Glamr("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why we collect it, and your rights under the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018.
1. Who we are
Glamr is the data controller for personal data processed through this platform. Contact us at privacy@glamr.ie for any data-related queries.
2. Data we collect
- Account data: name, email address, profile photo
- Business data (providers): business name, bio, location, services, pricing
- Booking data: client name, email, phone, address, appointment details
- Payment data: processed by Stripe — we do not store card numbers
- Usage data: pages visited, features used (via PostHog analytics)
- Device data: IP address, browser type, operating system
3. Legal basis for processing
- Contract performance: processing bookings and payments
- Legitimate interests: platform security, fraud prevention, product improvement
- Consent: analytics cookies and marketing communications
- Legal obligation: tax and financial record-keeping
4. How we use your data
- Providing and operating the booking platform
- Processing payments via Stripe
- Sending booking confirmations and reminders
- Providing customer support
- Improving our service through analytics
- Complying with legal obligations
5. Data sharing
We share data only with:
- Stripe — payment processing (Stripe Privacy Policy applies)
- Supabase — database and authentication infrastructure
- PostHog — product analytics (EU data residency)
- Sentry — error monitoring
- Resend — transactional email delivery
We do not sell your personal data to third parties.
6. Data retention
We retain account data for as long as your account is active. Booking records are retained for 7 years for tax compliance. You may request deletion of your account data at any time (subject to legal retention requirements).
7. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing in certain circumstances
- Data portability in a machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time where processing is consent-based
To exercise any of these rights, contact us at privacy@glamr.ie. We will respond within 30 days.
8. Cookies
We use cookies and similar technologies. See our Cookie Policy for full details.
9. International transfers
Some of our service providers are based outside the EEA. Where data is transferred, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
10. Complaints
You have the right to lodge a complaint with the Data Protection Commission (Ireland) at dataprotection.ie.
11. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on the platform.