WellnessRooms

Privacy Policy

Effective date: 23 March 2026

WellnessRooms ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and website (the "Service").

1. Information We Collect

Information you provide

  • Account information: name, email address, phone number, and business details when you register.
  • Payment information: billing address and payment card details (processed securely by our payment providers; we do not store full card numbers).
  • Content: any data you enter into the Service, including client records, appointment details, and business information.
  • Communications: messages you send to us via email or support channels.

Information collected automatically

  • Usage data: pages visited, features used, clicks, and session duration.
  • Device information: browser type, operating system, device type, and screen resolution.
  • Log data: IP address, access times, and referring URLs.
  • Cookies and similar technologies: see Section 5 below.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related information (confirmations, invoices).
  • Send administrative messages, security alerts, and support communications.
  • Respond to your enquiries and provide customer support.
  • Analyse usage patterns to improve the Service and develop new features.
  • Comply with legal obligations.

We do not sell your personal information to third parties.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

  • Contract performance: processing necessary to provide the Service to you.
  • Legitimate interests: improving the Service, preventing fraud, and ensuring security.
  • Consent: where you have given explicit consent (e.g. marketing communications).
  • Legal obligation: compliance with applicable laws.

4. Sharing Your Information

We may share your information with:

  • Service providers: third-party companies that help us operate the Service (e.g. hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data.
  • Legal requirements: when required by law, regulation, or legal process.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not share your client data (the data you enter about your own customers) with any third party except as necessary to provide the Service.

5. Cookies

We use cookies and similar tracking technologies to:

  • Keep you signed in.
  • Remember your preferences.
  • Understand how you use the Service.
  • Measure the effectiveness of our marketing.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

6. Data Retention

  • We retain your account data for as long as your account is active or as needed to provide the Service.
  • After account deletion, we will delete or anonymise your personal data within 90 days, unless retention is required by law.
  • Backups may retain data for up to an additional 30 days before being purged.

7. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Regular security assessments and monitoring.
  • Access controls limiting who can access personal data.

While we strive to protect your information, no method of transmission over the internet is 100% secure.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: request that we limit how we use your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@wellnessrooms.io. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside of your own. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Effective date" at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: hello@wellnessrooms.io