Privacy Policy

YallaSalon is a project/product of MATCHABLE FOR INNOVATION & ARTIFICIAL INTELLIGENCE RESEARCH & CONSULTANCIES LLC, a UAE limited liability company.

YallaSalon provides salon, spa, nail studio, and barbershop management software built for the UAE. The product includes online booking, appointment management, client records, staff management, invoices, checkout, deposits, WhatsApp and email notifications, reporting, customer account links, and support tools.

In this policy, YallaSalon refers to the YallaSalon product and team. A salon means a business using YallaSalon. A client means a customer of a salon who books or receives services through a YallaSalon booking page or communication.

For most salon client data, the salon decides why the information is collected and how it is used. YallaSalon processes that data to provide the software and related services to the salon. For data we collect directly about YallaSalon accounts, support, security, billing, website visits, and product operations, YallaSalon may act as the controller of that information.

Salons are responsible for having permission to add client information to YallaSalon, send booking communications, and use client data in line with applicable laws and their own customer notices.

• Account and staff information, such as names, emails, phone numbers, roles, permissions, login activity, and venue access.
• Salon profile information, such as salon name, address, location links, business hours, services, prices, staff profiles, policies, images, TRN or tax invoice fields, and booking settings.
• Client and booking information, such as client names, phone numbers, emails, appointments, service selections, notes provided by the salon or client, booking status, cancellation or no-show status, and communication preferences.
• Invoice, checkout, and payment-related information, such as invoice numbers, totals, VAT fields, deposits, payment status, payment links, refunds, and Stripe Connect or payment processor identifiers. YallaSalon does not store full card numbers or raw card security codes.
• Messaging information, such as WhatsApp and email template names, delivery status, timestamps, opt-in indicators, failed delivery logs, and redacted inbound WhatsApp messages needed to operate automated replies and support flows.
• Support and product usage information, such as messages sent to YallaSalon support, diagnostic logs, browser/device details, IP-derived security information, and actions taken inside the app.
• Website and cookie information, such as pages visited, referral source, approximate location, device type, and similar analytics or security data.

• Provide, maintain, and secure the YallaSalon app, booking pages, dashboard, invoices, reports, and customer account flows.
• Process bookings, cancellations, rescheduling, deposits, checkout, invoices, refunds, reminders, reviews, queues, and customer communications.
• Send service-related messages by WhatsApp, email, or other supported channels, including confirmations, reminders, deposit requests, receipts, account links, and operational alerts.
• Support salons and clients, troubleshoot issues, respond to requests, improve product quality, and develop safer automation features.
• Detect, prevent, and investigate fraud, abuse, unauthorized access, spam, webhook failures, payment issues, and security incidents.
• Comply with legal, regulatory, tax, accounting, dispute, and enforcement obligations.
• Measure and improve website performance, product usability, onboarding, and reliability.

We do not sell salon client lists. We do not use salon client lists to create a consumer marketplace for third-party salons.

If a salon enables messaging features, YallaSalon may use Meta WhatsApp Cloud API, SendGrid, and similar providers to send booking confirmations, reminders, deposit requests, receipts, review requests, account links, and operational notifications.

When someone messages the YallaSalon WhatsApp number, we may store a redacted and sanitized version of the message, route it through deterministic booking logic, and, where enabled, use an AI assistant to provide short answers based on public salon information such as services, prices, opening hours, location, and booking links. We design AI replies not to access raw payment data, private invoices, hidden internal IDs, secrets, or unrelated salon data.

WhatsApp conversations routed to a salon may be associated with that salon account and shown to authorized salon users, YallaSalon support, or platform administrators where needed for booking operations, customer support, audit, safety, legal requests, or dispute handling.

AI-assisted features may use OpenAI or another configured AI provider. We send only the information needed for the feature, such as sanitized message text, public salon/service context, booking state, and safe diagnostic metadata. We do not intentionally send full card numbers, raw payment secrets, or unrelated customer records to AI providers.

YallaSalon may integrate with payment processors such as Stripe to support deposits, saved-card setup, payment links, invoices, refunds, and salon payouts. Card details are handled by the payment processor. YallaSalon stores only the payment and payout information needed to show payment status, reconcile bookings and invoices, support disputes, and operate the product.

