Privacy Policy
Effective Date: April 10, 2025.
Introduction
We at Hair Etc (a DBA of Channy Khou Gen PTR) (“we,” “us,” “our”) respect your privacy. This Privacy Policy is designed to explain how we collect, use, and protect the personal information you provide to us when you access our website, book appointments, engage with our AI-powered features, receive SMS messages, or interact with us via phone, forms, or digital channels. It also outlines your rights concerning the information we collect.
Please read this Privacy Policy carefully. We will notify you of changes by updating the “Effective Date” at the top of this Policy. Any updates become effective immediately upon publication on our website. By continuing to use our website, booking tools, forms, or AI/text-based features, you waive specific notice of any changes and are deemed to have accepted the revised Privacy Policy.
We encourage you to review this Policy periodically—especially when submitting your information, booking services, or interacting with our salon through text, voice, or digital tools.
1. Information We Collect
We collect a variety of information from you when you visit our website, book appointments, interact with our AI-powered features, communicate via SMS, or engage with us on social media. By accepting this Privacy Policy, you are specifically consenting to our collection, use, and processing of the data described below, including sharing with authorized third-party processors as needed for our legitimate business operations.
Personal Data
Personal Data is information that can be used to identify you specifically, such as your name, phone number, email address, appointment details, or general demographic information (such as your age or city). You provide this data voluntarily when you schedule a service, fill out an opt-in form, respond to an offer, or contact us directly through our website or digital channels. While you are not required to provide this information, withholding it may prevent us from booking your appointment or providing follow-up communications.
Derivative Data
We automatically collect certain technical information when you visit our website. This may include your IP address, browser type, device type, the dates and times you access our site, and specific pages viewed. This information may also be collected by third-party analytics and advertising tools, such as Facebook Pixel and Facebook Conversions API. While this data does not typically identify you personally, it helps us analyze traffic and improve user experience and ad performance.
Voice and Conversation Data
When you interact with our AI voice agents or text-based chatbot assistants—whether through our website, SMS, or follow-up calls—we may collect and process voice recordings, transcripts, and other related metadata. This data is used to deliver services, confirm appointments, follow up with leads, and improve the quality of our AI systems. Consent is obtained at the time of interaction, and you may withdraw consent at any time by contacting us. Opting out may limit your ability to use certain AI-powered features.
Financial Data
If you enroll in our salon membership program, we may collect limited financial information to securely process your recurring payments. This may include your name, billing details, and credit card number. All payment data is entered in person and processed exclusively through Stripe, a PCI-compliant third-party payment processor.
We do not store or process your full credit card details on our website or internal systems. Stripe handles all card storage and transaction security. You can review Stripe’s Privacy Policy to understand how your financial information is used and protected:
Stripe Privacy Policy: https://stripe.com/privacy
Social Networking Data
We may access information from social media platforms such as Facebook and Instagram when you engage with our posts, respond to advertisements, or submit your information through lead forms. This may include your name, public profile, email address, or other contact data you choose to provide. You can manage what information we access by adjusting your privacy settings on the relevant social platform.
Mobile Device Data
When you access our site via a mobile device, we may collect information such as your device type, device ID, operating system, mobile browser, and general location data (if permissions are granted). This data helps ensure proper site functionality across devices and may support ad tracking.
Other Data
Occasionally, you may provide us with additional data by participating in a survey, submitting a review, or entering a giveaway. Participation in these activities is voluntary, and you will be notified when specific information is being collected.
2. AI Technologies and Data Processing
AI-Powered Features and Services
We use artificial intelligence (AI) technologies as part of our customer engagement and salon operations. These tools help us streamline communication and improve service quality. Examples include:
- AI-powered text agents to follow up with leads and respond to common inquiries
- AI voice agents for automated appointment reminders and lead outreach
- AI tools used for internal quality assurance and call review
How We Use AI With Your Data
Our AI systems may process your personal data to:
- Respond to appointment requests or questions
- Analyze customer interactions to improve communication
- Personalize follow-up messages based on service preferences
- Monitor and improve service quality
- Reduce response time and ensure timely appointment reminders
We do not use AI to make decisions that have legal or similarly significant effects without human oversight.
AI Data Protection Commitments
We are committed to using AI responsibly and securely. To that end, we:
- Do not use AI to make final decisions without human review
- Limit AI systems to processing only the data necessary for the task
- Implement security controls to prevent unauthorized access to AI-processed data
- Review our AI tools for accuracy, fairness, and compliance with this Privacy Policy
- Allow you to opt out of AI-based communications when feasible by contacting us
- We do not use AI to make decisions that have legal or similarly significant effects without human oversight.
