Privacy Policy

Last updated: February 1, 2026

Quick summary

Your privacy in plain English.

What How Why
We collect Business details, client info, usage data To send review requests and provide analytics
We store On secure cloud servers (mostly in the US) Because we use cloud services for reliability
We protect With encryption, access controls, monitoring To keep your data safe from unauthorised access
You control Access, correct, delete, opt-out anytime Because it's your data, not ours

Key points. We never sell your data. Negative feedback stays private. Clients can opt-out by replying "STOP". You're responsible for getting client consent before sending SMS.

Beta testing notice

BeautyDesk is currently in closed beta testing. During beta, we may update this policy more frequently as we refine our data practices. Beta users will receive at least 14 days' notice of material changes.

1. Introduction

BeautyDesk is a registered business name of Sabastian Dien Nguyen, a sole trader operating in Australia (ABN 95 987 726 537) ("we", "us", "our").

We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our automated customer sentiment platform for beauty and salon businesses.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

2. Information we collect

Business owner information

  • Account details: name, email address, phone number
  • Business information: business name, address, ABN (if provided)
  • Authentication data: login credentials (stored securely via Clerk)
  • Usage data: dashboard interactions, feature usage, login times

Client information

  • Personal details: client name, phone number
  • Appointment data: date, time, service type
  • Feedback: star ratings (1–5), written comments
  • Communication history: SMS sent/received, delivery status

Technical information

  • Device information, browser type, operating system
  • IP address, approximate location
  • Page views, session data, error logs

3. How we use your information

  • Service delivery: sending SMS review requests to your clients
  • Feedback management: collecting and storing client feedback
  • Analytics: generating sentiment insights and business analytics
  • Service improvement: enhancing features, fixing bugs
  • Communication: sending service updates and support responses
  • Security: preventing fraud and unauthorised access

Automated decision-making

After submitting feedback, all clients see a thank-you message and can share additional comments privately. All clients are shown an optional button to leave a public review on Google if they choose. The client decides whether to take further action — no automatic redirects occur. You can toggle this on/off in your dashboard.

4. Third-party services & international data transfers

BeautyDesk uses cloud-based services hosted outside Australia. By using our service, you consent to the transfer of personal information to the following locations.

Service category Purpose Data location
Database & storage Storing your business data, client information, and feedback United States
Authentication Secure login and account management United States
Web hosting & CDN Delivering the application securely and quickly Global (edge locations)
SMS messaging (primary) Sending review requests via Mobile Message Pty Ltd Australia
SMS messaging (fallback) Delivering SMS via Twilio Inc when the primary sub-processor is unavailable United States
Analytics Understanding how users interact with the platform European Union / United States

Under APP 8 (cross-border disclosure), we take reasonable steps to ensure overseas recipients handle your information in accordance with the Australian Privacy Principles. Named US sub-processors include Twilio Inc (SMS fallback), plus the database, authentication, and analytics providers listed above. All service providers are contractually bound to maintain appropriate security measures.

5. Data security & retention

  • Encryption: data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access controls: role-based access, least-privilege principles
  • Authentication: multi-factor authentication (MFA) available
  • Monitoring: continuous logging, intrusion detection
  • Testing: regular security audits and vulnerability scanning

Data retention

  • Active client data: while account is active
  • Business account: until closure + 90 days
  • Feedback data: 2 years after last interaction
  • SMS logs: 180 days (SPAM Act compliance)
  • Backup data: 30 days

6. Your privacy rights

Under the Australian Privacy Principles and GDPR (for EU users), you have the right to:

  • Access: request access to personal information we hold (APP 12, GDPR Article 15)
  • Correction: request correction of inaccurate information (APP 13, GDPR Article 16)
  • Deletion: request deletion of your personal information (GDPR Article 17)
  • Data portability: receive your data in a machine-readable format (GDPR Article 20)
  • Opt-out: unsubscribe from marketing communications
  • Complaint: lodge a complaint about our handling of your information

GDPR Article 17: Right to erasure

If you are an EU citizen, you have the right to request deletion of your personal data. We will delete your data if:

  • it is no longer necessary for the purposes it was collected
  • you withdraw consent (where consent is the legal basis)
  • you object to processing and there is no overriding legitimate ground
  • we have processed it unlawfully
  • we are required to delete it by law

To request deletion:

  1. Log in to your Beauty Desk account
  2. Go to Settings → Privacy
  3. Click "Request Account Deletion"
  4. Confirm your request via email
  5. Your data will be permanently deleted within 30 days

Alternatively, email privacy@beautydesk.io with the subject line "GDPR Deletion Request" from your registered email address.

To exercise these rights, email legal@beautydesk.io. We respond within 30 days.

7. SMS messaging & client consent

Important. You are responsible for obtaining proper consent from clients before sending SMS messages. Failure to comply with the SPAM Act 2003 can result in penalties up to AUD $2 million for corporations.

Your obligations:

  • Obtain clear, informed consent from clients to receive SMS
  • Keep records of when and how consent was obtained
  • Include opt-out instructions in every message
  • Honour opt-out requests within 5 business days

Client opt-out. Clients can opt-out by replying "STOP", "UNSUBSCRIBE", or "OPT-OUT" to any message. These are processed automatically.

8. Data breach notification

In the event of an eligible data breach likely to result in serious harm, we will:

  • Conduct a prompt assessment within 24 hours
  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) when required
  • Provide recommendations on steps to mitigate harm

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.

9. Changes to this policy

We will notify you of material changes by email at least 30 days before the effective date. Minor changes will be posted on this page with an updated date. During beta, we may update more frequently with at least 14 days' notice for material changes.

10. Contact us

For privacy questions or to exercise your rights:

BeautyDesk

Email: legal@beautydesk.io

Postal: NSW 2166, Australia

Office of the Australian Information Commissioner (OAIC)

If you're not satisfied with our response, you may contact the OAIC:

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

This Privacy Policy is governed by the laws of New South Wales, Australia.

Version 2.0 (Final) · Compliant with Privacy Act 1988 and all 13 Australian Privacy Principles (APPs).