Privacy Policy

Last updated: December 2024

1. Introduction

ARRA Hairdressers, Inc. ("we," "us," "our") operates ARRA HairTech software and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our salon and barbershop management software.

2. Information We Collect

2.1 Account Information:

• Business name, owner name, contact information
• Email address, phone number, business address
• Payment and billing information
• Username and password

2.2 Business Data:

• Salon/barbershop operational data
• Staff member profiles and schedules
• Service menu and pricing
• Inventory and product information

2.3 Client Data (Your Clients):

• Client names, contact information, appointment history
• Hair photos and style preferences
• Service notes and stylist comments
• Virtual try-on images and 3D models
• Payment and transaction records

2.4 Technical Data:

• IP address, device type, browser information
• App usage statistics and feature engagement
• Camera access for AR try-on features
• Location data (if permitted) for local search

2.5 Communications:

• Support tickets and customer service inquiries
• Email correspondence
• Feedback and survey responses

3. How We Use Your Information

Service Delivery:

• Provide salon management software functionality
• Process 3D hair modeling and AR try-on requests
• Manage appointments, bookings, and scheduling
• Process payments and maintain financial records
• Send appointment reminders and notifications
• Provide customer support

Product Improvement:

• Analyze usage patterns to improve features
• Train AI models for better hair visualization
• Develop new hairstyle templates and options
• Enhance color matching algorithms

Marketing (With Consent):

• Send product updates and new features
• Industry tips and best practices
• Promotional offers (you can opt-out anytime)

4. Legal Basis for Processing

Purpose	Legal Basis
Software service delivery	Contract performance
Marketing communications	Consent (withdrawable)
Product analytics	Legitimate interests
Financial records	Legal obligation

5. Data Sharing

Service Providers:

• AWS (Amazon Web Services): Cloud hosting and storage
• Stripe: Payment processing
• SendGrid: Email delivery services
• Twilio: SMS notifications
• Google Analytics: Usage analytics (anonymized)

6. Data Security

• Encryption: TLS/SSL in transit, AES-256 at rest
• Access Controls: Role-based permissions, two-factor authentication
• Regular Audits: Security assessments and penetration testing
• Backups: Daily automated backups with 30-day retention
• Employee Training: Security awareness programs
• Incident Response: 24-hour notification of breaches

7. Data Retention

• Active Subscriptions: Data retained throughout service term
• After Cancellation: 90 days for reactivation, then deleted
• Financial Records: 7 years (tax compliance requirement)
• Backups: Overwritten after 90 days
• Anonymized Analytics: May retain indefinitely

8. Your Privacy Rights

You Have the Right To:

• Access: Request copy of your data
• Correction: Update inaccurate information
• Deletion: Request data deletion ("right to be forgotten")
• Portability: Export data in standard format
• Restriction: Limit how we process your data
• Objection: Object to processing for marketing
• Withdraw Consent: Opt-out of marketing anytime

9. Your Clients' Data

When you use our software to manage your clients:

• You are the data controller, we are the data processor
• You must obtain consent from clients for photo storage
• You must comply with privacy laws in your jurisdiction
• You can delete client data at any time
• You are responsible for honoring your clients' privacy rights

10. Cookies and Tracking

We use cookies for:

• Session management and authentication
• Analytics and performance monitoring
• Preference storage

See our Cookie Policy for complete details.

11. Children's Privacy

Our software is for business use only. We do not knowingly collect information from individuals under 18. If we discover minor's data, we delete it immediately.

12. International Transfers

Data may be transferred to and processed in the United States. We ensure adequate protections through Standard Contractual Clauses and appropriate safeguards for EU/EEA clients.

13. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if information is sold (we do NOT sell data)
• Right to deletion
• Right to non-discrimination

To Exercise CCPA Rights: Email info@arrahairtech.com with subject "CCPA Request"

14. Changes to Privacy Policy

We may update this policy periodically. Material changes will be notified via email. Continued use after changes = acceptance.

15. Contact Information