Privacy Policy

1. Introduction

Vladyslav Trusiuk ("we," "us," or "our"), operating the Barberium platform, is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that data.

By using Barberium, you agree to the collection and use of information as described in this policy.

2. Data We Collect

Account data: Name, email address, business name, and password (stored as a secure hash — never in plain text).

Business data: Client lists, appointment records, staff information, service details, location details, and business settings that you enter into the platform.

Usage data: IP address, browser type, operating system, pages visited, features used, and timestamps — collected automatically to maintain and improve the Service.

Payment data: Subscription and billing information is processed entirely by Paddle.com. We do not store credit card numbers or full payment details on our servers.

3. How We Use Your Data

• To create and manage your account
• To deliver the core features of the Service
• To process subscription payments via Paddle.com
• To send appointment reminder emails via Resend
• To respond to support requests and communications
• To detect and prevent fraud or abuse
• To improve and develop new features of the Service

4. Third-Party Service Providers

We work with the following trusted third parties who process data on our behalf:

• Paddle.com — Payment processing and subscription management. See Paddle's Privacy Policy.
• Resend — Transactional email delivery. See Resend's Privacy Policy.
• Render.com — Cloud hosting and infrastructure. See Render's Privacy Policy.

We do not sell your personal data to any third parties.

5. Data Retention

We retain your account and business data for the duration of your active account. After account closure or cancellation, we retain data for up to 90 days before permanent deletion, unless a longer retention period is required by applicable law.

6. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your personal data.
• Right to restriction — Request that we limit processing of your data.
• Right to data portability — Receive your data in a structured format.
• Right to object — Object to processing based on legitimate interests.

To exercise any of these rights, contact us at vladislavtrusiuk25@gmail.com. We will respond within 30 days.

7. Cookies

We use only essential cookies required for authentication and session management. No advertising, tracking, or analytics cookies are used.

8. Data Security

• Encrypted data transfer via HTTPS (TLS)
• Secure password hashing (bcrypt)
• JWT-based authentication with token expiry
• Access controls restricting data to authorized users only

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or by a notice within the Service.

11. Contact