Privacy Policy
Last updated: February 1, 2026
Quick Summary: Your Privacy in Plain English
| What | How | Why |
|---|---|---|
| We collect | Business details, client info, usage data | To send review requests and provide analytics |
| We store | On secure cloud servers (mostly in the US) | Because we use cloud services for reliability |
| We protect | With encryption, access controls, monitoring | To keep your data safe from unauthorised access |
| You control | Access, correct, delete, opt-out anytime | Because it's your data, not ours |
Key Points: We never sell your data. Negative feedback stays private. Clients can opt-out by replying "STOP". You're responsible for getting client consent before sending SMS.
Beta Testing Notice
BeautyDesk is currently in closed beta testing. During beta, we may update this policy more frequently as we refine our data practices. Beta users will receive at least 14 days' notice of material changes.
1. Introduction
BeautyDesk is a registered business name of Sabastian Dien Nguyen, a sole trader operating in Australia (ABN 95 987 726 537) ("we", "us", "our").
We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our automated customer sentiment platform for beauty and salon businesses.
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
2. Information We Collect
Business Owner Information
- Account Details: Name, email address, phone number
- Business Information: Business name, address, ABN (if provided)
- Authentication Data: Login credentials (stored securely via Clerk)
- Usage Data: Dashboard interactions, feature usage, login times
Client Information
- Personal Details: Client name, phone number
- Appointment Data: Date, time, service type
- Feedback: Star ratings (1-5), written comments
- Communication History: SMS sent/received, delivery status
Technical Information
- Device information, browser type, operating system
- IP address, approximate location
- Page views, session data, error logs
3. How We Use Your Information
- Service Delivery: Sending SMS review requests to your clients
- Feedback Management: Collecting and storing client feedback
- Analytics: Generating sentiment insights and business analytics
- Service Improvement: Enhancing features, fixing bugs
- Communication: Sending service updates and support responses
- Security: Preventing fraud and unauthorised access
Automated Decision-Making
After submitting feedback, all clients see a thank-you message. Clients who rate 4-5 stars are shown an optional button to leave a public review on Google if they choose. Clients who rate 1-3 stars are shown an optional feedback form to share additional comments privately. In both cases, the client decides whether to take further action — no automatic redirects occur. You can toggle this on/off in your dashboard.
4. Third-Party Services & International Data Transfers
BeautyDesk uses cloud-based services hosted outside Australia. By using our service, you consent to the transfer of personal information to the following locations:
| Service Category | Purpose | Data Location |
|---|---|---|
| Database & Storage | Storing your business data, client information, and feedback | United States |
| Authentication | Secure login and account management | United States |
| Web Hosting & CDN | Delivering the application securely and quickly | Global (edge locations) |
| SMS Messaging | Sending review requests to your clients | Australia |
| Analytics | Understanding how users interact with the platform | European Union / United States |
Under APP 8, we take reasonable steps to ensure overseas recipients handle your information in accordance with the Australian Privacy Principles. All service providers are contractually bound to maintain appropriate security measures.
5. Data Security
- Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
- Access Controls: Role-based access, least-privilege principles
- Authentication: Multi-factor authentication (MFA) available
- Monitoring: Continuous logging, intrusion detection
- Testing: Regular security audits and vulnerability scanning
Data Retention
- Active Client Data: While account is active
- Business Account: Until closure + 90 days
- Feedback Data: 2 years after last interaction
- SMS Logs: 180 days (SPAM Act compliance)
- Backup Data: 30 days
6. Your Privacy Rights
Under the Australian Privacy Principles and GDPR (for EU users), you have the right to:
- Access: Request access to personal information we hold (APP 12, GDPR Article 15)
- Correction: Request correction of inaccurate information (APP 13, GDPR Article 16)
- Deletion: Request deletion of your personal information (GDPR Article 17)
- Data Portability: Receive your data in a machine-readable format (GDPR Article 20)
- Opt-out: Unsubscribe from marketing communications
- Complaint: Lodge a complaint about our handling of your information
GDPR Article 17: Right to Erasure ("Right to be Forgotten")
If you are an EU citizen, you have the right to request deletion of your personal data. We will delete your data if:
- - It is no longer necessary for the purposes it was collected
- - You withdraw consent (where consent is the legal basis)
- - You object to processing and there is no overriding legitimate ground
- - We have processed it unlawfully
- - We are required to delete it by law
To request deletion:
- 1. Log in to your Beauty Desk account
- 2. Go to Settings - Privacy
- 3. Click "Request Account Deletion"
- 4. Confirm your request via email
- 5. Your data will be permanently deleted within 30 days
Alternatively, email privacy@beautydesk.io with the subject line "GDPR Deletion Request" from your registered email address.
To exercise these rights, email legal@beautydesk.io . We respond within 30 days.
7. SMS Messaging & Client Consent
Important: You are responsible for obtaining proper consent from clients before sending SMS messages. Failure to comply with the SPAM Act 2003 can result in penalties up to AUD $2 million for corporations.
Your obligations:
- Obtain clear, informed consent from clients to receive SMS
- Keep records of when and how consent was obtained
- Include opt-out instructions in every message
- Honour opt-out requests within 5 business days
Client opt-out: Clients can opt-out by replying "STOP", "UNSUBSCRIBE", or "OPT-OUT" to any message. These are processed automatically.
8. Data Breach Notification
In the event of an eligible data breach likely to result in serious harm, we will:
- Conduct a prompt assessment within 24 hours
- Notify affected individuals as soon as practicable
- Notify the Office of the Australian Information Commissioner (OAIC) when required
- Provide recommendations on steps to mitigate harm
We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.
9. Changes to This Policy
We will notify you of material changes by email at least 30 days before the effective date. Minor changes will be posted on this page with an updated date. During beta, we may update more frequently with at least 14 days' notice for material changes.
10. Contact Us
For privacy questions or to exercise your rights:
- Email: legal@beautydesk.io
- Postal: NSW 2166, Australia
Office of the Australian Information Commissioner (OAIC)
If you're not satisfied with our response, you may contact the OAIC:
- Website: oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
This Privacy Policy is governed by the laws of New South Wales, Australia.
Version 2.0 (Final) | Compliant with Privacy Act 1988 and all 13 Australian Privacy Principles (APPs)
Full legal document available at legal@beautydesk.io