-in, security, and core site functions
• Preference cookies — Remember choices such as language or cookie settings
• Analytics cookies — Help us understand site usage and improve the product, only with your consent
• Marketing cookies — Used for campaign attribution, ad measurement, and remarketing, only with your consent

If you decline optional cookies, the core site will still work. You can change your cookie choice later from the banner or your browser settings.

As a data subject in the EU, you have the following rights:

• Right of access — Request a copy of your personal data
• Right to rectification — Correct inaccurate or incomplete data
• Right to erasure — Request deletion of your personal data
• Right to data portability — Receive your data in a machine-readable format
• Right to restrict processing — Limit how we use your data
• Right to object — Object to processing based on legitimate interests
• Right to withdraw consent — Withdraw consent at any time for consent-based processing

If your request is about booking or client data inside a salon account, the salon is usually the first controller to contact. If you are unsure, email admin@styloving.com and we will help route the request.

Our platform is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

We aim to use providers that support EU hosting or EU-facing contractual safeguards. Some providers may process limited data outside the EU or EEA. When that happens, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal transfer mechanisms.

We may update this Privacy Policy from time to time. If the change is important, we will post the updated version here and, where appropriate, notify account holders by email or in-product notice before the change takes effect.

If you have a privacy question, a data request, or you need help understanding this policy, contact us:

Email: admin@styloving.com