Glanevo

Privacy Policy

Last updated: April 2, 2026

1. Introduction & controller

This Privacy Policy explains how Glanevo (“we”) processes personal data. Controller: Glanevo group entities (including entities in formation). Contact: privacy@glanevo.com. Services: glanevo.com, the salon panel domain, glansalon.com, and mobile apps.

2. Data we collect

  • Website visitors: IP address, browser/device data, cookie IDs, usage events.
  • Salon owners/admins: name, email, phone, company details, tax ID, bank/IBAN for payouts.
  • Salon clients: name, phone, email, appointment history; payment metadata (last 4 digits, method) — full card data stays with the payment processor.
  • Staff: HR/payroll and attendance data; location may be used only for instant verification and is not stored long-term.

3. Legal bases (GDPR)

We rely on contract performance, legal obligation, legitimate interests (security, fraud prevention, product improvement), and consent where required (marketing, certain cookies).

4. Sharing & processors

We use processors such as Stripe, iyzico, Twilio, Netgsm, Resend, AI providers (e.g. Groq, Google, Anthropic — minimized/anonymized where possible), Vercel, Neon PostgreSQL, and analytics tools under appropriate agreements. We may disclose data if required by law.

5. Retention

  • Account and transaction data: for the life of the account and as required afterward for tax/accounting (often 6–10 years).
  • Security logs: typically ~90 days (may vary).
  • Location used for verification: not retained.
  • Anonymized analytics: may be kept indefinitely.

6. Security

We use HTTPS/TLS, access controls, encryption at rest and in transit where appropriate, bcrypt password hashing, and role-based permissions. Security practices are reviewed on an ongoing basis.

7. Your rights

You may request access, rectification, erasure, restriction, objection, portability, and withdraw consent where applicable via privacy@glanevo.com. You may lodge a complaint with your supervisory authority.

8. Cookies

We use necessary cookies (session, security), preference cookies (e.g. language), and analytics cookies (e.g. Vercel Analytics). Manage preferences via the cookie banner and your browser. This section serves as the cookie policy detail referenced from the banner.

9. International transfers

Primary hosting may be in the EU (e.g. Frankfurt). Where data is transferred outside the EEA, we use Standard Contractual Clauses and supplementary measures as required. Infrastructure providers offer GDPR-aligned DPAs.

10. Changes

We will update this page for material changes and may notify you by email or in-product notice. The “last updated” date appears at the top of this policy.