This Privacy Policy explains how SWALOOK GLOBAL PRIVATE LIMITED(“Swalook,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal data when you use our website, mobile application, and salon management platform (collectively, the “Service”). It complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000along with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use immediately.
1. Definitions
- Data Fiduciary: SWALOOK GLOBAL PRIVATE LIMITED, which determines the purpose and means of processing personal data.
- Data Principal: You, the individual whose personal data is being processed.
- Personal Data: Any data about an individual who is identifiable by or in relation to such data.
- Service: The Swalook SaaS platform, website (swalook.in), and mobile application.
- Data Processor: Third-party service providers who process data on our behalf (e.g., cloud hosting, analytics).
2. Information We Collect
A. Information You Provide
- Account Information: Salon/business name, your full name, email address, phone number, business address, GST number (if applicable).
- Customer Data: When you use Swalook to manage your salon, you may store information about your clients including names, phone numbers, email addresses, appointment history, service preferences, and visit notes. You are the Data Fiduciary for this data.
- Staff Information: Names, contact details, role/designation, attendance records, and performance data of your employees.
- Billing Information: Payment details, invoice history, and transaction records. We do not store full credit/debit card numbers — these are processed by PCI-compliant payment gateways.
- Communications: Information you provide when contacting us for support, booking a demo, or filling in forms.
B. Information Collected Automatically
- Usage Data: IP address, browser type and version, device type, operating system, pages visited, time and date of access, time spent on pages, and referral URLs.
- Cookies & Tracking: We use essential cookies for authentication and security, and analytics cookies (with your consent) to improve the Service. See Section 5 for details.
- Log Data: Server logs that record technical information about your use of the Service.
3. How We Use Your Information
We use your personal data only for lawful purposes connected to providing the Service:
- To create and manage your account.
- To provide, maintain, and improve the Swalook platform.
- To process transactions and send invoices/receipts.
- To communicate with you about your account, updates, support requests, and service announcements.
- To send marketing communications (only with your consent; you may opt out at any time).
- To detect, prevent, and address technical issues, fraud, or abuse.
- To comply with legal obligations under Indian law.
4. Legal Basis for Processing (DPDP Act 2023)
Under the DPDP Act 2023, we process your personal data based on:
- Consent: You have provided clear consent for us to process your personal data for specific purposes.
- Contractual Necessity: Processing is necessary to perform our obligations under the Terms of Service.
- Legal Obligation: Processing is necessary to comply with applicable laws and regulations.
5. Cookies and Tracking Technologies
We use the following categories of cookies:
- Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
- Functional Cookies: Remember your preferences and settings.
- Analytics Cookies: Help us understand how you use the Service so we can improve it (e.g., page views, feature usage).
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your data only in the following circumstances:
- Service Providers: With trusted third-party vendors who assist in operating the Service (cloud hosting by AWS/Azure, payment processing, email delivery, analytics). These providers are contractually bound to protect your data.
- Legal Compliance: When required by law, court order, or government agency under Indian law.
- Business Transfer: In the event of a merger, acquisition, or asset sale, your data may be transferred — we will notify you and ensure continued protection.
- Consent: With your explicit consent for any other purpose.
7. Data Retention
We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Indian law:
- Account data: Retained until your account is deleted or deactivated.
- Customer data (your salon clients): Retained per your instructions or until you delete it.
- Transaction records: Retained for 8 years as required by Indian tax laws.
- Usage logs: Retained for up to 6 months.
Upon termination of your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.
8. Data Subject Rights (Your Rights Under DPDP Act 2023)
As a Data Principal under the DPDP Act 2023, you have the following rights:
- Right to Access: Request a summary of your personal data we hold.
- Right to Correction: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal exceptions.
- Right to Grievance Redressal: Lodge a complaint about our data handling practices.
- Right to Withdraw Consent: Withdraw consent at any time — this will not affect the lawfulness of processing before withdrawal.
- Right to Data Portability: Request a copy of your data in a structured, commonly used format.
To exercise any of these rights, email us at privacy@swalook.in. We will respond within 30 days as required by law.
9. Data Security
We implement reasonable security practices and procedures as required under the IT Act, 2000 and DPDP Act 2023, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Access controls and authentication for all systems.
- Regular security audits and vulnerability assessments.
- Employee training on data protection and confidentiality.
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you within 72 hours of becoming aware of any data breach that affects your personal data, as required by law.
10. Data Breach Notification
In the event of a data breach that is likely to cause harm to Data Principals, we will:
- Notify the Data Protection Board of India as required under DPDP Act 2023.
- Notify affected users within 72 hours of discovery.
- Provide details of the breach, potential impact, and remediation steps.
11. Data Processors and Cross-Border Data Transfers
We use cloud infrastructure providers located in India and other jurisdictions. Under the DPDP Act 2023, cross-border transfers of personal data are permitted only to countries notified by the Central Government. We ensure that any cross-border data transfers comply with applicable legal requirements.
12. Children's Privacy
Our Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly. Under the DPDP Act 2023, processing of children's data requires verifiable parental consent.
13. Grievance Officer
As required under the DPDP Act 2023 and IT Rules, 2011, we have appointed a Grievance Officer:
- Name: [Name of Grievance Officer]
- Email: grievance@swalook.in
- Address: SWALOOK GLOBAL PRIVATE LIMITED, Aishwaryam, Gaur City-2, Greater Noida West, Sector 16C, Noida, Gautam Buddha Nagar, Uttar Pradesh — 201301
Any grievance or complaint regarding the handling of personal data may be raised with the Grievance Officer, who will acknowledge receipt within 24 hours and resolve the grievance within 30 days.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes via email or a notice on the Service. The “Last updated” date at the top indicates when the policy was last revised.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
- Email: privacy@swalook.in
- Grievance: grievance@swalook.in
- Website: https://swalook.in
- Address: SWALOOK GLOBAL PRIVATE LIMITED, Aishwaryam, Gaur City-2, Greater Noida West, Sector 16C, Noida, Gautam Buddha Nagar, Uttar Pradesh — 201301