Voice Recording and Processing
We are committed to using AI responsibly and securely. To that end, we:
- Calls may be recorded and transcribed to deliver services, confirm bookings, and improve service quality
- You will be notified if recording occurs and may opt out at the beginning of the call
- Voice data is stored securely and is typically retained no longer than 90 days
- You may request deletion of your voice recordings by contacting [email protected].
3. How We Use Your Information
Your information allows us to provide salon services, manage appointments, and operate our client communications—including those delivered by text, voice, or AI-powered systems. We also use your data to improve your overall customer experience and streamline salon operations.
We store your information securely and may share it with trusted service providers (e.g., CRM, SMS, analytics, or payment platforms) solely for operational purposes. We process your data based on your consent, legitimate business interest, or to fulfill requested services.
Specifically, we may use your data to:
- Schedule and confirm salon appointments
- Create and administer your account if you enroll in our membership program
- Securely store your billing information for recurring membership payments
- Follow up on services or inquiries
- Contact you about promotions, service updates, or limited-time offers
- Interact with you via social media (e.g., Facebook, Instagram)
- Deliver retargeted ads based on your site or ad interactions
- Respond to contact form submissions or phone calls
- Request reviews or feedback about your visit
- Notify you of policy or service changes
- Improve service quality through AI review and call tracking
- Analyze service trends to optimize our offerings
- Train and refine our AI-based communications
- Assist law enforcement if legally required
- Prevent fraudulent or unauthorized activity
We do not offer online account creation or self-service logins at this time. Member accounts and billing profiles are created in person at our salon, with credit card data securely processed by a PCI-compliant provider.
4. When Do We Collect Information?
We collect information from you when you:
- Fill out a contact or opt-in form
- Schedule an appointment
- Sign up for our membership program in person
- Interact with our AI-powered text or voice agents
- Engage with our customer service team via phone, SMS, or digital platforms
- Respond to advertising or submit your information via social media (e.g., Facebook lead forms)
5. How do We Protect Visitor Information?
Your personal information is maintained in secured systems and is only accessible by authorized staff who are required to keep all data confidential. Sensitive information—such as payment or billing data submitted during membership enrollment—is encrypted and processed through a secure payment gateway (Stripe). We do not store your credit card information on our website or internal servers.
We implement multiple security measures to protect your personal data, including:
- SSL encryption for our website
- Secure access controls for staff and vendors
- Use of trusted third-party platforms with strong security practices
- Limited data retention and deletion protocols for sensitive information
AI-Specific Security Measures
For data processed by our AI-powered systems (including voice and chatbot agents), we take additional precautions, such as:
- Encrypted storage of voice recordings and chat transcripts
- Role-based access restrictions for staff
- Periodic audits of AI system logs and permissions
- Anonymization of data where applicable
- Regular deletion of AI data that is no longer needed
6. Data Sharing Commitment
We Do Not Sell Your Data
We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties for marketing or promotional purposes. Your information will never be sold, exchanged, transferred, or given to any other company without your consent, except as necessary to deliver the services you have requested.
We do not share SMS opt-in or consent information with any third parties for marketing purposes, including affiliates or parent companies.
Limited Sharing With Service Providers
We may share your information with trusted third-party service providers who assist us in operating our business, managing salon communications, and processing membership billing. These third parties are contractually required to protect your information and use it only for the purposes defined in our agreements. They may include:
- Stripe: for secure, PCI-compliant processing of membership payments
- Go High Level: for CRM management, SMS communications, and AI-powered follow-ups
- SMS aggregators and carriers: for delivering text messages you have opted into
- Cloud storage and web hosting providers: for secure data hosting and backup
- Advertising platforms (e.g., Facebook): for performance tracking and retargeted ads
AI Service Provider Limitations
When we engage AI service providers, we impose strict data use and security requirements. These providers:
- May only process your data for specific, agreed-upon purposes
- Must implement appropriate technical and organizational safeguards
- Cannot use your data to train models for unrelated purposes without your explicit consent
- Must comply with all applicable data protection laws
- Are required to notify us immediately of any unauthorized data access or breach
- Must delete or return your data upon termination of services
Important Note on SMS Data: All SMS opt-in and consent data will not be sold or shared with third parties, except with aggregators and platforms necessary to deliver the messages. Your mobile number will not be used for unrelated marketing purposes.
