Privacy Policy

Svelto ("we," "us," or "our") operates the Svelto website (svelto.app), mobile application, and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Platform.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Platform immediately.

Svelto is the data controller for the personal data processed through the Platform. For privacy-related inquiries, contact us at contact@svelto.app.

3.1 Information You Provide

• Account registration: Name, email address, phone number (optional), and password.
• Business registration: Shop name, address, city, country, business category, description, contact details, staff information, service catalog, pricing, and working hours.
• Booking data: Selected services, preferred staff, date and time of appointment, home visit preference, and any notes you provide.
• Reviews: Star ratings, written comments, and business replies.
• Photos: Images uploaded by business owners to their shop profiles and galleries.
• Communications: Any messages, feedback, or support requests you send us.

3.2 Information Collected Automatically

• Device data: Device type, operating system, browser type, screen resolution, and unique device identifiers.
• Usage data: Pages visited, features used, search queries, booking history, and interaction patterns.
• Location data: Approximate location based on IP address. Precise location only if you explicitly grant permission in the mobile app, used solely for showing nearby shops.
• Log data: IP address, access times, and referring URLs.

3.3 Information From Third Parties

We may receive data from authentication providers if you choose to sign in using third-party services in the future. Currently, all authentication is handled directly by Svelto.

We use the collected data for the following purposes:

• To provide, operate, and maintain the Platform and its core features (account management, booking, discovery).
• To process and manage bookings between customers and businesses.
• To send booking confirmations, reminders, and status updates.
• To display relevant shops, services, and search results based on your location and preferences.
• To improve the Platform, including analytics on feature usage and performance optimization.
• To communicate with you regarding your account, support requests, or Platform updates.
• To enforce our Terms of Service and protect against fraudulent, unauthorized, or illegal activity.
• To comply with applicable legal obligations.

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide our services (e.g., booking management, account creation).
• Legitimate interests: Improving the Platform, preventing fraud, and internal analytics, where such interests are not overridden by your rights.
• Consent: Where you have given explicit consent, such as for location access or marketing communications.
• Legal obligation: Where processing is required to comply with applicable law.

We do not sell your personal data to third parties. We may share data in the following limited circumstances:

• With businesses you book: When you make a booking, the relevant shop receives your name and booking details to fulfill the appointment.
• Service providers: We use third-party services for hosting (Vercel, Supabase), email delivery (Resend), and analytics. These providers process data on our behalf under contractual obligations.
• Legal requirements: We may disclose data if required by law, court order, or governmental request, or to protect the rights, property, or safety of Svelto, its users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

We retain your personal data for as long as your account is active or as needed to provide the Platform services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records, legal disputes).

Booking records and reviews may be retained in anonymized form for analytics and platform integrity purposes.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of passwords using bcrypt hashing.
• HTTPS encryption for all data in transit.
• Access controls limiting data access to authorized personnel.
• Regular security reviews of our infrastructure and codebase.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Data portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at contact@svelto.app. We will respond within 30 days.

The Platform uses essential cookies and local storage for session management and authentication. We do not use third-party advertising trackers. Analytics data is collected in aggregate form and does not identify individual users.

The Platform is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it promptly.

Your data may be processed and stored in countries outside your country of residence, including the European Union and the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

For questions, concerns, or requests related to this Privacy Policy, contact us at:

Svelto
Email: contact@svelto.app
Skopje, North Macedonia