Privacy Policy

1. Information We Collect

2. How We Use Your Information

We process personal information only where we have a lawful basis under POPIA to do so. We use your information to:

• Create and manage your Salonz account
• Provide, operate, and improve the Salonz platform and its features
• Process payments and manage subscription billing
• Send transactional communications such as booking confirmations, reminders, and receipts
• Send service-related notifications and product updates (you may opt out at any time)
• Monitor platform performance, detect fraud, and ensure security
• Comply with applicable South African laws and regulations, including POPIA and the Electronic Communications and Transactions Act (ECTA)
• Respond to customer support queries and resolve disputes
• Conduct analytics to understand usage patterns and improve user experience

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

• Service providers: Trusted third-party vendors who assist us in operating the platform (authentication, data hosting, analytics, payment processing), all of whom are contractually bound to process data only on our instructions and in compliance with POPIA.
• Legal requirements: Where required by law, court order, or government authority under South African law, including any disclosure required by the South African Police Service or the Information Regulator.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of Salonz's assets, personal information may be transferred as part of that transaction, with prior notice given to affected users.
• With your consent: We may share information with third parties where you have given explicit consent for such sharing.

4. Data Security

Salonz implements industry-standard technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of sensitive data at rest
• Role-based access controls limiting employee access to personal information
• Regular security assessments and vulnerability management
• Automated backups with point-in-time recovery
• Incident response procedures meeting POPIA notification requirements

While we take all reasonable steps to protect your information, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information, we will notify the Information Regulator and affected data subjects as required by POPIA.

5. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention practices include:

• Active accounts: Data is retained for the duration of your subscription and active use of the platform.
• Post-cancellation: Account data is retained for 90 days after account closure to allow for reactivation and to resolve any outstanding disputes. After this period, personal information is securely deleted or anonymised.
• Financial records: Transaction records are retained for a minimum of 5 years as required by the South African Revenue Service (SARS) and the Companies Act.
• Backups: Backup copies may persist for up to 30 days before automatic deletion.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the following eight rights with respect to your personal information:

1. Right to access: You have the right to request confirmation of whether we hold your personal information and to receive a copy of that information.
2. Right to correction: You may request that we correct or update inaccurate, incomplete, misleading, or out-of-date personal information.
3. Right to deletion: You may request the deletion or destruction of your personal information, subject to legal retention requirements.
4. Right to object: You may object to the processing of your personal information on legitimate grounds or for direct marketing purposes.
5. Right to restrict processing: In certain circumstances, you may request that we limit the processing of your personal information.
6. Right to data portability: You may request your personal information in a structured, commonly used, and machine-readable format.
7. Right not to be subject to automated decision-making: You have the right not to be subject to decisions made solely through automated processing that produce legal effects or significantly affect you.
8. Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been violated.

To exercise any of these rights, please contact our Information Officer using the details in Section 10 below. We will respond to all requests within 30 days as required by POPIA.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files stored on your device. We use the following types of cookies:

• Strictly necessary cookies: Required for the platform to function, including authentication session cookies. These cannot be disabled.
• Functional cookies: Remember your preferences and settings to personalise your experience.
• Analytics cookies: Help us understand how users interact with the platform so we can improve it. This data is aggregated and anonymised where possible.

You may control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of the platform.

8. Third-Party Services

Salonz integrates with the following key third-party services that may process your personal information as sub-processors on our behalf. All sub-processors are vetted for POPIA compliance and governed by data processing agreements.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and by posting a prominent notice on our platform at least 30 days before the changes take effect. The “Last updated” date at the top of this policy reflects the most recent revision. Your continued use of Salonz after the effective date of any changes constitutes your acceptance of the updated policy.

10. Contact the Information Officer

If you have questions about this Privacy Policy, wish to exercise your rights under POPIA, or wish to lodge a complaint regarding the handling of your personal information, please contact our designated Information Officer. You may also lodge a complaint directly with the Information Regulator of South Africa.