Other Limited Disclosures
We may also disclose your information:
- To comply with legal obligations or valid legal processes (e.g., subpoenas)
- To protect your safety or the safety of others
- To enforce our Terms of Service or investigate fraud.
- As part of a business transaction (e.g., merger, acquisition, or asset sale), in which case this Privacy Policy may transfer to the new entity
6. Cookies
We may use cookies and similar tracking technologies to improve your browsing experience and measure the performance of our digital advertising. Cookies are small data files stored on your device that help our website and marketing tools recognize your browser and remember certain information.
You can set your browser to warn you each time a cookie is being sent or disable cookies entirely. Disabling cookies may affect certain site functions and limit the effectiveness of personalized advertising.
7. Third Party Integrations
We use Facebook Pixel and Facebook Conversions API to help us understand how visitors interact with our website and to deliver relevant, retargeted ads across Facebook and Instagram.
These tools may collect anonymized information such as your IP address, device type, browsing behavior, and interaction with our ads or booking forms. This data helps us:
- Measure ad performance
- Build audience segments
- Retarget users who visited our site
- Improve marketing efficiency
You can opt out of Facebook’s interest-based advertising by visiting:
https://www.facebook.com/help/568137493302217.
Learn more about Facebook's privacy practices here:
https://www.facebook.com/full_data_use_policy.
8. Grounds for Using and Processing Your Data
The information we collect and store is used primarily to provide you with the salon services, appointment communications, and membership features you request. We may also use, process, and retain your personal data under the following lawful bases:
Legitimate Business Interests
We may process your information when it is reasonably necessary for our legitimate business interests, which include (but are not limited to):
- Communicating with you about bookings or offers
- Improving our website and marketing strategies
- Enhancing our salon services and customer experience
- Operating AI-powered messaging and scheduling tools
Performance of Contract
We may use and process your information as necessary to enter into or fulfill a contract with you, such as when you enroll in our membership program or book a service appointment.
Consent
Where required, we will obtain your explicit consent before collecting or processing your personal data for specific purposes, such as SMS marketing or retargeted ads. You may withdraw your consent at any time by contacting us; however, this may affect certain services.
As Required By Law
We may also process your information when required to do so by applicable laws, regulations, legal processes, or enforceable government requests.
9. International Data
Our website is hosted on servers located in the United States of America. If you are accessing this site from outside the U.S., please be aware that your information may be transferred to, stored, or processed in the United States, where our servers and many of our service providers are located.
We may use third-party vendors (such as payment processors, CRM platforms, and cloud storage providers) that operate in or transfer data through the United States. By submitting your personal data, you consent to this transfer and understand that privacy laws in the U.S. may not offer the same protections as those in your home country.
We take commercially reasonable steps to ensure that your data is stored securely and in accordance with this Privacy Policy. Sensitive data such as payment or voice transcripts is encrypted in transit and at rest where applicable.
Please note:
- No method of transmission over the internet is 100% secure
- You are responsible for safeguarding any passwords or authentication credentials associated with your interactions with us
- We cannot guarantee the complete security of data transmitted electronically; submission is at your own risk
10. Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to provide services, comply with legal obligations, resolve disputes, and enforce agreements. If you are a member of our salon membership program, we may retain your information as long as your membership is active or until you request deletion.
Information collected for specific purposes—such as analytics, quality assurance, or law enforcement requests—is retained only as long as necessary to fulfill that purpose.
Personal data that is no longer needed will be securely deleted or anonymized.
AI and Voice Data Retention
If you interact with our AI voice agents or chatbots:
- Voice recordings are typically retained for up to 90 days, unless a longer period is needed for quality assurance, dispute resolution, or compliance
- Text transcripts from chatbot or SMS interactions may be retained for up to 12 months to help improve service quality and AI responsiveness
- Anonymized interaction data may be retained indefinitely for analytics and performance analysis
Deletion Requests and Limitations
You may request deletion of your personal data at any time, unless we are legally required to retain it. Please note:
- We do not control third-party data retention policies (e.g., Stripe, Facebook, Go High Level)
- You may contact those providers directly if you wish to request deletion from their systems
- If requested, we will make reasonable efforts to inform you which third-party platforms have received your data
Usage and Analytics Data
We may retain non-personal usage data (such as website traffic metrics) for internal analysis. This data is generally stored for shorter periods unless needed for site performance, security, or legal purposes.
