Sign In

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how 1st4media S.à r.l. ("we") processes personal data when you use SalonTic, in accordance with the EU General Data Protection Regulation (GDPR) and Luxembourg data-protection law.

1. Data controller

1st4media S.à r.l., 28, cité Joseph Brebsom, L-4046 Esch-sur-Alzette, Luxembourg (RCS B133937), is the controller responsible for your personal data. You can reach us for any privacy matter through the in-app support assistant.

When you book an appointment, your booking details and contact information are shared with the salon you choose, which acts as an independent controller for its own client records.

2. What data we process

Depending on how you use the platform, we may process:

  • Account data: name, email, password (stored hashed), role and preferences.
  • Booking and CRM data: appointments, services, notes and history.
  • Payment data: transaction status and references (card details are handled by Mollie, not by us).
  • Salon data: business details, services, staff, opening hours and approximate location.
  • Technical data: IP-derived approximate location (city/region/country) attached to bookings, device/log data, and cookies (see our Cookie Policy).

3. Why and on what legal basis

We process personal data on the following GDPR legal bases:

  • Performance of a contract — to provide accounts, bookings and payments (Art. 6(1)(b)).
  • Legitimate interests — to secure, improve and analyse the platform, including aggregate analytics (Art. 6(1)(f)).
  • Legal obligation — to keep accounting and tax records (Art. 6(1)(c)).
  • Consent — where required, e.g. for optional communications (Art. 6(1)(a)); you may withdraw it at any time.

4. Analytics and approximate location

To understand where demand comes from and improve the service, we compute aggregate, non-identifying statistics about bookings across the platform.

When you make a booking we record a coarse, approximate location — city, region and country — derived from your connection by our hosting network (Vercel edge headers). We never store your raw IP address and never collect precise GPS coordinates. This location is shown only in aggregate dashboards to platform administrators; it is not used to profile or track you individually, and we do not use advertising or cross-site tracking networks.

The legal basis is our legitimate interest (Art. 6(1)(f)) in understanding and improving the marketplace; because the data is coarse and used only in aggregate, the impact on you is minimal. This location is stored with the booking record and is removed or anonymized when that booking data is deleted.

5. Service providers (processors)

We use carefully selected providers who process data on our behalf:

  • Supabase — Database, authentication & file storage (European Union).
  • Vercel — Application hosting & content delivery (European Union / global edge).
  • Mollie — Payment processing (European Union).
  • OpenStreetMap / Nominatim — Address geocoding (European Union).

6. International transfers

We aim to keep data within the European Union. Where a provider processes data outside the EU/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. How long we keep data

We keep personal data only as long as necessary:

  • Account and profile data: while your account is active, then deleted or anonymized within 12 months of closure.
  • Bookings and CRM data: for the duration of the client relationship.
  • Invoices, payments and accounting records: 10 years, as required by Luxembourg commercial and tax law.
  • Reviews: until removed by the author or upon account deletion.
  • Support messages: up to 3 years.
  • Marketing/waitlist data: until you withdraw consent.

8. Your rights

Under the GDPR you have the right to:

  • Access, rectify or erase your personal data.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with the Commission nationale pour la protection des données (CNPD) (https://cnpd.public.lu).

9. Security

We use appropriate technical and organizational measures, including encryption in transit, access controls and row-level security, to protect personal data. No system is completely secure, but we work to protect your data and to notify you and the authority of qualifying breaches as required by law.

10. Contact and changes

To exercise your rights or ask a privacy question, contact us through the in-app support assistant. We may update this policy; material changes will be communicated through the platform.