OurAppSign in

Privacy Policy

Last updated: February 2026

1. Who we are

OurApp ("we", "our", "us") is the data controller for the personal data we collect through this service. You can contact us at the email address provided in the app or on our website for privacy-related requests.

2. What data we collect

We collect and process the following categories of personal data:

  • Account data: name, email, phone (optional), password (stored hashed), profile image.
  • Booking data: appointment details (service, date, time, branch, staff), name, email, phone provided at booking.
  • Preferences: notification and marketing preferences you set in settings.
  • Referral data: referral codes and referral program participation.
  • Reviews: ratings and comments you submit for services.
  • Technical data: session information, IP address (for security and abuse prevention) where necessary.
  • Messaging data: messages you send or receive through integrated channels (e.g. WhatsApp, Instagram, Facebook Messenger), including message content, phone number, and timestamps. These are used to facilitate bookings and customer support via automated and AI-assisted messaging.

3. Why we process your data (legal basis)

We process your data for the following purposes and legal bases (GDPR Art. 6):

  • Account and bookings: performance of a contract and legitimate interest in providing the service.
  • Marketing and promotional emails: your consent (you can withdraw at any time in Settings).
  • Security, fraud prevention, and compliance: legitimate interest and legal obligation.
  • Improving our service: legitimate interest (and consent where we use non-essential cookies or analytics).
  • Automated messaging and AI-assisted booking: performance of a contract and legitimate interest. When you interact with us via WhatsApp or other messaging channels, your messages are processed to facilitate bookings, answer queries, and provide customer support. AI features may generate automated responses based on your messages.

4. Who we share data with

We use trusted service providers who process data on our behalf (processors): hosting and database (e.g. Supabase), payments (Stripe), email (e.g. Resend), messaging platforms (Meta Platforms, Inc. — WhatsApp Business API, Instagram Messaging, Facebook Messenger), and optionally SMS (e.g. Twilio) and AI features (e.g. OpenAI, Anthropic, Google). When you communicate with us via WhatsApp or other Meta channels, your messages are transmitted through Meta's infrastructure subject to Meta's own privacy policy. We have data processing agreements in place where required. We do not sell your personal data.

5. How long we keep your data

We retain your data only as long as necessary for the purposes above. Account and booking data are kept for the duration of your account and as required for legal, tax, or regulatory purposes. You can request erasure (see your rights below). Our detailed retention periods are set out in our internal retention policy.

6. Your rights (GDPR)

If you are in the European Economic Area or the UK, you have the right to:

  • AccessAccess your personal data and receive a copy.
  • RectificationRectification of inaccurate data (you can update your profile and preferences in the app).
  • ErasureErasure ("right to be forgotten") — you can delete your account in Settings → Data & Privacy.
  • Data portabilityData portability — you can download your data in Settings → Data & Privacy.
  • Restrict / objectRestrict or object to certain processing; withdraw consent where we rely on it.
  • ComplaintLodge a complaint with a supervisory authority in your country.

To exercise these rights, use the in-app options (Settings → Data & Privacy) or contact us. We will respond within one month.

7. Security

We use technical and organisational measures (including encryption in transit, secure passwords, and access controls) to protect your data. No method of transmission or storage is 100% secure; we will notify you and regulators of a breach where required by law.

8. International transfers

Your data may be processed in countries outside the EEA. Where we do so, we use appropriate safeguards (e.g. Standard Contractual Clauses or adequacy decisions) as required by law.

9. Cookies and similar technologies

We use essential cookies for authentication and security. Where we use non-essential cookies (e.g. analytics or marketing), we will ask for your consent. You can manage your preferences via our cookie banner or Settings.

10. Changes

We may update this policy from time to time. We will post the updated version here and, for material changes, notify you where appropriate.

Back to home · Terms of Service · Disclaimer · Cookie Policy