Last updated:
Fiinq Ltd ("we", "us", "our") is committed to protecting the personal data of our users. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. By using Fiinq, you agree to the practices described in this policy. This policy applies to all users of the Fiinq platform, including salon owners and staff members.
We collect the following categories of personal data: Account data: name, email address, phone number, and password (hashed) provided during registration. Business data: salon name, address, ABN/business number, and subscription details. Usage data: feature interactions, log data, IP addresses, browser type, and device information collected automatically when you use the Service. Client data: names, contact details, appointment history, and notes that you enter about your own clients. This data belongs to you. Payment data: billing address and the last four digits of your card. Full card details are handled directly by our payment processor and are never stored by us.
We use your data to: • Provide, operate, and maintain the Fiinq platform. • Process payments and manage your subscription. • Send transactional emails (booking confirmations, receipts, password resets). • Send service announcements and product updates (you may opt out at any time). • Improve the platform through aggregated, anonymised analytics. • Comply with legal obligations. We do not use your data for targeted advertising or sell it to third parties.
We process your personal data on the following legal bases under the UK GDPR: Contract: processing necessary to provide the Service you have subscribed to. Legitimate interests: improving our platform, fraud prevention, and security monitoring. Legal obligation: where processing is required to comply with applicable law. Consent: for optional marketing communications, which you may withdraw at any time.
We share data only with trusted third-party service providers necessary to operate the Service, including cloud hosting (Supabase / AWS), payment processing (Stripe), email delivery (Brevo), and error monitoring. Each provider is bound by a data processing agreement and may not use your data for their own purposes. We do not share your data with any other third parties without your explicit consent, except where required by law.
We retain your account and business data for as long as your subscription is active and for up to 3 years after termination to comply with legal and tax obligations. Client data you have entered may be exported and will be deleted upon written request after account closure. Aggregated, anonymised analytics data may be retained indefinitely.
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. While we take all reasonable steps to protect your data, no system is completely secure. Please notify us immediately at security@fiinq.com if you suspect any unauthorised access to your account.
Your data is primarily stored within the UK and European Economic Area. Where data is transferred outside these regions (for example, to cloud infrastructure providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO, to protect your data to the same standard.
Under UK GDPR, you have the right to: • Access: request a copy of the personal data we hold about you. • Rectification: ask us to correct inaccurate data. • Erasure: request deletion of your personal data where there is no legitimate reason for us to continue processing it. • Restriction: ask us to pause processing your data in certain circumstances. • Portability: receive your data in a structured, machine-readable format. • Objection: object to processing based on legitimate interests. • Withdraw consent: at any time for processing based on consent. To exercise any of these rights, contact us at privacy@fiinq.com. We will respond within 30 days.
Fiinq is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.
For any privacy-related questions or to exercise your rights, contact us at privacy@fiinq.com or by post at Fiinq Ltd, [Registered Address]. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.