Privacy Policy — SalonERP

1. Data Controller

SalonERP is operated by Van Iersel Development ("we", "us", "our"), based in the Netherlands. We are the data controller for the personal data processed through the SalonERP platform.

Contact: privacy@vaniersel.dev

2. What Data We Collect

2.1 Account Information

When you create a SalonERP account, we collect:

Name, email address and password (hashed)
Salon name, address and contact details
Billing information (processed securely by Stripe)

2.2 Salon Data

Data you and your staff enter into SalonERP:

Client information (names, contact details, treatment history, notes)
Booking and appointment data
Product inventory, purchase orders and sales transactions
Staff information (names, schedules, contact details)

2.3 Usage Data

We automatically collect technical data to maintain and improve our service:

IP address and browser/device information
Pages visited and features used
Error logs for debugging purposes

3. How We Use Your Data

We use your data exclusively for:

Providing and maintaining the SalonERP service
Processing payments and managing subscriptions
Sending transactional emails (booking confirmations, password resets)
Providing customer support
Improving our platform based on aggregated, anonymized usage patterns
Complying with legal obligations

We never sell your data to third parties. We never use your salon's client data for our own marketing purposes.

4. Data Sharing

We share data only with the following categories of service providers, all bound by data processing agreements:

Stripe — payment processing (PCI DSS compliant)
Email provider — sending transactional emails on your behalf
Hosting provider — infrastructure hosted within the European Union
Sentry — error monitoring (anonymized data only, optional)

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

All salon data is permanently deleted within 30 days
Billing records are retained for 7 years as required by Dutch tax law
Backups containing your data are rotated and deleted within 90 days

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access — request a copy of all personal data we hold about you
Right to rectification — correct inaccurate personal data
Right to erasure — request deletion of your personal data
Right to data portability — receive your data in a structured, machine-readable format (JSON or CSV)
Right to restrict processing — limit how we use your data
Right to object — object to processing based on legitimate interests

You can exercise your data rights directly from the Settings page in SalonERP (under GDPR / Data Management) or by contacting us at privacy@vaniersel.dev.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

All data is encrypted in transit using TLS 1.2+
Passwords are hashed using bcrypt with salt
Database access is restricted and monitored
Daily encrypted backups
Two-factor authentication available for all accounts

8. Cookies

We use only essential cookies required for the service to function (session management, authentication). We do not use tracking or advertising cookies. See our Cookie Policy for details.

9. Data Processing Agreement

As a salon owner using SalonERP, you are the data controller for your clients' personal data. We act as the data processor. Our Data Processing Agreement (DPA) is available upon request at privacy@vaniersel.dev.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email and/or an in-app notification. Continued use of SalonERP after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions, requests or complaints, contact us at:

Van Iersel Development
Email: privacy@vaniersel.dev

If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).