Privacy Policy
This text is a substantive draft authored as input to qualified legal counsel. It is not authoritative. The version published once Salon Manager Pro launches publicly on the App Store is set by counsel; the version here is the operator's strongest pre-legal-review formulation pending that review. Acceptances recorded against this version are tracked under the version string smp-0.1-pre-legal and will be re-prompted when counsel returns binding text.
1. Purpose and scope
This Privacy Policy describes how Creston Global Enterprises LLC ("CrestonGE," "we," "our") handles personal information collected through Salon Manager Pro (the "App"). It applies to anyone signed in to the App, including salon owners, salon managers, and stylists invited to a salon's roster.
CrestonGE's current jurisdictional scope is United States only. We do not currently serve users outside the US; if that changes, this Policy and the in-app acceptance gate will be updated and re-presented for your acceptance.
2. What we collect
We collect only the data the App's approved workflows actually need.
| Category | Examples |
|---|---|
| Sign in with Apple identity | Email and (on first sign-in) name returned by Apple |
| Auth identifiers | Account UUID, device identifier (for per-device acceptance tracking) |
| Per-salon professional identity | Optional work email (verified separately), display name |
| Salon tenant data | Salon name, your role and membership status |
| Salon roster invites | Email addresses you invite to your salon |
| Client information | Client name only — no phone, no email, no DOB, no address, no health information |
| Visit records | Appointment start/complete time, service kind, free-text notes |
| Formula records | Color/lightener ratios, target weights, captured weights, product references |
| Product catalog | Brand, line, name, kind, SKU, package size, package cost (admin-only field) |
| Audit log entries | Records of consequential actions you take |
| Verified email pool | Per-account emails you've verified |
| Acceptance records | Which Terms / Privacy version you accepted, when, on which device, and the SHA-256 hash of the text you saw |
We do not collect:
- Phone, email, address, or date-of-birth on clients (clients do not have accounts in the App)
- Photos, images, videos, file uploads of any kind
- Geolocation
- Payment information
- Marketing or advertising profiles
- Cross-context advertising or behavioral tracking data
- Health information about clients beyond the implicit fact of a hair-color service (which we do not classify as health data)
- Information about your contacts, calendar, or other apps
3. Why we collect it
| Field | Purpose |
|---|---|
| Sign in with Apple email + name | Authenticate you; identify your account |
| Account UUID | Internal user identity for the multi-tenant access model |
| Device identifier | Per-device acceptance tracking; periodic re-prompt |
| Work email (optional) | Per-salon professional identity override; verified before being treated as the canonical communication address |
| Display name | Roster display |
| Salon name | Tenant identity |
| Membership data | Multi-tenant access control + admin lifecycle |
| Salon invite email | Invite delivery via Resend |
| Client name | Per-client visit history |
| Appointment data | Operational records (when did the visit start/end? what kind of service?) |
| Formula records | The core MVP feature — color waste tracking and next-visit recommendations |
| Product catalog | Per-salon catalog the stylist picks from when recording a formula. Cost data is admin-only and used to compute future cost-per-mix analytics |
| Audit log | Governance, troubleshooting, dispute investigation, non-repudiation |
| Verified email pool | Cross-account communication identifier |
| Acceptance records | Compliance proof of which version of Terms / Privacy you accepted, and when |
4. Sources of personal information
- You — when you sign in, accept Terms, edit your profile, invite a stylist, add a client, record a visit, capture weights, or add a product.
- Apple Inc. — when you Sign in with Apple, Apple returns the email and (on first sign-in only) the name you've authorized for the App.
- System-generated — UUIDs, timestamps, device identifier, audit-event records, and computed values (e.g. derived waste grams) the App produces while you use it.
- Other salon members — when a salon admin invites you, the invite carries the email address the admin entered. When a colleague edits a shared record, attribution metadata reflects their identity.
We do not buy personal information from data brokers. We do not enrich your record from third-party sources.
