Privacy Policy

At Local Head Spa, we take your privacy seriously. This Privacy Policy explains how we handle information when you visit our website. We have designed our service with privacy in mind, collecting only the minimum data necessary to provide you with a great experience.

To browse our directory, we do not require you to create an account or provide personal information. When you browse Local Head Spa, we do not collect names, email addresses, or any personally identifiable information unless you voluntarily submit it through our contact form. If you contact us, we collect only the information you provide, such as your name, email address, and message content, solely to respond to your inquiry.

Salon managers can create an account to claim and manage their listing. In this context, we process: your email address and name (via Clerk), the salon phone number for SMS verification (via Twilio), any photos you choose to publish on your listing, your notification preferences, and a technical audit log of changes made to the listing. This data is used solely to operate your salon dashboard and to verify your ownership. It is never shared with other owners or made public beyond the elements you explicitly choose to display on your listing (photos, offered services).

To understand how visitors use our website and improve our service, we use Vercel Analytics, a privacy-focused analytics solution. Unlike traditional analytics tools, Vercel Analytics operates without cookies and does not collect personal data or track individual users across websites. The aggregated, anonymous data we receive includes general information such as page views, visit duration, and geographic region at the country level. This approach ensures full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other international privacy regulations. No consent banner is required because no personal data is processed.

Our website does not use tracking cookies or advertising cookies. We may use strictly necessary cookies to ensure the proper functioning of the website, such as remembering your theme preference (light or dark mode). These functional cookies do not collect personal information and cannot be used to identify you.

Our website displays information about head spa salons sourced from publicly available data. To operate the service, we rely on processors that handle your data under our instructions and only for the purposes listed below. Vercel (hosting, Vercel Analytics, image storage, Edge Config) — core site infrastructure. Neon (PostgreSQL database) — storage of salon listings and owner account data. Clerk (authentication) — salon owner account creation and session management (email, name, session). Twilio (Ireland region) — sending SMS verification codes when an owner claims their listing. The phone number used comes from the public salon listing. Upstash (Redis) — rate limiting to prevent abuse (technical counters, no personal data). Resend — transactional email delivery (claim links, notifications, confirmations). Cloudflare Turnstile — bot protection on the contact form (challenge performed in your browser, enabling Cloudflare to distinguish humans from bots). OpenStreetMap — map tile delivery rendered via the Leaflet library. Each of these processors has its own privacy policy and is bound by the contractual guarantees required by GDPR. We do not sell, rent, or share your personal information with third parties for marketing purposes.

Since we do not collect personal data during browsing, there is no user data to retain. If you contact us through our contact form, we retain your message only as long as necessary to address your inquiry, typically no longer than 12 months. For owner accounts, email claim links automatically expire within 72 hours. SMS verification codes are valid for 10 minutes. Account data (email, managed salons, notification preferences, uploaded photos) is retained while the account is active; you can export or delete all your data at any time from the Settings page of your salon dashboard. Account deletion cascades to your associated data, except for audit logs retained for security and compliance purposes.

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, export, or delete data we hold about you, as well as the right to object to certain processing. For directory visitors, these rights primarily apply to information submitted through our contact form. To exercise them, please contact us through our contact page. For salon owners with an account, the Settings page of your salon dashboard lets you exercise these rights in self-service: export all your data as JSON, update your notification preferences at any time, or delete your account and all associated data with one click. You may also contact us if you prefer a manual request.

Local Head Spa is not directed at children under the age of 16. We do not knowingly collect information from children. If you believe we have inadvertently collected information from a child, please contact us so we can promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the date at the top of this page. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through our contact page. We are committed to addressing your inquiries promptly.