Privacy Policy

Effective date: [Insert date]

Controller: Angels Hair Mall (“we”, “us”, “our”)

Contact: [your email] · [your address]

This template is provided for general information only and does not constitute legal advice. You should tailor it to your data flows (Firebase, Stripe, Cloudinary, etc.) and obtain independent legal advice.

1) Overview

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, book appointments, create an account, or interact with our content (gallery/blog).

2) The personal data we collect

Category	Examples	Why we use it
Account data	Name, email, login identifiers	To create and manage your account, authenticate you, prevent fraud
Booking data	Selected services, stylist, date/time, notes, booking status	To manage appointments, availability, confirmations, customer support
Contact data	Phone number (if provided), messages to us	To send booking notifications, reminders, and respond to enquiries
Payment data	Payment status, transaction identifiers (not full card details)	To take deposits and manage payments/refunds through payment providers
Content data	Reviews, feedback, uploaded images/videos (where applicable)	To display content, moderate, and improve our services
Technical data	IP address, device info, logs, cookies	To operate securely, diagnose issues, analytics (if enabled)

3) Lawful bases for processing (UK GDPR)

Contract: To provide bookings and account services you request.
Legitimate interests: Security, fraud prevention, service improvement, platform administration.
Consent: For optional marketing communications and certain cookies/analytics (where required).
Legal obligations: Accounting, tax, and regulatory requirements where applicable.

4) How we use your information

To authenticate users and manage accounts.
To create and manage bookings, and show accurate availability.
To process deposits/payments and handle refunds (where applicable).
To send service messages (e.g., booking confirmations, reminders, updates).
To secure and maintain the website, prevent misuse, and troubleshoot issues.
To manage and display gallery/blog content (where applicable).

5) Sharing your information

We may share your data with service providers who help us run the site, for example:

Google Firebase (Authentication + Realtime Database) for login and storing booking/profile data.
Stripe for payment processing (deposits, Apple Pay/Google Pay where available).
Cloudinary for hosting uploaded images/videos (e.g., gallery, stylist photos).
Formspree (if used) to deliver certain form submissions/notifications.
Hosting/analytics providers (if enabled) to run and measure site performance.

We do not sell your personal data. We may disclose information if required by law, regulation, or to protect our rights and users.

6) International transfers

Some providers may process data outside the UK. Where international transfers occur, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

7) Data retention

We keep personal data only as long as necessary for the purposes described in this Policy, including legal, accounting, or reporting requirements. Typical retention may include:

Account data: for as long as your account remains active, then a reasonable period after closure.
Booking records: for operational and compliance reasons (e.g., dispute handling and accounting).
Logs/security: retained for a limited period for security and troubleshooting.

8) Your rights

Depending on your circumstances, you may have rights to:

Access your personal data.
Correct inaccurate or incomplete data.
Request deletion (where applicable).
Restrict or object to processing.
Data portability (in certain cases).
Withdraw consent where processing is based on consent.

To exercise these rights, contact us at [your email]. We may need to verify your identity.

9) Cookies and similar technologies

We may use cookies and similar technologies for essential functionality (e.g., login sessions) and, if enabled, analytics. Where required, we will request consent before placing non-essential cookies.

10) Security

We implement reasonable technical and organisational measures to protect personal data (e.g., access controls, authentication). However, no method of transmission or storage is completely secure.

11) Children

Our services are not intended for children under 13 (or the applicable age in your jurisdiction). If you believe a child has provided personal data, contact us so we can take appropriate action.

12) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date.

13) Complaints

If you have concerns, contact us first so we can try to resolve them. You may also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

14) Contact

Email: [your email]
Address: [your business address]