Privacy Policy
This policy explains what data is processed when using groomly.org and the Groomly system.
1. Who is responsible for data
For data collected through the public website, trial requests, licensing, payments, and support, BALTO GROOM OOD, a company registered in Bulgaria, is responsible. Contact: contact@groomly.org.
When a salon uses Groomly for its own clients, the salon is usually the controller of those client records, and Groomly processes the data on behalf of the salon in order to provide the service. More details are available on the GDPR and data processing page.
2. Data we may process
- salon data: name, address, phone, email, working hours, settings, and public booking page;
- team user data: name, email, role, activity, sessions, and audit logs;
- client profiles: client name, phone, owner relationships, preferences, and communication;
- pet records: name, breed, coat type, age, weight, photos, notes, behavior, allergies, cosmetics, therapies, and visits;
- online requests: requested time, service, note, phone, IP address, browser, and reCAPTCHA result when enabled;
- appointments and visits: date, time, groomer, service, price, payment, status, no-show, discounts, extras, and notes;
- notifications: Viber/SMS content, phone number, sent/delivered/seen status, errors, and replies;
- technical data: logs, settings, license status, security, rate-limit records, and support information.
3. Purposes
Data is used to provide Groomly: scheduling, client profiles, online requests, confirmations, reminders, reports, team access, support, security, abuse prevention, license checks, payments, and legal obligations.
4. Legal bases
Depending on the case, processing may be based on a contract or pre-contract steps, legal obligation, legitimate interests for security, support and service development, or consent where a specific feature requires it.
5. Google Calendar
Google Calendar is connected only if the salon chooses to do so. Groomly uses Google access for calendar features: syncing Groomly appointments to Google Calendar, showing external Google events in the schedule, and transferring Google events as Groomly appointments.
Groomly does not sell Google data, does not use it for advertising, and does not share it for unrelated purposes.
6. Google API Limited Use
Groomly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. Viber and SMS notifications
When a salon uses notifications, message data may be processed by external providers for sending and status reporting, such as Viber/Infobip and SMS providers. Phone number, message type, status, errors, and technical data may be stored for accountability and support.
8. Access to data
Data is accessible to authorized users of the relevant salon according to their role, and to a limited number of technical personnel where needed for support, security, or legal obligations. External providers process data only where necessary for the service.
9. Subprocessors and external services
Groomly may use providers for hosting, databases, domains, email, Google Calendar, Viber/Infobip, SMS, reCAPTCHA, backup, security, and technical support. Only the data needed for the specific function is used.
10. Retention
Data is kept while needed to provide the service, support salon operations, maintain security and support, meet accounting or legal obligations, or protect rights. Some technical records and notification history may be automatically pruned after a defined period without deleting core business records such as clients, appointments, and visits.
11. Security
Groomly uses separate client databases, access controls, roles, user authentication, active sessions, audit logs, CSRF protection, rate limits, request limits, signed internal requests, and other technical safeguards. No online service can guarantee absolute security, but access is limited to necessary and authorized use.
12. Data subject rights
Depending on the case, you may have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent where processing is based on consent. If you are a client of a salon using Groomly, you should usually contact the salon directly because it manages the relationship with you. Groomly assists the salon technically where needed.
13. Automated decisions
Groomly does not make automated decisions with significant legal effects for salon clients. The system may help with appointment suggestions, reports, and message statuses, but the final decision is made by the salon and its users.
14. Complaint
You may lodge a complaint with the competent data protection authority if you believe your personal data is processed unlawfully.
15. Cookies
The public website may use technically necessary files for normal operation. If analytics, marketing, or other optional cookies are added, additional information and choice will be provided where required.
16. Contact
For privacy questions: contact@groomly.org