5. Categories of recipients (subprocessors)
CrestonGE relies on the following subprocessors to deliver the App. All are based in or operating from the United States. Data Processing Agreements meeting US privacy-law service-provider requirements are in place with each:
| Subprocessor | Purpose | Categories shared |
|---|---|---|
| Apple Inc. | Sign in with Apple identity provider | Apple ID email, name (first sign-in only) |
| Supabase, Inc. | Postgres database, authentication, file storage (none for SMP MVP), edge functions, row-level security | All persistent app data: account, salon, membership, client, visit, formula, product, audit, acceptance, verified-email |
| Resend (Drand, Inc.) | Transactional email delivery (invites, email verification) | Recipient email address, subject, body, sender domain. Resend does not retain message bodies beyond delivery confirmation |
| Cloudflare, Inc. | DNS for salonmanagerpro.com; email routing for support@, legal@, privacy@; static-site hosting for the marketing pages |
DNS query metadata; email envelope routing metadata for routed addresses |
We do not sell or share your personal information for cross-context behavioral advertising. Per California CCPA/CPRA, you have the right to opt out of sale or sharing — this right has nothing to opt out of in our case, but the right is documented for transparency.
If we add or change subprocessors, that's a material change per §12 and will trigger a re-acceptance prompt the next time you open the App.
6. Security measures
- In transit: TLS for every connection between your device and Supabase.
- At rest: Supabase Postgres uses standard encryption at rest on the underlying disks.
- Authentication tokens: stored in the iOS Keychain on your device — protected by your device passcode and biometric unlock.
- Row-level security: every salon's data is isolated by Postgres Row-Level Security. A user can only read or write rows scoped to a salon they're an active member of.
- Audit log: append-only; clients cannot read, update, or delete audit-event rows. Operator queries via privileged role only.
- Acceptance log: append-only; supersession by new row only.
7. Retention
- Account-level data (you, your salon membership, your work email, your acceptance records): retained while your account is active.
- Salon-level data (salon name, members, clients, visits, formulas, products, audit) is retained while the salon is active. Account deletion does not delete salon-level data the salon's continued operation depends on.
- Audit events carrying your actor identifier are retained for governance and dispute purposes for the period required by applicable law and CrestonGE's internal retention policy. The actor identifier may be set to NULL on account deletion if not legally required to be preserved.
- Acceptance records are retained indefinitely as evidence of which Terms/Privacy version you accepted at which time.
When you request account deletion via the in-app deletion flow per Apple App Store Review Guideline 5.1.1(v), we initiate the deletion process. Some records — most notably audit events — may be retained per the audit-retention exception above.
8. Your rights
CrestonGE applies California CCPA/CPRA-style rights to all users of the App, regardless of where you live in the United States:
- Right to know what personal information we collect, use, disclose, and retain. This Policy enumerates that. You can request a more specific accounting via [email protected].
- Right to delete your personal information, subject to the audit-retention exception described in §7.
- Right to correct inaccurate personal information. Most fields (name, work email, display name, client names, formulas) are user-editable in the App. Edge cases — request via [email protected].
- Right to data portability — request an export of your account data in a machine-readable format via [email protected].
- Right to opt out of sale or sharing for cross-context behavioral advertising. We do not engage in either practice; the right is preserved for transparency.
- Right to limit use of sensitive personal information — we do not collect sensitive personal information beyond what is strictly necessary, so this right has nothing to activate.
- Right to non-discrimination — we do not discriminate against users who exercise any of these rights.
9. How to exercise your rights
- Email: [email protected]. Include your account email so we can verify your identity.
- In-app: Settings → Profile & Account → "Delete my account" performs deletion directly per Apple App Store Review Guideline 5.1.1(v).
- Response time: we respond to verified rights requests within 45 days, per California CCPA timeline.
10. Children's privacy
Salon Manager Pro is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has signed in to the App, contact [email protected] and we will delete the account and any associated personal information.
This posture aligns with COPPA. Sign in with Apple does not generally permit accounts for users under 13 without parental consent, which functions as an additional gate.
11. Automated decision-making
The App does not make decisions about you using automated profiling or machine-learning models that produce legal effects or similarly significant effects. The "next-visit recommendation" feature uses a deterministic calculation from your prior visit data on this client; it is not an opaque inference and you can review the source values it derives from at any time.
12. Changes to this Policy
CrestonGE may update this Policy. Material changes — categories collected, subprocessors, retention, user rights, jurisdictional scope — trigger a re-acceptance prompt the next time you open the App, with the changed text presented for your action. Non-material changes (typo fixes, contact updates, clarifications that don't alter substantive positions) take effect on publication without re-acceptance.
When counsel returns the authoritative text, the version string changes from smp-0.1-pre-legal to smp-1.0 and you will be re-prompted.
13. Contact
- Privacy questions: [email protected]
- Legal / Terms questions: [email protected]
- General support: [email protected]
CrestonGE is based in California. Postal address available on request via the privacy contact above.