Privacy Policy

Last updated: January 15, 2025

This Privacy Policy describes how IVAN VIERIN PEREBIICHUK (operating as "Henzo", "we", "us", or "our") collects, uses, and shares your personal information when you use our services. We are committed to protecting your privacy and handling your information responsibly.

Data Controller Information:

  • Company Name: IVAN VIERIN PEREBIICHUK
  • Tax Identification Number (NIP): PL5252954316
  • Registered Country: Poland
  • Service Brand: Henzo
  • Contact Email: hello@henzo.app

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the information above.

Information We Collect

We collect information from various sources, as described below:

1. Information You Provide Directly:

  • Account Information: Name, email address, phone number, password (hashed)
  • Booking Information: Service preferences, booking dates and times, special requests, notes
  • Profile Information: Profile photos (if uploaded), favorite salons, preferences
  • Communication Data: Messages sent through our platform, support requests, feedback
  • Business Information: If you are a service provider, we collect business name, address, services offered, pricing, working hours, photos, and other business-related information

2. Information Collected Automatically:

  • Device Information: IP address, browser type and version, operating system, device type, unique device identifiers
  • Usage Information: Pages visited, time spent on pages, clicks, searches, interactions with features
  • Location Information: Approximate location based on IP address (for location-based services), precise location if you grant permission
  • Log Data: Access times, error logs, performance data

3. Information from Third Parties:

  • Authentication Providers: If you sign in using Google OAuth, we receive your email, name, and profile photo from Google
  • Analytics Providers: Google Analytics provides us with aggregated usage statistics and analytics data

Required vs. Optional Information: Some information is required to use our Service (e.g., email for account creation), while other information is optional (e.g., profile photo). We will indicate which fields are required at the time of collection.

Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our booking services, process bookings, send confirmations, and communicate about your bookings
  • Consent: For marketing communications, analytics cookies, and non-essential data processing. You can withdraw your consent at any time
  • Legitimate Interest: To improve our services, ensure security, prevent fraud, analyze usage patterns, and maintain the safety and integrity of our platform
  • Legal Obligation: To comply with legal requirements, such as tax obligations, accounting records, and responding to legal requests

How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To create and manage your account, process bookings, send booking confirmations and reminders, facilitate communication between you and service providers
  • Communication: To respond to your inquiries, send service-related notifications, and provide customer support
  • Improvement: To analyze usage patterns, improve our services, develop new features, and enhance user experience
  • Security: To detect and prevent fraud, abuse, and security threats, and to ensure platform safety
  • Marketing: To send promotional communications about our services (only with your consent). You can opt out at any time
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

Information Sharing and Third-Party Services

We share your information with the following categories of recipients:

1. Service Providers:

  • Supabase (Database & Authentication): We use Supabase to store your personal data, manage user accounts, and handle authentication. Supabase processes data in accordance with their privacy policy and applicable data protection laws.
  • Brevo (Sendinblue) (Email Service): We use Brevo to send transactional emails (booking confirmations, reminders) and marketing emails (with your consent). Brevo is located in the EU and processes email addresses and names.
  • Google Analytics (Analytics): We use Google Analytics (ID: G-KBLFJ1533R) to analyze website usage and improve our services. Google Analytics collects IP addresses (anonymized), device information, and browsing behavior. This requires your consent. Google is located in the US.
  • Google OAuth (Authentication): If you choose to sign in with Google, Google provides us with your email, name, and profile photo. Google is located in the US.
  • Vercel (Hosting): Our website is hosted on Vercel, which processes server logs and IP addresses. Vercel may be located in the US or EU depending on the region.

2. Service Providers (Business Users):

When you make a booking, we share necessary information (name, contact details, booking details) with the service provider (salon, barbershop, etc.) to facilitate the booking. Service providers are independent contractors and are responsible for their own data processing.

