Privacy Policy for NailMate

Effective Date: January 24, 2026Last Updated: January 24, 2026

"At NailMate, we value the trust of the Vietnamese salon community in the UK. This Privacy Policy explains how we collect, use, and protect your information and your customers' information when you use our WhatsApp-based AI assistant and our website (nailmate.app)."

1. Information We Collect

We collect information necessary to provide our "Intelligent Salon Partner" services:

  • Salon Owner Data: Name, business name, email address, phone number, and Stripe Account ID (via Stripe Connect).
  • Customer Data: WhatsApp phone numbers, appointment details, and booking history.
  • Visual Data: Images of nail designs uploaded to our AI for analysis.
  • Technical Data: IP addresses and usage logs from our Google Cloud Run environment.

2. How We Use Your Data

We process data based on Contractual Necessity and Legitimate Interest:

Service Delivery: To manage bookings, send WhatsApp reminders, and generate vouchers.
AI Analysis: Our "Artistic Brain" uses Google Gemini 1.5 Flash to analyze trends and provide expert consultations.
Payment Processing: We facilitate payment links through Stripe. NailMate does not store credit card numbers; all financial data is handled securely by Stripe.
Trend Hunting: We ingest public fashion data to provide you with high-fashion forecasts.

3. Data Storage and Security

  • Hosting: Your data is processed on Google Cloud Run (Europe-West1 region).
  • Vector Storage: AI-related embeddings (knowledge base) are stored securely in Pinecone.
  • Encryption: We use industry-standard encryption to protect data in transit and at rest.

4. Third-Party Services

To provide a high-end service, we share limited data with the following trusted partners:

Google (Gemini/Cloud)PineconeStripeWhatsApp (Meta)

5. UK GDPR Rights

As a UK-based user, you (and your customers) have the following rights:

  • Right to Access: You can request a copy of the data we hold.
  • Right to Erasure: You can request that we delete your data ("Right to be Forgotten").
  • Right to Rectification: You can ask us to correct inaccurate information.
  • Withdrawal of Consent: You can stop WhatsApp communications at any time by texting "STOP" or "HỦY".

6. International Data Transfers

While we host data in the UK/EU where possible, some processing (such as Google AI services) may occur in the US. We ensure these transfers are protected by standard contractual clauses to maintain UK-level protection.

7. Contact Us

For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer:

support@nailmate.app

8. Acknowledgement for Salon Owners

By using NailMate, you agree to inform your customers that their booking data is processed via our WhatsApp AI and that they may receive automated reminders.

Data Processing Agreement (DPA) Summary

This agreement ensures that the Salon Owner remains compliant with UK GDPR while using NailMate’s AI tools to handle customer data.

1. Purpose

Between: [Salon Name] (The Controller) and NailMate (The Processor). This summary outlines how we handle data on your behalf.

2. Scope of Processing

  • Automating appointment bookings via WhatsApp.
  • Sending SMS/WhatsApp reminders and marketing vouchers.
  • Processing digital payments through Stripe.

3. Processor Obligations (NailMate's Commitment)

Security: We implement technical measures (Google Cloud Encryption, Pinecone Vector Protection) to secure all data.
Confidentiality: All staff and systems handling data are subject to strict confidentiality duties.
Sub-processors: We only use trusted infrastructure partners like Google and Pinecone to provide the AI services.
Data Subject Rights: We will assist the Salon Owner in responding to any customer requests for data deletion or access.

4. Data Breach Notification

In the unlikely event of a data breach, NailMate will notify the Salon Owner within 48 hours so that legal obligations to the ICO can be met.