1. Scope & controller
This Privacy Policy applies to the TodaLinda mobile application (the “App”) and to the personal data processed by us when you create an account, sign in with a third-party provider, make an in-app purchase or otherwise use the App. The data controller is TodaLinda.
2. Data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Full name, email, profile picture, password (hashed) | You / sign-in provider |
| Profile & salon data | Salon name, address, services, schedules, photos | You |
| Booking data | Appointments, professionals, time slots, notes | You / your customers |
| Device & technical data | Device model, operating system, app version, push token, crash logs | Your device |
| Location data | Approximate location, when you authorize it, to show nearby salons | Your device (with permission) |
| Purchase data | Subscription status, transaction identifiers (no payment card data) | App Store / Google Play |
3. How we use your data
- Provide the App and its features (booking, salon management, scheduling).
- Authenticate you and keep your account secure.
- Process and validate your in-app purchases and subscriptions.
- Send transactional notifications (e.g. appointment reminders).
- Improve the App, fix bugs and analyze usage in aggregate form.
- Comply with legal obligations.
4. Legal bases
We process personal data based on (i) the performance of a contract with you, (ii) your consent (e.g. for location and marketing communications), (iii) our legitimate interest in operating and improving the App and (iv) compliance with legal obligations, in accordance with the General Data Protection Law (LGPD — Law 13.709/2018) and other applicable laws.
5. Third-party services
We use trusted third-party services to operate the App. Each of them processes data only to provide the corresponding feature:
- Firebase (authentication, push notifications, storage).
- Google Maps Platform (maps and geolocation features).
- Sentry (crash and performance monitoring).
- Apple App Store / Google Play Billing (in-app purchases and subscriptions).
- Meta / Facebook Login, Google Sign-In, Apple Sign-In (third-party authentication).
6. Facebook Login & Meta data
When you choose to sign in with Facebook, Meta shares with TodaLinda your public profile (name, profile picture) and the email you registered with Meta, only after you authorize this in the consent dialog presented by the Facebook SDK. We do not post anything to your Facebook account on your behalf.
You can revoke this permission at any time from your Facebook account at Settings & Privacy → Settings → Apps and Websites. To request deletion of the data we received from Meta, please use our data deletion page.
7. In-app purchases data
When you subscribe through the App Store or Google Play, the store provides us with a transaction identifier and the validation of your subscription. We do not receive your full payment card or banking details. Refunds, cancellations and billing inquiries must be handled directly with the store account used to subscribe.
8. Data sharing
We do not sell your personal data. We only share data with the third-party services listed above, with public authorities when required by law, or in the context of a corporate transaction (always with confidentiality safeguards).
9. International transfers
Some of our service providers process data in countries other than your country of residence. In these cases we ensure that adequate safeguards are in place, such as standard contractual clauses, in accordance with applicable data protection laws.
10. Retention
We retain your personal data only for as long as necessary to provide the App, comply with legal obligations and resolve disputes. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is required by law.
11. Security
We adopt technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest where applicable, access control and continuous monitoring. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.
12. Your rights
- Access, correct and update your data.
- Request the deletion of your personal data, subject to legal exceptions.
- Request the portability of your data.
- Withdraw a previously granted consent.
- Object to certain forms of processing.
- File a complaint with the competent supervisory authority.
You can exercise these rights at edersonfrasson@gmail.com or via our data deletion page.
13. Children
The App is not intended for use by children under 13. If you believe a child has provided us with personal data, please contact us so that we can delete that information.
14. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you inside the App or by another reasonable means.
15. Contact & DPO
For data-protection questions or to exercise your rights, please contact edersonfrasson@gmail.com.