3. Legal Requirements:

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

4. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data in transit is encrypted using TLS (Transport Layer Security). Sensitive data at rest is encrypted using industry-standard encryption methods.
  • Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis.
  • Authentication: User accounts are protected by secure password hashing and authentication mechanisms.
  • Regular Updates: We regularly update our systems and security measures to address potential vulnerabilities.
  • Monitoring: We monitor our systems for security threats and unauthorized access attempts.
  • Backup and Recovery: We maintain regular backups of data and have disaster recovery procedures in place.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you become aware of any security breach, please contact us immediately.

Your Data Protection Rights

You have the following rights regarding your personal data:

  • Right to Access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16 GDPR): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17 GDPR - "Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances (e.g., when data is no longer necessary, you withdraw consent, or data was unlawfully processed).
  • Right to Restrict Processing (Article 18 GDPR): You have the right to request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object (Article 21 GDPR): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Article 7 GDPR): If we process your data based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at hello@henzo.appwith the subject line "Data Protection Request". We will respond to your request within 30 days (or as required by applicable law).

Right to Lodge a Complaint:If you are located in the EU and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content.

Types of Cookies We Use:

  • Essential Cookies: Required for the Service to function. These include session cookies for authentication and security. These cookies do not require consent.
  • Analytics Cookies: We use Google Analytics (G-KBLFJ1533R) to understand how users interact with our Service. These cookies collect anonymized information about your browsing behavior. These cookies require your consent.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.

Cookie Retention:

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Stored for up to 2 years or until you delete them
  • Google Analytics: 26 months (default retention period)

Managing Cookies:

You can control cookies through:

  • Our cookie banner, which appears when you first visit our website
  • Your browser settings (most browsers allow you to refuse or delete cookies)
  • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Note: Disabling certain cookies may affect the functionality of our Service.

Data Retention

We retain your personal information for the following periods:

  • Account Data: While your account is active and for 3 years after account deletion (for tax and legal compliance purposes)
  • Booking Records: 7 years after the booking date (for accounting and legal requirements)
  • Marketing Data: Until you withdraw consent or unsubscribe from marketing communications
  • Server Logs: 90 days
  • Analytics Data: 26 months (Google Analytics default retention period)
  • Support Communications: 3 years after the last communication

After the retention period expires, we will securely delete or anonymize your personal information, except where we are required to retain it for longer periods by law (e.g., tax records, accounting requirements).

When you delete your account, we will delete or anonymize your personal information within 30 days, subject to the retention periods described above for legal compliance.

International Data Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including:

  • United States: Google Analytics, Google OAuth, and Vercel (hosting) process data in the US
  • European Union: Brevo (email service) processes data in the EU
  • Other Regions: Supabase may process data in various regions depending on your project configuration

Safeguards for Data Transfers:

When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our service providers
  • Adequacy Decisions: We transfer data to countries with adequacy decisions by the European Commission where applicable
  • Service Provider Commitments: Our service providers are required to maintain appropriate data protection standards

By using our Service, you consent to the transfer of your data to these countries. If you have questions about specific transfers, please contact us.

Children's Privacy

Our Service is available to users of all ages. However, we take the privacy of children seriously. If you are under 13 years of age, you may only use the Service with the express consent and supervision of a parent or legal guardian.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information without your consent, please contact us immediately at hello@henzo.app, and we will take steps to delete such information promptly.

For users between 13 and 18 years of age, we recommend that you obtain parental or guardian consent before using the Service, especially when making bookings or providing personal information.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify the relevant data protection authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
  • Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms (as required by GDPR Article 34)
  • Provide information about the nature of the breach, the categories of data affected, the likely consequences, and measures taken to address the breach

If you become aware of any security breach or unauthorized access to your account, please contact us immediately at hello@henzo.app.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes (if you have provided an email address)
  • Displaying a notice on our website

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you may stop using the Service and request deletion of your account.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at hello@henzo.app

This Privacy Policy is effective as of January 15, 2025.