Legal pages

Privacy Policy

This policy explains what data is processed when using groomly.org and the Groomly system.

Last updated: July 7, 2026

1. Who is responsible for data

For data collected through the public website, trial requests, licensing, payments, and support, BALTO GROOM OOD, a company registered in Bulgaria, is responsible. Contact: contact@groomly.org.

When a salon uses Groomly for its own clients, the salon is usually the controller of those client records, and Groomly processes the data on behalf of the salon in order to provide the service. More details are available on the GDPR and data processing page.

2. Data we may process

  • salon data: name, address, phone, email, working hours, settings, and public booking page;
  • team user data: name, email, role, activity, sessions, and audit logs;
  • client profiles: client name, phone, owner relationships, preferences, and communication;
  • pet records: name, breed, coat type, age, weight, photos, notes, behavior, allergies, cosmetics, therapies, and visits;
  • online requests: requested time, service, note, phone, IP address, browser, and reCAPTCHA result when enabled;
  • appointments and visits: date, time, groomer, service, price, payment, status, no-show, discounts, extras, and notes;
  • notifications: Viber/SMS content, phone number, sent/delivered/seen status, errors, and replies;
  • technical data: logs, settings, license status, security, rate-limit records, and support information.

3. Purposes

Data is used to provide Groomly: scheduling, client profiles, online requests, confirmations, reminders, reports, team access, support, security, abuse prevention, license checks, payments, and legal obligations.

4. Legal bases

Depending on the case, processing may be based on a contract or pre-contract steps, legal obligation, legitimate interests for security, support and service development, or consent where a specific feature requires it.

5. Google Calendar

Google Calendar is connected only if the salon chooses to do so. Groomly uses Google access for calendar features: syncing Groomly appointments to Google Calendar, showing external Google events in the schedule, and transferring Google events as Groomly appointments.

Groomly does not sell Google data, does not use it for advertising, and does not share it for unrelated purposes.

6. Google API Limited Use

Groomly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Viber and SMS notifications

When a salon uses notifications, message data may be processed by external providers for sending and status reporting, such as Viber/Infobip and SMS providers. Phone number, message type, status, errors, and technical data may be stored for accountability and support.

8. Access to data

Data is accessible to authorized users of the relevant salon according to their role, and to a limited number of technical personnel where needed for support, security, or legal obligations. External providers process data only where necessary for the service.

9. Subprocessors and external services

Groomly may use providers for hosting, databases, domains, email, Google Calendar, Viber/Infobip, SMS, reCAPTCHA, backup, security, and technical support. Only the data needed for the specific function is used.

10. Retention

Data is kept while needed to provide the service, support salon operations, maintain security and support, meet accounting or legal obligations, or protect rights. Some technical records and notification history may be automatically pruned after a defined period without deleting core business records such as clients, appointments, and visits.

11. Security

Groomly uses separate client databases, access controls, roles, user authentication, active sessions, audit logs, CSRF protection, rate limits, request limits, signed internal requests, and other technical safeguards. No online service can guarantee absolute security, but access is limited to necessary and authorized use.

12. Data subject rights

Depending on the case, you may have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent where processing is based on consent. If you are a client of a salon using Groomly, you should usually contact the salon directly because it manages the relationship with you. Groomly assists the salon technically where needed.

13. Automated decisions

Groomly does not make automated decisions with significant legal effects for salon clients. The system may help with appointment suggestions, reports, and message statuses, but the final decision is made by the salon and its users.

14. Complaint

You may lodge a complaint with the competent data protection authority if you believe your personal data is processed unlawfully.

15. Cookies

The public website may use technically necessary files for normal operation. If analytics, marketing, or other optional cookies are added, additional information and choice will be provided where required.

16. Contact

For privacy questions: contact@groomly.org


Terms · GDPR and data processing