11. Security of Your Information
We take commercially reasonable measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes technical safeguards such as SSL encryption, access controls, and secure vendor relationships with platforms like Stripe, Go High Level, and other trusted providers.
Sensitive data such as voice recordings, chat transcripts, and membership billing details are protected through encryption and are only accessible to authorized personnel under strict confidentiality policies.
While we follow generally accepted industry standards to safeguard your data, please be aware that no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.
If we become aware of a data breach that poses a significant risk to your personal information, we will notify you in accordance with applicable laws and regulatory requirements.
12. Sensitive Data
We ask that you do not submit any sensitive personal data to us through any public or private channel, including website forms, email, SMS, voice calls, or AI chatbot interactions. This includes (but is not limited to):
- Social Security numbers
- Health or medical information
- Biometric or genetic data
- Ethnic or racial origin
- Religious or philosophical beliefs
- Criminal background or legal history
If you do submit this type of information—whether intentionally or inadvertently—you acknowledge and consent to our use, storage, and processing of that data in accordance with this Privacy Policy.
Special Note About AI Voice and Text Interactions
Our AI voice agents and chatbots are
not intended to collect sensitive personal information, and are programmed with filters to prevent the retention of such data. However, in the event that sensitive data is disclosed during an AI-powered interaction:
- We will make reasonable efforts to identify and delete the data upon detection
- Automatic filtering systems are used to prevent storage or reuse of sensitive content
- Human reviewers (if involved in quality assurance) are subject to strict confidentiality obligations
- You may request immediate deletion of any sensitive interaction by contacting us at [email protected].
13. SMS/Text Message Policy
When you opt in to receive SMS (text) messages from Hair Etc, we are committed to protecting your privacy and complying with all applicable messaging regulations, including A2P 10DLC standards.
- Purpose and Frequency: We may use your mobile number to send you appointment confirmations, reminders, scheduling updates, promotional offers, or salon updates. These messages may include time-sensitive alerts related to your bookings or limited-time specials. Message frequency may vary. Message and data rates may apply.
- No Data Sharing: We do not sell, rent, or share your SMS opt-in data or mobile number with any third parties or affiliates for marketing purposes. Your mobile number will only be shared with SMS aggregators and delivery providers necessary to transmit our messages to you.
- Limited Use: Your SMS opt-in data will be used exclusively for the purposes you have agreed to, such as appointment reminders, scheduling updates, customer service messages, digital receipts, or promotional offers related to our services. You will not receive text messages beyond those you have consented to.
- Opt-Out Control: You may opt out of SMS communications at any time by replying “STOP” to any message you receive from us. Once you opt out, we will send a final confirmation message and cease all further SMS communication.
- Support: For help or additional information regarding our text messaging program, you may reply “HELP” or contact us directly at [email protected] or (951) 848-5545.
- Compliance Notice: Opt-in data and consent for text messaging will not be shared with any third parties, except with aggregators and SMS service providers as required to deliver messages.
14. Your Rights
You have specific rights with respect to your personal data, as outlined below. We may request that you verify your identity before we take action, and in some cases, your rights may be limited by legal or regulatory obligations.
Access Updates
You have the right to request a copy of the personal data we hold about you. You may also update or correct your information at any time by contacting us at [email protected].
Change or Withdraw Consent
You may withdraw your consent to certain types of data use—such as promotional SMS or retargeting ads—at any time. Please note that withdrawing consent may limit your access to specific features or communications.
Delete Your Data
You may request that we delete all personal data we hold about you. This may include data associated with past appointments, membership enrollment, or SMS communications. We will honor such requests unless we are legally required to retain the data or it is necessary for ongoing business functions (such as membership billing or dispute resolution).
Request a Copy or Transfer of Your Data
You may request a digital copy of your data in a commonly used format, or ask that we transfer it to another provider where technically feasible.
Restrict or Object to Processing
You may, in certain cases, restrict how your data is used (e.g., if you dispute its accuracy or object to direct marketing). We will comply with such requests unless we are legally obligated to continue processing.
AI-Specific Rights
If you have interacted with our AI voice or chatbot systems, you have the following additional rights:
- Opt out of voice recording at any time
- Request deletion of voice data or transcripts
- Request human review of any AI-driven decisions
- Ask how AI decisions were made and what data was involved
To exercise any of these rights, contact us at [email protected] or call (951) 848-5545.
.
