Back to homeGet Started

Privacy Policy

Last updated: May 2026

This Privacy Policy governs the collection, use, storage, and disclosure of personal information by OptiFlow (operated by OptiFlow Media, South Africa). By accessing or using our website and booking platform (collectively, the “Service”), you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information:

1.1 Business Information

Salon or business name, physical address, phone number, business type, number of chairs/staff, and related operational details.

1.2 Account and User Information

Full name, email address, password (hashed), role (owner/staff), and login activity of business owners and their staff members.

1.3 Client Information

Names, phone numbers, email addresses (if provided), appointment history, service notes, preferences, and other information clients voluntarily provide through the booking system.

1.4 Payment Information

We do not collect, store, or process payment card details directly. All subscription payments and client deposits are handled exclusively by third-party payment processors such as Stripe, Square, or Paystack. You are responsible for connecting and managing your own accounts with these providers.

1.5 Usage and Technical Data

IP address, browser type, device information, pages visited, booking activity, and other analytics data collected through cookies and similar technologies.

2. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, maintain, and improve the OptiFlow booking platform
  • To process subscription payments and manage accounts
  • To send automated SMS notifications and reminders (via Twilio)
  • To enable client deposit collection through connected payment processors
  • To provide customer support and respond to inquiries
  • To generate business analytics and insights
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations

3. Data Sharing and Disclosure

We do not sell, rent, or trade personal data. We may share information only in the following limited circumstances:

  • With service providers (Twilio for SMS, Stripe/Square/Paystack for payments, Supabase for hosting and database services) who are contractually obligated to protect your data
  • When required by law, court order, or government request
  • To protect the rights, property, or safety of OptiFlow, our users, or the public
  • In the event of a business transfer (merger, acquisition, or sale of assets)

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit and at rest, strict Row Level Security (RLS) in our database, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as necessary to provide our services. You may request deletion of your data at any time, subject to legal obligations.

6. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Receive your data in a portable format
  • Withdraw consent where applicable

7. International Data Transfers

Your data may be transferred to and processed in countries outside of your jurisdiction, including South Africa and the United States. We take appropriate safeguards to ensure your data receives adequate protection.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect data from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.