Privacy Policy

Randvu ('we', 'us', or 'our') provides a booking and salon-management platform used by salons, barbershops, and beauty businesses (the 'Service'). This Privacy Policy describes how we handle personal data of business users (account holders and staff), guests who book appointments through our platform, and visitors to our public website.

By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

We collect the following categories of information:

• Account data — name, email, phone, business name, role, and password hashes for users who create or are invited to accounts.
• Booking data — appointment times, services, staff, prices, notes, and the contact details of guests who book through the platform.
• Billing data — subscription tier, payment method tokens (held by our payment processor, not by us), and invoice history.
• Usage data — log records, device and browser identifiers, IP address, and product analytics (pages viewed, features used).
• Communications — content of emails, SMS, and in-app messages sent through the platform.

We use personal data to:

• Operate, maintain, and improve the Service.
• Process bookings and send confirmations, reminders, and receipts on behalf of the businesses that use Randvu.
• Authenticate users, prevent fraud, and enforce our Terms of Service.
• Provide customer support and respond to inquiries.
• Send service announcements and, where permitted, marketing communications you can opt out of at any time.
• Comply with legal obligations and protect our rights and the rights of others.

If you are located in the European Economic Area or the United Kingdom, we process personal data on the following legal bases:

• Contract — to deliver the Service to account holders.
• Legitimate interests — to secure, support, and improve the Service, in a way that does not override your rights.
• Consent — for non-essential cookies and certain marketing communications, which you can withdraw at any time.
• Legal obligation — to keep tax records, respond to lawful requests, and comply with applicable laws.

We share personal data with:

• Sub-processors — vetted vendors that host infrastructure, send email and SMS, process payments, and provide analytics on our behalf. They are bound by data-processing terms and may only use data to provide their service to us.
• Salon businesses — guests who book through the platform have their booking and contact data shared with the business they booked with; that business is the controller of that data for its own purposes.
• Authorities — when required by law, court order, or to protect rights, property, or safety.
• Successors — in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

We do not sell personal data.

We use cookies and similar technologies to operate the Service, remember your preferences, and measure product usage. See our Cookies Policy for details on each category and how to manage your choices.

We keep personal data only as long as needed for the purposes described in this Policy, including to provide the Service, comply with legal and tax obligations, resolve disputes, and enforce agreements. Specific retention periods depend on the type of data and the role you hold (account holder, staff, or guest). When data is no longer needed, we delete or anonymize it.

Depending on your location, you may have rights to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete data, subject to legal exceptions.
• Restrict or object to certain processing.
• Receive a portable copy of data you provided.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

To exercise these rights, contact us at the address below. If you are a guest who booked through a Randvu business, please also contact that business — they are the controller of your booking data.

We may transfer personal data to countries other than the one in which you reside, including to our service providers. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to protect your data.

We use organizational and technical measures designed to protect personal data, including encryption in transit, encryption at rest for sensitive fields, access controls, monitoring, and regular review of our security practices. No system is perfectly secure; we cannot guarantee absolute security and we encourage you to use a strong, unique password.

The Service is not directed to children under the age required by your local law (typically 13 or 16). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. We will post the updated version with a new 'Last updated' date and, where the changes are material, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance.

If you have questions about this Privacy Policy or our data practices, contact us at privacy@randvu.com.