Privacy Policy

1. Introduction

Welcome to Chomi. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our salon management platform (the "Platform"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Platform.

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Protection of Personal Information Act (POPIA - South Africa)
• Other applicable data protection laws

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide when creating and managing your salon account:

• Identity Information: First name, last name, email address
• Contact Information: Email address, phone number, physical addresses
• Business Information: Salon name, location, business hours, services offered
• Financial Information: Bank account details for payouts (encrypted and securely stored)
• Staff Information: Staff profiles, schedules, and performance data
• Client Information: Client profiles from mobile app bookings
• Transaction Data: Appointment bookings, payments, and commission records
• Profile Picture: Optional salon and staff photos

2.2 Automatically Collected Information

When you use our Platform, we may automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Platform features used, time spent, interaction patterns
• Log Data: IP address, access times, platform crashes, and performance data
• Cookies: Session cookies for authentication and preferences

2.3 Information We DO NOT Collect

• We do not collect information from children under 18 years of age
• We do not track your location continuously
• We do not access your contacts, SMS, or call logs
• We do not collect biometric data without explicit consent

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: To operate and maintain your salon management platform
• Process Transactions: To process appointments, payments, and commission calculations
• Communication: To send you important updates, security alerts, and service notifications
• Improve Services: To analyze usage patterns and improve platform functionality
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Legal Compliance: To comply with legal obligations and enforce our terms of service
• Customer Support: To respond to your inquiries and provide technical support
• Analytics: To understand how salons use our platform and optimize features

4. Data Sharing and Disclosure

4.1 When We May Share Information

We may share your information only in the following limited circumstances:

• With Your Consent: When you explicitly authorize us to share specific information
• Service Providers: With trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, payment processing, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users

4.2 Third-Party Services

Our Platform may integrate with third-party services:

• Cloud Storage: For secure data backup and storage
• Payment Processors: For secure payment processing
• Analytics: To understand platform usage (anonymized data only)
• Email Services: To send you important notifications

These third parties are contractually obligated to protect your data and use it only for specified purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS
• Secure Storage: Personal data is encrypted at rest using AES-256 encryption
• Access Controls: Strict access controls limit who can view your information
• Authentication: JWT token-based security and secure session management
• Regular Audits: Regular security audits and vulnerability assessments
• Secure Development: Following secure coding practices and regular security updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

You have the following rights regarding your personal information:

6.1 Access and Portability

• Right to access your personal data
• Right to receive a copy of your data in a portable format

6.2 Correction and Update

• Right to correct inaccurate information
• Right to update your profile information at any time

6.3 Deletion

• Right to request deletion of your account and associated data
• Right to be forgotten (subject to legal retention requirements)

6.4 Restriction and Objection

• Right to restrict processing of your data
• Right to object to certain data processing activities

6.5 Withdraw Consent

• Right to withdraw consent for data processing at any time
• Right to opt-out of promotional communications

To exercise any of these rights, please contact us using the information provided in Section 12.

7. Data Retention

We retain your personal information only for as long as necessary to:

• Provide you with our services
• Comply with legal obligations (e.g., tax records, financial transactions)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by regulatory authorities
• Adequacy decisions by relevant data protection authorities
• Your explicit consent where required

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized features

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the Platform.

11. Email Notifications

We may send you email notifications for:

• Important security alerts
• Appointment confirmations and reminders
• Payment and payout notifications
• Account activity notifications
• Platform updates and new features

You can manage your email preferences in your account settings.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on the Platform
• Sending you an email notification
• Displaying a prominent notice on the Platform

Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

14. Compliance and Regulatory Information

This Privacy Policy complies with:

• GDPR (EU): General Data Protection Regulation
• CCPA (California): California Consumer Privacy Act
• POPIA (South Africa): Protection of Personal Information Act
• PCI DSS: Payment Card Industry Data Security Standard

15. Your Consent

By using our Platform, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our Platform.