1. Who We Are
HairVia ("the App", "we", "us", "our") is a salon management platform operated by HairVia LLC, a limited liability company registered in the State of Georgia, United States.
HairVia serves salon businesses primarily in East Africa, including Kenya, Uganda, Tanzania, Rwanda, and South Africa.
Contact: support@hairviaapp.com
2. Data We Collect
| Data Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email, phone number, role | Authentication, profile display, communication |
| Business information | Salon name, branch details, services, pricing | Multi-tenant salon management |
| Booking data | Appointments, stylist assignments, service history | Booking management and scheduling |
| Client records | Client names, contact info, visit history, preferences | CRM and client management |
| Staff records | Staff names, roles, schedules, branch assignments | Staff management and scheduling |
| Financial data | Invoice amounts, payment status, subscription tier | Billing, invoicing, subscription management |
| Feedback & reviews | Ratings, review text, platform feedback, bug reports | Service improvement, platform improvement |
| Device information | Platform (iOS/Android), app version, OS version | Bug reproduction, compatibility |
| Usage data | Feature usage patterns, screen views | Analytics, platform improvement |
| Authentication data | Hashed passwords, 2FA tokens, session tokens | Account security |
3. How We Use Your Data
We use your data to:
- Provide and operate the salon management platform
- Process bookings and manage appointments
- Send transactional emails (booking confirmations, reminders, review requests)
- Send subscription-related notifications (trial expiry, payment reminders)
- Display analytics and reports to salon owners
- Provide customer support
- Improve the platform based on feedback and usage patterns
- Enforce subscription tier limits
We do NOT:
- Sell your personal data to third parties
- Use your data for advertising
- Share individual client data between unrelated tenants
4. Data Sharing
We share data only with these service providers, solely to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (AWS) | Database, authentication, file storage | All app data (encrypted at rest) |
| Brevo | Transactional emails | Email addresses, names, booking details for email content |
| Stripe | Payment processing | Email, subscription tier, payment method tokens (we never store card numbers) |
| Sentry | Error monitoring | Device info, anonymized error traces |
| Expo | App distribution, push notifications | Push tokens, device identifiers |
5. Data Storage & Security
- All data is stored in Supabase (PostgreSQL) with encryption at rest
- Row Level Security (RLS) enforces tenant isolation — salon A cannot see salon B's data
- Authentication uses Supabase Auth with bcrypt-hashed passwords
- Two-factor authentication (TOTP and email) is available
- API communication uses HTTPS/TLS
- Edge Functions use service-role keys stored as environment secrets
- Session tokens are stored securely on-device via AsyncStorage with auto-refresh
6. Data Retention
- Active account data: retained while your account is active
- Deleted accounts: personal data is removed within 30 days of account deletion request
- Booking history: retained for 24 months for business reporting, then anonymized
- Audit logs: retained for 12 months, then archived/purged
- Platform feedback: retained indefinitely for product improvement (anonymized after account deletion)
7. Your Rights (Kenya Data Protection Act 2019)
As a data subject under the Kenya Data Protection Act, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate personal data
- Erasure — request deletion of your personal data
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing of your data for specific purposes
- Withdraw consent — withdraw consent at any time (this does not affect prior processing)
To exercise any of these rights, email support@hairviaapp.com with the subject line "Data Request". We will respond within 30 days.
8. Children's Data
HairVia is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.
9. Cookies & Tracking
The HairVia mobile app does not use cookies. We collect minimal analytics data (feature usage, error reports) to improve the platform. No third-party advertising trackers are used.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via in-app notification or email. Continued use of the App after changes constitutes acceptance.