GlowSuite

Privacy Policy

Privacy Policy

Last updated: 2026-05-11

GlowSuite is a multi-tenant platform for beauty salons. We process two distinct kinds of personal data: (a) data about you as a salon owner / staff member using GlowSuite, and (b) data about your own clients that you enter into GlowSuite to run your business. We act as a data controller for (a) and as a data processor for (b). This policy explains both.

What we collect

We collect only what we need to run the service.

  • Account data: your name, email, phone, role, and a hashed password.
  • Client data you enter: client names, contact details, appointment history, notes — under your control as data controller for your salon's clients.
  • Usage data: login times, IP, browser, audit log of privileged actions.
  • Billing data: subscription tier, Stripe customer reference. We never store your card number — Stripe does.

How we use it

We use your data to:

  • Provide and operate {app}, including support and bug fixes.
  • Send transactional email (login confirmations, password resets, receipts) and the campaigns you create.
  • Detect abuse, fraud, and security incidents.
  • Meet our legal obligations (tax, accounting, court orders).

Who we share it with

We share data only with processors we need to run the service:

  • Hosting, email delivery (SMTP), SMS gateway (Twilio when configured), and payment processing (Stripe). Each processor has a signed data-processing agreement.
  • We will disclose data only when required by law and we will notify you when legally allowed.

Your rights

Depending on where you live (GDPR, CCPA, LGPD, etc.) you have the right to:

  • Request a copy of your data.
  • Correct inaccurate data.
  • Delete your data (subject to legal retention windows).
  • Export your data in a machine-readable format. Use Settings → Data export to download a ZIP at any time.
  • Opt out of marketing communications at any time via the unsubscribe link in every email.

To exercise any of these rights, email us at no-reply@glowsuite.us.

How long we keep it

Account data: while your subscription is active and for up to 90 days after cancellation, then deleted unless we are legally required to keep it longer. Audit log entries are kept for 365 days for security.

How we protect it

Passwords are hashed with Argon2id. Sessions use HttpOnly + Secure + SameSite cookies. TLS in transit. Multi-tenant isolation at the database query level. Annual review of access controls.

Cookies

We use a single session cookie strictly necessary to keep you signed in, plus an optional preference cookie storing your cookie banner choice. We do not use third-party advertising cookies.

Children

{app} is a business tool and not directed at children under 16. We do not knowingly collect data from anyone under 16.

Changes to this policy

We will email you and update the date above whenever we make a material change.

Contact

Questions, complaints, or data-rights requests: no-reply@glowsuite.us.