Effective Date: February 16, 2026

GetGlossa.com (“we,” “our,” or “us”) operates a Salon & Spa Management Software platform in the UK, offering an all-in-one AI beauty and wellness management system. This Privacy Policy explains in detail how we collect, use, store, and protect your personal information when you use our platform or services.

We are committed to protecting your privacy and complying with the UK GDPR and Data Protection Act 2018.

1. Information We Collect

We collect personal, technical, and usage information from our users, employees, and clients to provide our services effectively:

1.1 Personal Information

• User account details: name, email address, phone number, username, password.

• Business information: salon or spa name, location, license numbers, staff details.

• Client information: names, contact info, appointment history, preferences, medical/skin notes (if provided for services).

• Billing & payment details: card information (via secure payment gateways), invoicing data, and subscription details.

1.2 Usage and Technical Information

• IP addresses, browser type, device type, operating system, and connection information.

• Login activity, pages visited, features used, and interaction with AI-powered tools.

• Analytics data for service performance and optimization.

1.3 Cookies and Tracking Technologies

• Cookies, web beacons, and similar technologies to store preferences, maintain sessions, and analyze usage.

• Cookies may be first-party (for core functionality) or third-party (analytics, ads, or integrations).

2. How We Use Your Information

We use the collected data to provide, maintain, and improve our services, including AI features:

1. Platform Operations:

   • Enable account creation, logins, and service access.

   • Manage appointments, employee schedules, client records, and payments.

2. AI-Powered Services:

   • Generate personalized recommendations for salon/spa operations.

   • Optimize staff schedules, product usage, and client suggestions.

3. Communication & Support:

   • Respond to inquiries, requests, and support tickets.

   • Send updates, notifications, promotional emails (with opt-out options).

4. Marketing & Analytics:

   • Track usage patterns to improve software performance.

   • Run internal and external analytics to understand trends and user behavior.

5. Legal & Security:

   • Detect and prevent fraudulent activities, unauthorized access, or breaches.

   • Comply with legal requirements and obligations.

3. Sharing Your Information

We do not sell your personal information. We may share it under these circumstances:

1. Service Providers:

   • Payment processors, cloud storage, analytics, AI service providers, and software integrations.

2. Legal Compliance:

   • When required by law, court orders, or government authorities.

3. Business Transfers:

   • In case of mergers, acquisitions, or asset sales, your information may be transferred as part of the transaction.

4. Data Retention

• User and client data are retained as long as necessary for the purposes outlined above or as required by law.

• Inactive or deleted accounts: personal data will be securely deleted after a retention period of [e.g., 2 years] unless otherwise required.

5. Your Privacy Rights (UK/EU GDPR)

Depending on your location, you may have the following rights:

1. Access & Correction: Request a copy of your personal data or update inaccuracies.

2. Deletion: Request deletion of personal data where processing is no longer necessary.

3. Restriction & Objection: Restrict or object to certain types of processing (e.g., marketing).

4. Data Portability: Receive your data in a structured, machine-readable format.

5. Withdraw Consent: You can withdraw any consent you have provided for processing.

To exercise your rights, contact contact@getglossa.com.

6. Cookies & Tracking

We use cookies to enhance user experience, analyze trends, and power AI features:

• Essential cookies: Required for login, account security, and core functionality.

• Performance cookies: Collect anonymous usage data to improve software performance.

• Functional cookies: Remember user preferences and settings.

• Marketing cookies: Serve relevant content or advertisements (third-party integrations).

You can disable cookies through your browser settings, but some features may not function correctly.

7. Data Security

We implement strong technical and organizational measures to protect your data:

• Secure servers and encrypted data storage.

• TLS/SSL encryption for data in transit.

• Regular security audits and monitoring.

• Limited access to personal data to authorized personnel only.

Note: No system is completely secure; we cannot guarantee absolute protection.

---

8. Third-Party Services & Integrations

Our platform may integrate with third-party services such as:

• Payment gateways (e.g., Stripe, PayPal)

• Marketing platforms (e.g., Mailchimp)

• Analytics tools (e.g., Google Analytics)

• AI service providers

These third parties have their own privacy policies. We recommend reviewing them before use.

9. Children’s Privacy

Our platform is not intended for children under 13. We do not knowingly collect data from children. If we find such data, it will be deleted immediately.

10. International Data Transfers

If you use our services outside the UK, your personal data may be transferred to servers or third parties in other countries. We ensure adequate safeguards, such as standard contractual clauses or other legal mechanisms, to protect your data.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our services or legal obligations. Updates will be posted on this page with a new effective date. We encourage you to review this page periodically.