Privacy Policy

For personal data about our account holders and website visitors, the data controller is [LEGAL ENTITY NAME], [REGISTERED ADDRESS]. You can contact us about privacy matters at support@slotera.app.

Where a business uses Slotera to manage personal data about its own clients (for example, the names and contact details of people who book appointments), that business is the data controller for that data and we act as its data processor.

Account and business information: your name, email address, password (stored hashed), business name, timezone, language, working hours, services, and team members.

Booking and customer information: when bookings are made through a business's booking page, we process the customer's name, phone number, email, and any notes, on behalf of that business.

Usage and device information: log data such as IP address, browser type, pages viewed, and timestamps, used to operate and secure the Service.

Payment information: payments are processed by Paddle.com (see "Payments" below). We do not store full card details; we receive limited transaction and subscription information needed to manage your account.

Communications: messages you send us and our email correspondence with you.

To provide, maintain, and improve the Service; to create and manage accounts; to send transactional messages (such as booking confirmations and account emails); to process payments and manage subscriptions; to provide support; to ensure security and prevent abuse; and to comply with legal obligations.

We process personal data on the following GDPR legal bases: performance of a contract (to provide the Service you sign up for); our legitimate interests (to secure, operate, and improve the Service); compliance with a legal obligation (for example, tax and accounting); and consent where required (for example, certain non-essential cookies or marketing).

Our order process and payments are conducted by our online reseller and Merchant of Record, Paddle.com. Paddle handles the payment transaction and related data as an independent controller for that purpose, and provides associated billing support. Please review Paddle's privacy notice at paddle.com to understand how Paddle processes your payment data.

We use strictly necessary cookies to operate the Service (for example, to keep you signed in and remember your language preference). We may use limited analytics to understand how the Service is used. Where required by law, we ask for your consent before setting non-essential cookies. You can control cookies through your browser settings.

We do not sell your personal data. We share it only with service providers (subprocessors) who help us run the Service, under contracts that require them to protect it, including: cloud hosting and serverless compute (Vercel), database hosting (Neon/PostgreSQL), transactional email delivery (Resend), and payment processing (Paddle.com).

We may also disclose information where required by law or legal process, to protect our rights or the safety of users, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

Our providers may process data in the European Union and other countries. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

We retain personal data for as long as your account is active and as needed to provide the Service, then for a reasonable period to comply with legal, tax, and accounting obligations, after which it is deleted or anonymised. Businesses can delete or anonymise their clients' data from within the Service.

Subject to applicable law, you have the right to access, rectify, erase, restrict, and port your personal data, to object to certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact us at support@slotera.app.

You also have the right to lodge a complaint with your local data-protection authority (in Portugal, the Comissão Nacional de Proteção de Dados — CNPD). Where a business is the controller of your data (for example, the salon you booked with), please direct your request to that business.

We use technical and organisational measures to protect personal data, including encryption in transit, hashed passwords, access controls, and tenant data isolation. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will post the updated version here and, for material changes, provide additional notice. The "last updated" date indicates when it was last revised.

Questions about this Privacy Policy or your personal data? Contact us at support@slotera.app ([LEGAL ENTITY NAME], [REGISTERED ADDRESS]).