Privacy Policy

Last updated: January 2025

At Rushed-In, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. This policy complies with UK GDPR and Data Protection Act 2018.

1. Information We Collect

Account Information

When you register for Rushed-In, we collect:

  • Salon name and business details
  • Owner name and email address
  • Phone number
  • Billing information (processed securely by our payment provider)

Client Check-In Data

When your clients use the kiosk, we collect:

  • Client name
  • Phone number
  • Check-in timestamp
  • Appointment details (if matched)

Integration Data

When you connect third-party booking systems:

  • OAuth tokens (encrypted and stored securely)
  • API credentials (encrypted)
  • Appointment data from connected systems
  • Sync logs and timestamps

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the kiosk check-in service
  • Process client check-ins and match appointments
  • Sync data with your connected booking systems
  • Send service updates and technical notifications
  • Process billing and manage subscriptions
  • Improve our service and develop new features
  • Comply with legal obligations

3. Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases:

  • Contract Performance: To provide the service you subscribed to
  • Legitimate Interest: To improve our service and prevent fraud
  • Legal Obligation: To comply with UK tax and financial regulations
  • Consent: For marketing communications (you can opt out anytime)

4. Data Storage and Security

UK Data Hosting: All data is stored on servers located in the United Kingdom (via Supabase EU West).

Security Measures:

  • AES-256-GCM encryption for sensitive credentials
  • TLS/SSL encryption for data in transit
  • Secure authentication with JWT tokens
  • Regular security audits and updates
  • Access controls and audit logging

Retention: We retain client check-in data for 12 months for operational purposes. Account data is retained until you delete your account.

5. Data Sharing and Disclosure

We do not sell your data. We share data only in these circumstances:

  • Service Providers: Supabase (hosting), payment processors (billing)
  • Third-Party Integrations: Data synced with your connected booking systems (Square, Calendly, Acuity) as authorized by you
  • Legal Requirements: If required by UK law or to protect our rights
  • Business Transfers: In the event of a merger or acquisition (with notice to you)

6. Your Data Rights (UK GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and associated data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Opt out of marketing communications

To exercise these rights, contact us at support@rushed-in.com

7. Data Controller and Processor

For Your Salon Account: You are the data controller for client data collected through the kiosk. Rushed-In acts as a data processor on your behalf.

For Your Account Data: Rushed-In is the data controller for your salon account information.

8. Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember kiosk pairing
  • Protect against CSRF attacks

We do not use tracking cookies or third-party analytics without your consent.

9. Children's Privacy

Our service is not intended for individuals under 18. We do not knowingly collect data from children. The kiosk check-in is designed for adult clients or those accompanied by a parent/guardian.

10. International Data Transfers

All data is stored within the UK. We do not transfer personal data outside the UK or EEA.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email at least 30 days in advance. Continued use after changes constitutes acceptance.

12. Contact and Complaints

For privacy questions or to exercise your data rights, contact us at: support@rushed-in.com

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk

← Back to Home