Mobile App Privacy Policy

Last Updated: August 4, 2025

This Privacy Policy explains how Nail Order ("we," "us," or "our") collects, uses, and shares your information when you use the Nail Order mobile app (the "App") on iOS or Android devices.

By using the App, you agree to this Policy. For questions, contact us at:
Email: customerservice@nailorder.co.uk
Data Protection: it@nailorder.co.uk

1. Data We Collect

We collect data essential for the App's functionality and install attribution (via Facebook Ads):

A. Account Data

When you log in via Shopify, we sync your:
- Email address
- Shopify customer ID
  to create/manage your App account and track discounts.

B. Health & Consultation Data ⚠️ NEW

For nail technicians and their clients only:

Client Names: To identify and maintain treatment records
Health Information: Allergies, skin conditions, medical conditions (for safe service delivery)
Treatment History: Service records, notes, and consultation data
Optional Data (with separate consent):
- Date of birth (age verification for restricted treatments only)
- Email address (appointment reminders and follow-ups only)

Legal Basis: Explicit consent for health data (GDPR Article 9(2)(a))

C. Device Data (Anonymous)

Push Notifications: If enabled, we store a device token to send order updates (and optional marketing messages).
Crash Reports: We use Sentry (anonymous data only) to monitor app stability (e.g., device type, OS version). No identifiable user data is collected.
Advertising Identifier (AAID/IDFA) [if enabled]: Used only for attributing app installs to Facebook Ads.

D. User-Provided Data

Order/payment details (processed via Shopify; see Shopify's Privacy Policy).
Support inquiries submitted through the App.

E. Facebook SDK Data

To measure ad performance and attribute installs, the Facebook SDK may collect:

Device information (OS version, model).
Advertising ID (if enabled).
App events (e.g., installs, opens).
This data is anonymized and governed by Facebook's Data Policy.

2. What We Do NOT Collect

No cookies or tracking beyond stated purposes.
No precise geo-location data.
No analytics tools (e.g., Google Analytics, Clevertap).
Health data is NEVER used for marketing.
No data selling to third parties.

3. How We Use Your Data

Shopping Features:

Your data is used solely for:

Account management (via Shopify/Firebase).
Order/discount tracking.
Push notifications (if enabled).
Crash reporting (anonymous, via Sentry).
Ad install attribution (via Facebook SDK).
Legal compliance.

Nail Technician Features:

Health Data: Safe service delivery and treatment planning
Client Records: Personalized care and treatment history
Age Verification: Compliance with age-restricted treatments
Appointment Reminders: Service follow-ups (with consent)

Data Minimization: We only collect data essential for functionality.

4. Data Sharing

We only share data with:

Shopify: For order processing (governed by their Privacy Policy).
Firebase: For authentication (Google's Privacy Policy).
Sentry: For crash reporting (Sentry's Policy).
Facebook: Only for ad attribution (if enabled). (Facebook's Privacy Policy)

Health data is NEVER shared with third parties or used for advertising.

No data is sold to third parties.

5. Data Retention & Security

Shopping Data:

Account data is retained until you request deletion or after 2 years of inactivity.
Payment data is handled by Shopify; we do not store credit card details.
Facebook SDK data: Retained per Facebook's policies (typically 90 days).

Health Data:

Active clients: Retained while receiving services
Inactive clients: 7 years from last contact (health records requirement)
Deleted accounts: 30 days for recovery, then permanent deletion
Consent withdrawn: Immediate deletion of specific data types

Security Measures:

End-to-end encryption for health data
Secure cloud storage with access controls
Regular security audits
GDPR-compliant data processing

We use industry-standard security measures but cannot guarantee absolute protection.

6. Your Rights

All Users:

You may:

Request access to or deletion of your data via customerservice@nailorder.co.uk.
Disable push notifications in your device settings.
Withdraw consent for marketing messages (if enabled).
Opt out of ad tracking (via device settings: Android / iOS).

Health Data Specific Rights (GDPR):

Access: Request a copy of your health records
Rectification: Correct inaccurate health information
Erasure: Request deletion of health data
Portability: Receive health records in portable format
Object: Object to certain processing
Withdraw Consent: Change your mind at any time

Deletion requests are processed within 30 days.

Response Time: 30 days maximum for all requests

7. Consent Management

Essential Data (Required):

✅ Account management
✅ Health information for safe services
✅ Basic service records

Optional Data (Your Choice):

📧 Email for appointment reminders
🎂 Date of birth for age verification
📱 Marketing communications
📊 Ad tracking and attribution

You can withdraw consent at any time through app settings or by contacting us.

8. International Data Transfers

Primary data processing: UK/EU
Cloud storage: GDPR-compliant providers
Third-party services: Adequate protection via Standard Contractual Clauses
Health data: Remains within UK/EU jurisdiction

9. Breach Notification

We will notify you within 72 hours of discovering any data breach that may pose a risk to your rights and freedoms.

10. Children's Privacy

Our nail technician features are intended for professional use only. Health data collection requires appropriate consent mechanisms and parental consent for users under 16.

11. Changes to This Policy

We may update this Policy and will notify users of significant changes via:

In-app notifications
Email (if provided)
Updated version number

Continued App use implies acceptance of updates.

Contact: customerservice@nailorder.co.uk

Nail Order Ltd
Email: customerservice@nailorder.co.uk
Data Protection: it@nailorder.co.uk