Data Protection

1. Our Commitment

At Platinum Nails & Spa, protecting your data is a core responsibility, not an afterthought. We operate a point-of-sale and business management platform that handles sensitive business and customer information on behalf of nail salon owners, technicians, and their clients. We take that trust seriously.

This Data Protection page describes the specific measures we take to keep your data safe, how we process it responsibly, and what your rights are as someone who trusts us with their information.

2. What We Protect

Platinum Nails & Spa processes several categories of data on behalf of our users. We apply appropriate protection to all of the following:

• Business Information: Your salon name, address, contact details, and business configuration settings.
• Employee and Technician Data: Staff names, contact information, schedules, and performance data entered into the system.
• Client Records: Appointment history, service preferences, contact information, and notes stored about your salon's clients.
• Financial Records: Transaction data, payment summaries, and revenue reporting data. Full payment card numbers are never stored on our servers. All card processing is handled by PCI-compliant payment processors.
• Account Credentials: Usernames, hashed passwords, and session tokens used to access the Platinum Nails & Spa platform.
• Usage Data: Logs of platform activity used for support, security monitoring, and product improvement.
• SMS Opt-In Data: Phone numbers and consent records collected when users voluntarily opt in to receive text messages from the Platinum Nails & Spa Transactional SMS Program via our website.

3. How We Protect Your Data

Encryption

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). Data stored in our databases is encrypted at rest. Passwords are hashed using industry-standard algorithms (bcrypt) and are never stored in plain text.

Access Controls

Access to customer data within Platinum Nails & Spa is governed by role-based access controls. We apply the principle of least privilege. Staff members only have access to the data required to perform their role. Internal access to production systems is restricted to authorized personnel and requires multi-factor authentication.

Infrastructure Security

Our platform is hosted on enterprise-grade cloud infrastructure with built-in redundancy, automated backups, and continuous security monitoring. We perform regular vulnerability assessments and apply security patches promptly.

Payment Security

Platinum Nails & Spa does not store full credit or debit card numbers. All payment processing is handled by PCI DSS-compliant third-party payment processors. We receive only tokenized payment references sufficient to manage billing, not raw card data.

4. SMS Opt-In Data & Messaging Consent

We collect phone numbers and SMS consent records when users voluntarily opt in to receive text messages from the Platinum Nails & Spa Transactional SMS Program via our website at simplinail.com/signup.

How we handle SMS opt-in data:

• SMS opt-in data and consent records are stored securely and used solely to send messages to users who have explicitly agreed to receive them.
• SMS opt-in data and consent will not be shared with any third parties, affiliates, or partners for any purpose, including marketing or promotional purposes.
• All the above data categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
• Users may opt out at any time by replying STOP to any message. Opt-out requests are processed immediately.
• We do not use SMS opt-in data for any purpose beyond delivering the messages users have consented to receive.

Program Name: Platinum Nails & Spa Transactional SMS Program | Frequency: Up to 6 messages per appointment workflow | For help: reply HELP or email support@simplinail.com | To opt out: reply STOP

5. Data Processing Principles

We process personal data in accordance with the following core principles:

• Lawfulness and Transparency: We collect and use data only for clearly disclosed purposes, with a legitimate basis for doing so.
• Purpose Limitation: Data collected for one purpose is not repurposed for unrelated activities without your consent.
• Data Minimization: We collect only the data necessary to provide our Services and fulfill our obligations. We do not collect data speculatively.
• Accuracy: We provide tools to update your data and correct inaccuracies. We encourage users to keep their information current.
• Storage Limitation: Data is retained only as long as necessary for its original purpose or as required by law. See Section 9 for our retention schedule.
• Integrity and Confidentiality: We use appropriate technical and organizational measures to protect data against unauthorized access, loss, or destruction.

6. Data Storage and Location

Platinum Nails & Spa stores data on cloud infrastructure operated by trusted providers in the United States. All data centers used by our platform maintain SOC 2 Type II certification and comply with applicable data protection regulations.

If you are located outside the United States, please be aware that your data may be transferred to and processed in the United States. By using our Services, you consent to this transfer. We ensure that such transfers are protected by appropriate safeguards.

7. Third-Party Processors

We work with a limited number of trusted third-party service providers (sub-processors) to operate our platform. These may include cloud hosting providers, payment processors, email delivery services, and customer support tools.

All sub-processors are:

• Vetted for their security practices before engagement
• Bound by data processing agreements that limit their use of your data to the services they provide to us
• Prohibited from using your data for their own marketing or commercial purposes
• Required to maintain appropriate security standards

We do not sell, rent, or share your data with any third party for advertising or marketing purposes.

8. Data Breach Response

Despite our best efforts, no system is immune to security incidents. In the event of a data breach that affects your personal information, Platinum Nails & Spa will:

• Detect and contain the incident as quickly as possible
• Assess the scope and nature of the data involved
• Notify affected users within 72 hours of discovering a breach that poses a significant risk to your rights or interests, where required by applicable law
• Report to relevant regulatory authorities as required
• Provide clear guidance on any steps you should take to protect yourself
• Conduct a post-incident review and implement corrective measures

If you believe your account has been compromised, please contact us immediately at the information in Section 12.

9. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide Services. When you close your account:

• Account data is deleted or anonymized within 90 days of account closure, except where required to be retained by law.
• Transaction and financial records may be retained for up to 7 years to comply with tax and accounting regulations.
• Backup copies are purged within 90 days of the primary data deletion.
• SMS consent records are retained for the duration of the user's opt-in status and deleted upon confirmed opt-out, subject to any legal retention requirements.
• Anonymized or aggregated data (data that cannot identify you) may be retained indefinitely for analytics and platform improvement purposes.

You may request deletion of your personal data at any time by contacting us. We will process deletion requests within 30 days, subject to any legal obligations that require us to retain certain records.

10. Your Data Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you and receive a copy in a portable format.
• Correct inaccurate or incomplete data we hold about you.
• Delete your personal data (the right to be forgotten), subject to legal retention requirements.
• Restrict processing of your data in certain circumstances.
• Object to processing based on legitimate interests.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority if you believe we have handled your data improperly.

To exercise any of these rights, contact us at the information in Section 12. We will respond within 30 days of receiving your request and may need to verify your identity before processing it.

11. Business and POS Data

For salon owners and businesses using Platinum Nails & Spa as their point-of-sale and management platform, we want to be clear about data ownership and responsibility:

• You own your business data. Client records, appointment history, service data, and employee information you enter into Platinum Nails & Spa belong to your business. We process it on your behalf as a data processor.
• You are the data controller for the personal information of your clients and staff that you input into our system. You are responsible for collecting that data lawfully and informing your clients and staff about how it is used.
• Data export is available. You can export your business data at any time from the Platinum Nails & Spa platform. We will not hold your data hostage if you decide to leave.
• We do not use your client data to contact your clients directly, market to them, or share them with competitors.

12. Contact Us

If you have questions about this Data Protection page, wish to exercise your data rights, or want to report a potential security issue, please contact us:

Platinum Nails & Spa - A product of LSTMJ Investment
Email: support@ivynailology.com
Address: 1015 Turquoise St #3, San Diego, CA 92109

For security vulnerabilities, please disclose responsibly by emailing us directly rather than posting publicly. We are committed to working with security researchers in good faith.