We share information only where needed to operate, secure, support, or comply with the service. This may include:

• Hosting, database, storage, and infrastructure providers such as Supabase and Vercel.
• Payment processors and financial providers such as Stripe and connected banking or payout infrastructure.
• Messaging and email providers such as Meta WhatsApp Cloud API and SendGrid.
• Support, analytics, security, monitoring, and AI service providers used to operate and improve the product.
• Professional advisers, auditors, regulators, law enforcement, courts, or government authorities when required by law or to protect rights, safety, and security.
• A successor entity if YallaSalon is involved in a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality protections.

YallaSalon and its service providers may process and store information in the UAE and other countries. Where information is transferred across borders, we use appropriate technical, contractual, and organizational safeguards designed to protect the information according to this policy and applicable law.

We keep information for as long as needed to provide the service, support salons and clients, maintain accurate business records, comply with legal, tax, accounting, security, and dispute obligations, and enforce agreements. Retention periods vary by data type. For example, invoice and payment records may need to be kept longer than support messages or delivery logs.

• Account, venue, service, staff, and subscription records are generally kept while the account is active and for a reasonable period after closure for audit, dispute, and backup purposes.
• Invoices, payment, VAT/TRN, refund, and payout records may be retained longer where tax, accounting, payment, chargeback, or legal obligations require it.
• Messaging, support, webhook, security, and diagnostic logs are retained only as long as needed for product operation, troubleshooting, abuse prevention, and legal or dispute handling.
• AI diagnostic metadata should be redacted where practical and retained only for safe product operation and debugging.

Salons may request deletion or export of their account data, subject to legal, tax, fraud-prevention, payment, dispute, and operational retention requirements.

We use technical and organizational measures designed to protect information against unauthorized access, alteration, loss, misuse, or disclosure. These measures include authenticated access, staff permissions, venue-level data isolation, encrypted transport, server-side validation, webhook signature checks, rate limits, restricted service credentials, log redaction, and operational monitoring.

No system can be guaranteed completely secure. Salons are responsible for protecting their staff accounts, using appropriate permissions, and promptly removing access for staff who should no longer use the app.

Authorized YallaSalon support/admin personnel may access account data only when needed to provide support, investigate abuse or security issues, process billing or legal requests, or maintain the service. Access should be limited, logged where systems allow, and never used for unrelated purposes.

We use cookies and similar technologies to keep users signed in, remember preferences, secure sessions, understand website usage, and improve product performance. Some cookies are necessary for the app to function. Others may support analytics, security, or marketing measurement where enabled.

You can control cookies through your browser settings. Blocking some cookies may affect sign-in, booking, or dashboard functionality.

YallaSalon uses Vercel Analytics and Speed Insights to understand page performance and usage patterns. We configure analytics to avoid sending tokenized customer links, private account pages, admin paths, API paths, and sensitive query parameters where supported.

Depending on where you live and the laws that apply, you may have rights to access, correct, export, delete, restrict, object to, or stop certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent.

Salon clients should usually contact the salon they booked with first, because the salon controls most client booking records. We will assist salons with reasonable privacy requests where required and technically possible.

Salons can request a data processing agreement, subprocessor details, export assistance, or deletion workflow by emailing support@yallasalon.me.

YallaSalon is business software and is not intended for children. If a salon records information about a minor for a legitimate booking, the salon is responsible for ensuring it has an appropriate lawful basis and any required parental or guardian consent.

We may update this Privacy Policy as our product, providers, or legal requirements change. The update date shows when this page was last revised. If changes are material, we may provide additional notice in the app, by email, or through another appropriate channel.

For privacy questions, account requests, or data protection concerns, contact us at support@yallasalon.me. Please include enough information for us to understand the request, the relevant salon or venue, and the contact details involved.

• General support: support@yallasalon.me
• Privacy and DPA/subprocessor requests: support@yallasalon.me
• Security reports: support@yallasalon.me

يلا صالون منتج تابع لشركة MATCHABLE FOR INNOVATION & ARTIFICIAL INTELLIGENCE RESEARCH & CONSULTANCIES LLC. يستخدم الصالون بيانات العميل لإدارة الحجز والتذكيرات والفواتير والمدفوعات. قد تُستخدم خدمات مثل Stripe وMeta WhatsApp وSendGrid وVercel وSupabase ومزوّد ذكاء اصطناعي عند تفعيل الميزات. لا نخزن أرقام البطاقات الكاملة، ويمكن طلب الخصوصية أو معالجة البيانات عبر support@yallasalon.me.