Back to Home

Privacy Policy

Last updated: June 3, 2025

Thank you for choosing Sira Royal Braids ("SRB", "we", "our", or "us"). Protecting your personal information is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with:

  • The Sira Royal Braids website and online booking system
  • Our email or SMS communications
  • Services delivered in-store or on-site (collectively, the "Services")

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

CategoryExamplesHow We Collect
Identity & ContactName, email address, telephone number, preferred pronounsProvided by you during booking or enquiry forms
Appointment DetailsService type, stylist preference, date & time, notes or photos you uploadProvided by you
Payment & BillingPayment intent IDs, last 4 digits of card, billing address (handled by Stripe)Automatically from our payment processor; we never store full card numbers or CVV
Technical & UsageIP address, device type, browser, interaction logs, cookiesCollected automatically via cookies & similar tech
Marketing PreferencesOpt-in/opt-out status for promotional emails or SMSProvided by you

We do not intentionally collect sensitive information (e.g., health, race, religious beliefs). If you voluntarily provide such data in notes or images, you consent to our processing it solely to deliver the requested service.

2. How We Use Your Information

We process personal data only when we have a legal basis. The primary purposes include:

  1. Scheduling & Managing Appointments

    • Create, confirm, reschedule, and cancel bookings
    • Check stylist availability and prevent double-booking (legitimate interest / contract)

  2. Communications

    • Send confirmations, reminders, receipts, or important changes by email/SMS (contract)
    • Respond to enquiries and provide customer support (legitimate interest / contract)

  3. Calendar Integration

    • Insert confirmed appointments into our Google Calendar via Google Calendar API (legitimate interest)

  4. Payments & Accounting

    • Process deposits or service payments through Stripe (contract / legal obligation)

  5. Improving Services & Security

    • Monitor usage, debug, and enhance the website (legitimate interest)
    • Detect and prevent fraud or misuse (legitimate interest / legal obligation)

  6. Marketing (with your consent)

    • Send newsletters, promotions, or style tips. You can opt out at any time.

3. Where We Store & Secure Data

StorageProviderSafeguards
DatabaseSupabase (PostgreSQL)Data encrypted at rest; TLS in transit; role-based access
CalendarGoogle CalendarOAuth 2.0; tokens stored securely on server
EmailsSMTP service (e.g., Gmail / SendGrid)TLS transport; limited metadata retained
PaymentsStripePCI-DSS Level 1 compliant; SRB does not store full card info

We retain booking and transaction records for 7 years unless a longer period is required by tax or legal obligations. Backups are stored with encryption.

4. Sharing & Disclosure

We never sell your personal data. We share it only:

  1. Service Providers – e.g., Supabase, Google, Stripe, email/SMS gateways; bound by contracts to process data on our instructions.
  2. Legal or Safety Reasons – if required by law, court order, or to protect rights, property, or safety of SRB or others.
  3. Business Transfers – in connection with a merger, acquisition, or asset sale (you will be notified).

5. International Transfers

Our primary servers are located in the United States. Where data is transferred outside your jurisdiction (e.g., to the U.S.), we rely on:

  • Adequacy decisions (where applicable);
  • Standard Contractual Clauses; or
  • Your explicit consent.

6. Your Privacy Rights

Depending on your location, you may have rights including:

  • Access – request a copy of your data.
  • Rectification – correct incomplete or inaccurate data.
  • Deletion – request deletion when no longer necessary ("right to be forgotten").
  • Restriction – limit processing in certain situations.
  • Portability – obtain your data in a machine-readable format.
  • Objection / Opt-Out – object to marketing or processing based on legitimate interests.

To exercise any right, email us at sira@dearsisterbraids.com. We may verify your identity before responding.

California Residents (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioural advertising. You may submit requests via the email above or by calling (267) 226-4221.

7. Cookies & Similar Technologies

We use essential cookies for site functionality and analytics cookies to understand usage patterns. Where required, we ask for consent before setting non-essential cookies. You can control cookies via your browser settings.

8. Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from minors. If you believe we have collected data from a child, contact us to delete it.

9. Updates to This Policy

We may update this Privacy Policy to reflect changes in technology, legal requirements, or our practices. Revised versions will be posted on this page with a new "Last updated" date. Material changes will be communicated via email or a site notice.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please reach out:

Sira Royal Braids

16521 Governor Bridge Road, Bowie, MD 20716, USA

Email: sira@dearsisterbraids.com

Phone: (267) 226-4221

By continuing to use our Services, you agree to the collection and use of information as described in this Privacy Policy.

Back to Home