Privacy Policy

Welcome to Barberos, a comprehensive barbershop management and online appointment booking system developed by RuyaTech, Tunisia. Barberos consists of a mobile application for barbershop owners, managers, and staff, as well as a public booking website for customers.

At RuyaTech, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.

This policy applies to:

• Barbershop owners, managers, and staff using the Barberos mobile application
• Customers booking appointments through our public website
• All users of our backend systems and APIs

2.1 Owner & Staff Data

When barbershop owners and staff use our mobile application, we collect:

• Name and contact information (email address, phone number)
• Profile photo (optional)
• Business details (business name, address, logo, working hours)
• Staff roles and permissions
• Login credentials (securely hashed passwords)
• Authentication tokens and session data

2.2 Customer Data

For customers booking appointments, we collect:

• Name and phone number (required)
• Email address (optional but recommended for confirmations)
• Appointment data and booking preferences
• Visit history and service records
• Optional notes related to services

2.3 Transaction & Payment Data

We collect transaction-related information including:

• Product and service purchases
• Appointment revenue and payment confirmations
• Tips and discount applications
• Paddle subscription IDs and billing information

2.4 Technical Data

We automatically collect certain technical information:

• Device type and operating system version
• Browser information (for web users)
• Application crash logs (via Firebase Crashlytics)
• Usage analytics and performance data (via Firebase Analytics)
• IP address and general location information

We use the collected information for the following purposes:

• Account Management: Creating and managing user accounts, authentication, and access control
• Appointment Booking: Processing, confirming, and managing appointment bookings and scheduling
• Payment Processing: Processing payments, managing subscriptions, and handling billing
• Business Analytics: Providing insights, reports, and analytics to barbershop owners
• Notifications: Sending appointment confirmations, reminders, and important updates
• Service Improvement: Analyzing usage patterns to improve our application and services
• Customer Support: Providing technical support and customer service
• Legal Compliance: Complying with applicable laws, regulations, and legal processes

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide our services and fulfill our contractual obligations
• Consent: Where you have given clear consent for specific processing activities
• Legitimate Interests: For business analytics, service improvement, and security purposes
• Legal Obligations: To comply with applicable laws, regulations, and legal requirements

We may share your information with the following third parties:

• Paddle: Payment processing and subscription management
• Firebase: Authentication, analytics, crash reporting, and push notifications
• Vercel: Website hosting and deployment
• Email Service Providers: For transactional emails and notifications

We use various notification channels to keep you informed:

• Push Notifications: Appointment reminders, booking confirmations, and real-time updates
• Email: Account-related communications, receipts, and important announcements
• In-App: Service updates and feature announcements

Our mobile application may request the following permissions:

• Camera: For uploading profile photos and business logos
• Photo Library: For selecting existing images
• Notifications: For receiving appointment alerts and updates
• Internet Access: Required for core functionality

We implement comprehensive security measures to protect your data:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secure password hashing using bcrypt
• JWT-based authentication with secure token handling
• Regular security audits and vulnerability assessments
• Role-based access control (RBAC)

We retain your data for the following periods:

• Active Accounts: Data is retained while your account is active
• Closed Accounts: Data is deleted within 90 days of account closure
• Legal Requirements: Some data may be retained longer to comply with legal obligations
• Anonymized Data: May be retained indefinitely for analytics purposes

Under GDPR and other privacy regulations, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw previously given consent

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Barberos is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

Our website uses cookies and similar technologies for:

• Essential Cookies: Required for basic website functionality
• Analytics Cookies: To understand how visitors use our site
• Preference Cookies: To remember your settings and preferences

We may update this Privacy Policy periodically. We will notify you of significant changes through email, in-app notifications, or by posting a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights, please contact us:

European Union (GDPR)

EU residents have comprehensive rights under GDPR, including the right to lodge a complaint with a supervisory authority.

California (CCPA)

California residents have additional rights under CCPA, including the right to know what personal information is collected and the right to opt-out of the sale of personal information.

Tunisia

As a Tunisian company, we comply with local data protection regulations and the requirements of the Instance Nationale de Protection des Données Personnelles (INPDP).