Privacy Policy

Information you give us through forms, demos, support, or onboarding: name, email, phone, company, role, and anything you write to us.

Account and billing data for paying customers: login credentials, authentication tokens, billing contacts, invoices, and subscription records.

Technical data automatically collected: IP address, browser, device, operating system, referring URLs, pages visited, timestamps, and crash diagnostics.

Cookies: strictly necessary cookies for authentication and security (including Cloudflare Turnstile for bot mitigation), plus analytics cookies where you have consented.

To deliver and improve our website and products, authenticate users, prevent fraud, bill customers, provide support, send service announcements, and send marketing communications you can opt out of at any time. We also process data where we are required to by UAE tax, accounting, and regulatory rules.

We share data only with infrastructure providers (hosting, databases, CDN, backups), payment processors, analytics and error-monitoring providers, professional advisers under confidentiality, and regulators or courts where a valid legal request requires it. We do not sell personal data and we do not use it for advertising.

We rely on the lawful bases recognised under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU GDPR: performance of a contract, consent (for marketing and non-essential cookies), our legitimate interests in securing and improving the service, and compliance with legal obligations.

Operational data inside our products — appointments, client profiles, treatment history, consent forms, loyalty balances, point-of-sale transactions, project costings, bills of quantities, supplier records, and team allocations — uploaded or generated by our business subscribers.

Notification data — the recipient’s name, phone number or email, the message content (for example, an appointment reminder or staff alert), and the delivery status returned by the vendor that transmits it.

The business subscriber is the controller for the data they put into our products and decides what is collected, how long it is kept, and when it is deleted. Salis processes that data only to provide the service. We do not read or mine the contents of customer records or notifications for our own commercial purposes.

Notifications are transmitted through third-party messaging vendors (SMS, email, and other channels). Those vendors act as independent processors under their own terms and privacy policies, and only receive the data necessary to deliver each message.

If you are an end user of one of our business subscribers — for example, a client of a salon using BeautySalis or a member of staff receiving internal alerts — please contact that business first. They control your data; we will assist them in handling your request.

We protect personal data with TLS 1.2+ in transit and encryption at rest, role-based access controls and multi-factor authentication for privileged staff, audit logging, regular vulnerability scanning, and a documented incident-response process.

Customer account and billing records are retained for the life of the subscription plus up to seven years for UAE accounting and tax compliance. Notification logs follow the subscriber’s configured retention, typically up to 24 months. When a customer terminates their contract, operational data is deleted or returned within 90 days, except where law requires otherwise.

Data is primarily stored in the United Arab Emirates and the European Union. Some subprocessors and notification vendors operate globally. Where data leaves the UAE, we rely on safeguards recognised under the UAE PDPL and, where relevant, Standard Contractual Clauses under the GDPR.

Subject to applicable law, you can ask us to access, correct, delete, restrict, or port the personal data we hold about you, and you can withdraw any consent you have given. To exercise any of these rights against Salis, reach us through our contact page. We respond within 30 days.

Our services are not directed to children under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be communicated to account administrators and posted on this page with a new “last updated” date.

Questions about this policy or any data request? Reach us through our contact page. Post: Salis Software, Abu Dhabi, United Arab Emirates.