Data Processing Summary

Last updated: May 24, 2026

This page summarises how Vanopa processes personal data on behalf of salon customers ("Controllers") under applicable data protection laws including GDPR and UK GDPR. Enterprise customers may request a signed Data Processing Agreement (DPA).

Roles

Salon businesses are data controllers for their client and staff data. Vanopa acts as a processor when handling that data to deliver the Service.

Subject matter & duration

Processing covers salon CRM, scheduling, payments, and communications for the subscription term plus retention periods described in our Privacy Policy.

Categories of data subjects

• Salon clients and prospects
• Salon staff and administrators
• Individuals who book online

Types of personal data

Contact details, appointment history, notes, payment records, communications metadata, and usage logs as configured by the controller.

Processor obligations

Vanopa will:

• Process data only on documented instructions from the controller
• Ensure personnel confidentiality
• Implement appropriate technical and organisational security measures
• Assist with data subject requests where feasible
• Notify controllers of personal data breaches without undue delay
• Delete or return data upon termination subject to legal retention

Sub-processors

We use vetted sub-processors for cloud hosting, messaging, and payments. A list is available on request. We remain responsible for their performance.

International transfers

Transfers outside the UK/EEA use appropriate safeguards such as Standard Contractual Clauses.

Contact

DPA requests: privacy@vanopa.com