Privacy Policy

Welcome to Barberos, a comprehensive barbershop management and online appointment booking system developed by RuyaTech, Tunisia. Barberos consists of a mobile application for barbershop owners, managers, and staff, as well as a public booking website for customers.

At RuyaTech, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.

This policy applies to:

• Barbershop owners, managers, and staff using the Barberos mobile application
• Customers booking appointments through our public website
• All users of our backend systems and APIs

2.1 Owner & Staff Data

When barbershop owners and staff use our mobile application, we collect:

• Name and contact information (email address, phone number)
• Profile photo (optional)
• Business details (business name, address, logo, working hours)
• Staff roles and permissions
• Login credentials (securely hashed passwords)
• Authentication tokens and session data

2.2 Customer Data

For customers booking appointments, we collect:

• Name and phone number (required)
• Email address (optional but recommended for confirmations)
• Appointment data and booking preferences
• Visit history and service records
• Optional notes related to services

2.3 Transaction & Payment Data

We collect transaction-related information including:

• Product and service purchases
• Appointment revenue and payment confirmations
• Tips and discount applications
• Paddle subscription IDs and billing information

2.4 Technical Data

We automatically collect certain technical information:

• Device type and operating system version
• Browser information (for web users)
• Application crash logs (via Firebase Crashlytics)
• Usage analytics and performance data (via Firebase Analytics)
• IP address and general location information

We use the collected information for the following purposes:

• Account Management: Creating and managing user accounts, authentication, and access control
• Appointment Booking: Processing, confirming, and managing appointment bookings and scheduling
• Payment Processing: Processing payments, managing subscriptions, and handling billing
• Business Analytics: Providing insights, reports, and analytics to barbershop owners
• Notifications: Sending appointment confirmations, reminders, and important updates
• Service Improvement: Analyzing usage patterns to improve our application and services
• Customer Support: Providing technical support and customer service
• Legal Compliance: Complying with applicable laws, regulations, and legal processes

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide our services and fulfill our contractual obligations
• Consent: Where you have given clear consent for specific processing activities
• Legitimate Interests: For business analytics, service improvement, and security purposes
• Legal Obligations: To comply with applicable laws, regulations, and legal requirements

We work with trusted third-party service providers to deliver our services. We share data only as necessary and under strict privacy protections:

5.1 Third-Party Services

• Paddle: Payment processing, subscription management, and PCI-compliant billing services
• Firebase (Google): Crashlytics for app stability monitoring and Analytics for usage insights
• Google OAuth: Secure authentication and sign-in services
• Email/SMS Providers: Delivery of appointment confirmations, reminders, and notifications

5.2 Data Protection Commitments

• We do NOT sell your personal data to third parties
• We do NOT engage in mass marketing campaigns without explicit consent
• All third-party providers are bound by strict data protection agreements
• Data is shared only for the specific purposes outlined in this policy

Barberos sends various types of notifications to enhance your experience:

6.1 Customer Notifications

• Appointment confirmation emails
• Appointment reminders (24 hours and 2 hours before)
• Booking verification links
• Reschedule and cancellation updates
• Payment receipts and confirmations

6.2 Staff Notifications

• New appointment assignments
• Schedule changes and updates
• Daily appointment summaries
• Cancellation notifications
• Management messages and updates

6.3 Owner/Manager Notifications

• Low stock alerts
• Subscription and billing updates
• Staff invitation confirmations
• Business reports and analytics summaries

6.4 Delivery Methods

Notifications are sent via:

• Email (primary method)
• SMS (optional, based on user preferences)
• In-app push notifications

You can opt-out of non-essential notifications through your account settings or by contacting our support team.

The Barberos mobile app may request the following permissions:

7.1 Permissions We Request

• Camera Access: For taking profile photos and product images
• Photo Library Access: For uploading existing images from your device
• Network Access: For API communications and data synchronization
• Push Notifications: For sending appointment and business updates
• Location (Optional): For automatic region and currency detection

7.2 Permissions We Do NOT Request

• Access to your contacts or address book
• Microphone access for audio recording
• Access to other apps or sensitive device functions

We implement robust security measures to protect your personal information:

• Encrypted Transmission: All data is transmitted using HTTPS encryption
• Secure Password Storage: Passwords are hashed using bcrypt encryption
• Token-Based Authentication: Secure authentication tokens for API access
• Role-Based Access Control: Granular permissions based on user roles
• Database Segregation: Separate databases for each barbershop tenant
• PCI Compliance: Paddle handles all payment processing with PCI-compliant security
• Regular Security Updates: Continuous monitoring and security improvements

We retain personal data for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained while accounts remain active
• Business Records: Transaction and appointment data may be retained for business and tax purposes
• Account Deletion: Barbershop owners can delete their accounts and associated data
• Customer Data Removal: Customer data can be deleted upon request
• Legal Requirements: Some data may be retained to comply with legal obligations

Depending on your location, you may have the following rights regarding your personal data:

10.1 GDPR Rights (EU/EEA/UK)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where applicable

10.2 CCPA Rights (California Residents)

• Right to Know: Information about data collection and use practices
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@barberos.io with your request. We will respond within the timeframes required by applicable law.

Barberos supports international barbershops and complies with global data protection standards:

• Multi-Currency Support: Paddle handles currency conversions for international transactions
• Regional Compliance: We adhere to data protection laws in the UK, EU, US, and MENA regions
• Transfer Safeguards: International data transfers are protected by appropriate safeguards
• Data Localization: Data is processed in compliance with local data residency requirements where applicable

Barberos is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have inadvertently collected information from a child, please contact us immediately at support@barberos.io, and we will take steps to delete such information.

Our public booking website uses cookies to enhance your experience:

13.1 Types of Cookies

• Essential Cookies: Necessary for basic website functionality and booking processes
• Analytics Cookies: Help us understand website usage and improve our services
• Functional Cookies: Remember your preferences and booking information

13.2 Cookie Management

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect website functionality.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify users via email or in-app notifications
• Continued use of Barberos after changes constitutes acceptance of the updated policy
• We encourage you to review this policy periodically

16.1 EU/EEA/UK Users

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under GDPR:

• You may lodge a complaint with your local supervisory authority
• We will process your data lawfully, fairly, and transparently
• Data minimization: We collect only data necessary for our services
• You can contact your local data protection authority for GDPR-related concerns

16.2 California Residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights:

• Categories of Data Collected: Personal identifiers, commercial information, internet activity, and professional information
• Business Purpose: Service provision, analytics, and customer support
• No Sale of Data: We do not sell personal information to third parties
• You may designate an authorized agent to make requests on your behalf

16.3 Other Jurisdictions

For users in other jurisdictions, we comply with applicable local privacy laws and regulations. If you have specific questions about your rights under local law, please contact us at support@barberos.io.