← Back

Privacy Policy

Last updated: March 2026

1. Introduction

PLWebsites ("we", "us", "our") operates Clienteka, a cloud-based service business management platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

2. Data Controller

PLWebsites, Germany Β· Contact: info@plwebsites.de β€” The data controller responsible for processing your personal data as described in this Privacy Policy.

3. Data We Collect

We collect the following categories of personal data:

Account Information

  • Full name and email address (required for registration)
  • Password (stored in encrypted/hashed form)
  • Language preference and account settings

Business Data

  • Salon/business information (name, address, phone, email)
  • Client records (names, contact details, visit history, notes)
  • Appointment and scheduling data
  • Invoice and payment records

Technical Data

  • Browser type, device information, and IP address
  • Cookies for authentication and language preferences
  • Usage patterns and error logs for service improvement

4. How We Use Your Data

  • Providing and maintaining the Clienteka service
  • Managing your account and authentication
  • Processing payments through Stripe (our payment processor)
  • Sending essential service communications (password resets, account notifications)
  • Improving the service based on usage patterns
  • Complying with legal obligations

5. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance β€” Processing necessary to provide the service you signed up for (Art. 6(1)(b))
  • Legitimate interests β€” Service improvement, security, and fraud prevention (Art. 6(1)(f))
  • Legal obligation β€” Tax and accounting requirements, law enforcement requests (Art. 6(1)(c))
  • Consent β€” For optional features like marketing communications, which you can withdraw at any time (Art. 6(1)(a))

6. Third-Party Services

We share data with the following third-party services, which have their own privacy policies:

  • Stripe β€” Payment processing. Stripe handles all credit card data directly and is PCI DSS compliant. We never store your card details.
  • MongoDB Atlas β€” Database hosting. Your business data is stored securely in MongoDB Atlas cloud infrastructure.
  • Amazon Web Services (AWS S3) β€” File storage for uploaded images and documents.
  • Vercel β€” Application hosting and content delivery.

7. Cookies

We use a minimal number of cookies, all essential for the service to function:

  • Authentication cookies β€” To keep you logged in securely
  • Locale cookie β€” To remember your language preference (EN/PL)

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within a reasonable timeframe, except where we are required by law to retain certain records (e.g., invoices for tax purposes under German tax law). Business data entered by you (client records, appointments, invoices) is stored for the duration of your account and deleted upon account closure, subject to legal retention requirements.

9. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

  • Right of access β€” Request a copy of all personal data we hold about you
  • Right to rectification β€” Request correction of inaccurate data
  • Right to erasure β€” Request deletion of your data ("right to be forgotten")
  • Right to restrict processing β€” Request that we limit how we use your data
  • Right to data portability β€” Receive your data in a machine-readable format
  • Right to object β€” Object to processing based on legitimate interests

To exercise any of these rights, contact us at info@plwebsites.de. You also have the right to lodge a complaint with your local data protection authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encrypted data transmission (HTTPS/TLS), password hashing using bcrypt, JWT-based authentication with HTTP-only cookies, role-based access control, regular security updates, and cloud infrastructure with enterprise-grade security.

11. Children's Privacy

Clienteka is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted on this page with a revised date. Continued use of Clienteka after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, data requests, or complaints: PLWebsites Β· Email: info@plwebsites.de Β· Country: Germany