We believe privacy is a fundamental right. This policy explains, in plain language, exactly what data we collect, why we collect it, and how you can control it.
Our Privacy Commitments at a Glance
We never sell your data
Your personal information is never sold, rented, or traded to advertisers, data brokers, or third parties.
End-to-end encryption
All data is transmitted over HTTPS/TLS. Sensitive fields are encrypted at rest on our servers.
You control your data
Request a copy, correction, or permanent deletion of your data at any time — we act within 30 days.
This Privacy Policy describes how SlotCutt ("SlotCutt", "we", "our", or "us") collects, uses, stores, discloses, and protects personal information when you use the SlotCutt platform — including our website (slotcutt.com), web application, APIs, and any related services (collectively, the "Services").
This Policy applies to all users of the Services, including Customers (individuals booking appointments) and Salon Owners (businesses managing their salons through our dashboard).
By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use and contact us to delete your data.
We are committed to complying with applicable Indian data protection laws, including the Information Technology (Amendment) Act, 2008 and the Digital Personal Data Protection Act, 2023 (DPDPA), as well as internationally recognised privacy standards.
We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.
**Information You Provide Directly**
• Account Registration: Your name and email address. Customers authenticate via OTP (no password stored). Salon Owners also set a business password.
• Salon Profile (Salon Owners): Business name, description, address, contact phone number, service offerings, staff names, working hours, and any photos or logos you upload.
• Booking Details (Customers): Service selection, chosen staff member, preferred date and time, and any notes you include with your booking.
• Communications: Any messages, feedback, or support requests you send us via our contact form or email.
• Payment Information (Salon Owners, subscription only): Billing address and payment method details. Note: card numbers and CVVs are processed directly by our payment gateway partner and are never stored on SlotCutt servers.
**Information Collected Automatically**
• Usage Data: Pages you visit, features you interact with, buttons you click, search queries, and time spent on pages.
• Device & Browser Data: Browser type and version, operating system, device type (mobile/desktop/tablet), screen resolution, and preferred language.
• Log Data: IP address, access timestamps, HTTP request details, error logs, and referring URL.
• Session Storage: We use browser localStorage to persist your login session and preferences. See Section 5 for details.
**Information from Third Parties**
• Payment Processors: We receive transaction status (success/failure) and masked card details (last 4 digits, card type) from our payment gateway for billing records.
• Email Service Providers: Delivery status (sent, delivered, opened, bounced) for transactional emails we send you.
We process your personal data only for the purposes described below, and only where we have a valid legal basis to do so.
**To Provide the Services (Contract)**
• Create and manage your account and authenticate your sessions.
• Enable Customers to search, view, and book appointments.
• Enable Salon Owners to manage their business profile, staff, services, and bookings.
• Send booking confirmations, OTP codes, appointment reminders, and cancellation notices.
• Process subscription payments and generate invoices.
**To Improve the Services (Legitimate Interest)**
• Analyse usage patterns and performance metrics to identify bugs and improve features.
• Conduct internal research and analytics to understand how the Platform is used.
• Monitor for abuse, fraud, and security incidents.
**To Communicate with You (Legitimate Interest / Consent)**
• Respond to support requests, questions, and feedback.
• Send important service announcements and policy updates (cannot be opted out of).
• Send optional marketing emails about new features, promotions, and tips (Salon Owners only; you may unsubscribe at any time).
**To Comply with Legal Obligations**
• Retain financial records as required by the Income Tax Act and GST rules.
• Respond to lawful requests from government authorities or courts.
**Storage Location.** All personal data is stored on servers located in India, operated by reputable cloud providers compliant with Indian data localisation requirements under the DPDPA.
**Security Measures.** We implement the following technical and organisational safeguards:
• Transport Encryption: All communication between your browser and our servers is encrypted using TLS 1.2 or higher.
• At-Rest Encryption: Databases containing personal data are encrypted at rest using AES-256.
• Access Controls: Access to personal data is restricted to authorised employees on a need-to-know basis, enforced via role-based access controls.
• Penetration Testing: We conduct periodic security assessments and vulnerability scans.
• Incident Response: We have a documented data breach response plan. If a breach affects your personal data, we will notify you and relevant authorities within 72 hours of becoming aware, as required by applicable law.
**Retention Periods.** We retain personal data for as long as your account is active or as needed to provide services. Specific retention periods: Booking records — 3 years from booking date; Financial/billing records — 7 years as required by tax law; Support communications — 2 years; Log data — 12 months; Deleted account data — permanently purged within 90 days of account closure.
**Limitation.** While we use commercially reasonable measures to protect your data, no security system is 100% impenetrable. We cannot guarantee absolute security of your information transmitted over the internet.
Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights regarding your personal data:
**Right to Access.** You may request a copy of the personal data we hold about you, including information about how it is processed, where it is stored, and who it has been shared with.
**Right to Correction.** You may request that we correct any inaccurate or incomplete personal data. Much of your data can be updated directly in your account settings.
**Right to Erasure ("Right to be Forgotten").** You may request permanent deletion of your personal data. We will comply within 30 days, subject to legal retention obligations (e.g., we must retain billing records for 7 years).
**Right to Data Portability.** You may request your data in a structured, commonly used, machine-readable format (JSON or CSV) so you can transfer it to another service.
**Right to Restrict Processing.** You may ask us to stop processing your data for certain purposes (other than storing it) while a dispute is resolved.
**Right to Object.** You may object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
**Right to Withdraw Consent.** Where we rely on your consent as a legal basis for processing, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
**How to Exercise Your Rights.** Submit a request to privacy@slotcutt.com with subject line "Privacy Rights Request" and include your registered email address. We will verify your identity and respond within 30 days. Requests are free of charge unless manifestly unfounded or excessive.
The Services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If a parent or guardian becomes aware that their child has submitted personal information without consent, please contact us immediately at privacy@slotcutt.com.
If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete that information from our systems.
Your data is stored in India. However, some of our service providers (such as email delivery or analytics tools) may process data in other countries. Where data is transferred internationally, we ensure adequate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, as required by applicable law.
By using the Services from outside India, you consent to the transfer and processing of your data in India and other countries where our service providers operate.
**Customers.** We send transactional emails (booking confirmations, OTPs, cancellation notices) which are necessary for the Services and cannot be opted out of while your account is active.
**Salon Owners.** In addition to transactional emails, we may send you product updates, tips, and promotional offers. You can unsubscribe from marketing emails at any time by clicking "Unsubscribe" in any marketing email or by emailing hello@slotcutt.com.
**SMS / WhatsApp.** We do not currently send SMS or WhatsApp messages unless you have explicitly opted in during account registration.
The Platform may contain links to third-party websites, social media profiles, or embedded tools (e.g., maps). These third-party services have their own privacy policies, which we do not control and are not responsible for. We encourage you to review the privacy policies of any third-party service you interact with through our Platform.
Our inclusion of links or integrations does not constitute endorsement of those services or their privacy practices.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
(a) Update the "Last Updated" date at the top of this page.
(b) Send an email notification to all registered users at least 14 days before the changes take effect.
(c) Display a prominent notice on the Platform.
Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes. If you object to any changes, you may request account deletion before the effective date.
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
📧 Privacy Team: privacy@slotcutt.com
📧 General Support: hello@slotcutt.com
📍 Office: SlotCutt, Ahmedabad, Gujarat, India
We aim to respond to all privacy-related enquiries within 10 business days. For Data Subject Rights requests, we respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India once it is established under the DPDPA, 2023.
To access, correct, delete, or export your data, email privacy@slotcutt.com with subject "Privacy Rights Request". We'll respond within 30 days.