Privacy Policy

Nails.Studio is operated from the United States. Depending on your jurisdiction, the entity responsible for processing your personal data (the “data controller”) may vary. For questions about this policy or how we handle your personal data, contact us at privacy@nails.studio.

This policy complements any notices you may see in the app (for example about subscriptions, push notifications, or location) and is not a substitute for legal advice tailored to your situation.

We collect information you provide to us, information generated when you use the Services, and information we receive from partners as described below.

• Account and profile: name, email address, password (stored using secure hashing), profile image, and authentication details when you sign in with email or a third-party provider (such as Apple or Google).
• Salon and business data: if you create or manage a studio, we collect business name, public description, logo, address and location-related fields (including map coordinates and region labels where you set them), time zone, contact channels you choose to display (such as phone or email), your public page address (slug), services and durations, and subscription or billing status.
• Bookings and scheduling: appointments, selected services, dates and times, status, and related operational data needed to operate the booking flow.
• Messages: content of messages you send or receive through in-app messaging between studios and clients.
• Community and engagement: follows (followers), notifications, and similar interactions you enable.
• Technical and device data: IP address, device type, operating system, app version, push notification tokens, crash or diagnostic logs, and cookies or similar technologies on the web.
• Payments and subscriptions: when you purchase Studio Pro or similar subscriptions, payment is processed by Apple App Store, Google Play, or Stripe (for web checkout). We receive subscription status and identifiers—not full card numbers stored on our servers.
• Content you upload: photos you upload for your profile or studio logo, processed and stored securely.

You may choose not to provide certain information, but some features (such as booking or messaging) may not be available without it.

We use personal information to:

• Provide, operate, and improve the Services (including search, discovery, booking, and salon accounts).
• Authenticate you, maintain security, prevent fraud and abuse, and comply with legal obligations.
• Send transactional and service-related communications (such as booking confirmations or reminders where enabled).
• Deliver push notifications where you opt in, and marketing communications only where you have consented when required by law.
• Analyze aggregate usage to improve the product (we prefer aggregated or de-identified data where possible).
• Enforce our terms, protect users, and resolve disputes.

Where the GDPR or similar law applies, we rely on: performance of a contract (providing the Services you request); legitimate interests (securing the platform, improving features, preventing abuse—balanced against your rights); consent (where required, for example certain marketing or optional cookies); and legal obligation (where we must retain or disclose data).

You may withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

We share personal information only as needed to operate the Services with the following categories of recipients:

• Infrastructure and database: our application and data are hosted on Supabase (database, authentication, and related APIs).
• App stores and subscriptions: Apple and Google for app distribution and in-app purchases; RevenueCat may manage subscriptions and entitlements on mobile.
• Web payments: Stripe for subscription checkout on the web where enabled.
• Email: transactional email providers (such as Resend) when we send emails you have requested or that are necessary for the service.
• Maps and location: when you use map features, Google Maps or Apple Maps may process location data according to their policies.
• Push notifications: Firebase Cloud Messaging (or similar) to deliver push notifications.

We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer (such as a merger or acquisition), subject to applicable law.

We retain personal information for as long as your account is active or as needed to provide the Services and to comply with legal obligations (such as tax, accounting, or dispute resolution). When you delete your account, we delete or anonymize personal data as described in our account deletion flow, subject to legal retention limits.

Some information may remain in backups for a limited period before being overwritten.

We use technical and organizational measures appropriate to the nature of the data (including encryption in transit, access controls, and secure hosting). No method of transmission over the Internet is completely secure; we encourage you to use a strong password and protect your account.

Depending on where you live, you may have rights to:

• Access a copy of your personal data.
• Rectify inaccurate data.
• Erase your data in certain circumstances (you may request account deletion via the website or in-app flows where available).
• Restrict or object to certain processing.
• Data portability where applicable.
• Withdraw consent where processing is consent-based.

To exercise these rights, contact privacy@nails.studio. You may also lodge a complaint with a supervisory authority in your country (for EU residents, your local Data Protection Authority).

If you access the Services from outside the United States, your data may be processed in the United States or other countries where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions).

By using the Services, you understand that your information may be transferred to countries that may have different data protection rules than your country.

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction to consent to data processing without parental consent). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will delete it promptly.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including to know categories of personal information collected, to delete certain information, to opt out of sale or sharing (we do not sell personal information for monetary consideration in the traditional sense), and to limit use of sensitive personal information. To submit a request, contact privacy@nails.studio.

We may update this Privacy Policy from time to time. We will post the updated version on this page and indicate the “Last updated” date. If changes are material, we will provide additional notice where required.

For questions about this Privacy Policy or your personal data, contact us at privacy@nails.studio.