Privacy Policy
Last updated: May 2026
1. Controller
Belle ("we", "us") operates the hellobelle.app platform. For questions about this policy or your data, contact us at [email protected].
2. Data We Collect
Studio staff (account holders)
- Name, email address, password (hashed with Argon2id)
- Locale preference
- Membership and role within each studio
Clients (booked through a studio)
- Name (required)
- Phone number (required, stored in E.164 format)
- Email address (optional)
- Birthday (optional, used only for birthday greetings)
We practice data minimization: we only collect what is necessary for appointment booking and communication.
3. Purposes and Legal Basis
| Purpose | Data | Legal Basis |
|---|---|---|
| Appointment booking | Name, phone, email | Consent (Art. 6(1)(a)) for public bookings; Legitimate interest (Art. 6(1)(f)) for staff-created entries |
| Appointment reminders | Phone, email | Contract performance (Art. 6(1)(b)) |
| Account authentication | Email, password hash | Contract performance (Art. 6(1)(b)) |
| Billing and subscription | Email, studio name | Contract performance (Art. 6(1)(b)) |
| Service improvement | Anonymized usage data | Legitimate interest (Art. 6(1)(f)) |
4. Recipients and Sub-processors
We share personal data only with the following service providers, under Data Processing Agreements:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Railway | Hosting, database, Redis | EU | EU hosting |
| Cloudflare | CDN, DNS, object storage | Global | Standard Contractual Clauses |
| Resend | Transactional email | US | Standard Contractual Clauses |
| Twilio | SMS and WhatsApp | US | Standard Contractual Clauses |
5. International Transfers
Your data is primarily hosted in the EU (Railway). When data is processed by US-based sub-processors (Resend, Twilio), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
6. Retention Periods
| Data | Retention |
|---|---|
| Client data | Until studio owner deletes it, or studio is deleted |
| Appointment records | Until studio deletion (may be anonymized on client erasure request) |
| Notification logs | 12 months |
| Audit logs | 24 months |
| Soft-deleted appointments | 90 days before permanent removal |
| Studio data after deletion request | 30-day grace period, then permanently deleted |
7. Your Rights
Under the GDPR, you have the following rights:
- Access (Art. 15): Request a copy of all data we hold about you.
- Rectification (Art. 16): Correct inaccurate data.
- Erasure (Art. 17): Request deletion of your data. Where appointment records must be retained for legal reasons, we anonymize instead.
- Restriction (Art. 18): Restrict processing in certain circumstances.
- Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON).
- Objection (Art. 21): Object to processing based on legitimate interest.
- Withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.
To exercise any right, contact [email protected]. We respond within 30 days (Art. 12).
Studio owners can export client data and tenant data directly from the Belle dashboard.
8. Cookies
Belle uses only strictly necessary cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| belle_refresh | Authentication session (refresh token) | Strictly necessary | Session |
We do not use analytics, advertising, or tracking cookies. No cookie consent banner is required for strictly necessary cookies under the ePrivacy Directive (Art. 5(3)).
9. Security
We implement technical and organizational measures per Art. 32 GDPR:
- Password hashing with Argon2id (64 MB memory, 3 iterations)
- TLS 1.3 for all connections
- Row-level security isolating each studio's data at the database level
- JWT authentication with short-lived access tokens (15 min) and rotating refresh tokens
- Rate limiting and strict Content Security Policy headers
10. Automated Decision-Making
Belle does not use automated decision-making or profiling as defined in Art. 22 GDPR.
11. Complaint
You have the right to lodge a complaint with your local data protection authority. For the United Kingdom: ICO (Information Commissioner's Office) at ico.org.uk.
12. Changes
We may update this policy. Material changes will be notified via email to account holders.