Marketing Communications
You may opt out of receiving SMS marketing or promotional content at any time by replying STOP to any message. You may also email us to be removed from promotional campaigns across all platforms.
Complaints
If you believe we are misusing your data or have violated you rights, you may contact us directly at [email protected].
You may also have the right to file a complaint with a state or federal regulatory agency.
15. California Privacy Rights (CCPA)
If you are a California resident, you are granted specific rights regarding your personal information under the California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020.
You have the right to request, free of charge:
- The categories and specific pieces of personal information we have collected about you or members of your household
- The purposes for which we collect or use that data
- The categories of third parties to whom data may be disclosed for operational purposes
- Deletion of your personal information from our records, subject to certain legal exceptions
Categories of Personal Data Covered by CCPA
We may collect the following types of information about California residents:
- Personally identifying information (name, phone number, email address, physical address)
- Interaction and service history (appointments booked, services requested, messages exchanged)
- Geolocation data (approximate location from mobile device or IP address)
- Voice recordings and transcripts from AI voice or chatbot interactions
- Site interaction data, such as ad click behavior or form submissions via Facebook ads
We do not collect biometric data, education history, or employment-related information.
Right to Opt Out of Data Sales
Hair Etc does not sell your personal data, and has no current plans to do so. However, you may request to opt out of any future data sales (should our policies change) by contacting us at [email protected].
Right to Deletion
You may request that we delete any personal information we have collected about you. We will honor deletion requests unless we are legally required to retain certain data for membership management, regulatory obligations, or dispute resolution.
Submitting a CCPA Request
To exercise your California privacy rights, please email [email protected]. We may require verification of your identity and California residency before proceeding with your request.
We will respond to all CCPA requests within a reasonable timeframe during business hours, excluding holidays or scheduled time off.
16. Children's Privacy (COPPA)
In accordance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect, solicit, or store personal information from anyone under the age of 13. Our website and services are intended for use by adults.
We do not specifically market to or target children under 13 years of age. If we learn that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as possible.
If you believe that we may have collected data from a child under 13, please contact us immediately at [email protected] so we can take appropriate action.
17. Fair Information Practices
The Fair Information Practice Principles (FIPPs)
are foundational to U.S. privacy law and have influenced global data protection standards. We are committed to upholding these principles in the operation of our business and protection of your personal data.
In line with these practices, we take the following actions in the event of a data breach:
- Notification: If a data breach occurs that affects your personal information, we will notify you by email, phone, or SMS (as appropriate and permitted by law) within 7 business days of confirming the breach.
- Individual Redress: We support the principle that individuals have the right to pursue enforceable legal remedies if their data is misused or if privacy laws are violated. This includes the right to seek recourse through regulatory agencies or legal channels against data processors that fail to adhere to applicable laws or this Privacy Policy.
18. CAN-SPAM Act Compliance
The CAN-SPAM Act is a U.S. law that governs commercial email communications. It gives recipients the right to opt out of marketing emails and establishes penalties for violations.
We collect your email address when you voluntarily provide it through appointment forms, service inquiries, or opt-in requests. We may use this address to:
- Respond to questions or service requests
- Send appointment confirmations or updates
- Share occasional promotions or salon announcements (with your consent)
To comply with the CAN-SPAM Act, we agree to:
- Not use false or misleading subject lines or sender information
- Clearly identify marketing messages where applicable
- Include our physical business address in email correspondence
- Promptly honor opt-out and unsubscribe requests
- Monitor the use of any third-party email platforms for compliance
If at any time you wish to stop receiving emails from us, you may:
- Email us at [email protected] with your unsubscribe request
- Let us know verbally at your next appointment
- Or reply to any of our communications with the word “UNSUBSCRIBE”
We will remove you from our email list promptly and with no further obligation.
19. AI Ethics & Commitments
As part of our use of artificial intelligence (AI) technologies in customer communication, we are committed to the following ethical principles:
- Transparency: We will clearly disclose when AI is being used to communicate with you, whether by voice or text.
- Human Oversight: We maintain appropriate human supervision over our AI systems and can intervene when necessary.
- Data Privacy: We only use your personal data in connection with AI features where appropriate consent has been provided and with safeguards in place.
- Non-Discrimination: We aim to ensure that our AI-powered tools operate fairly and do not result in discriminatory outcomes.
- Security: We implement strong technical controls to protect any data processed by or stored through AI systems.
- Accountability: We take full responsibility for the operation and outputs of the AI systems we use in customer engagement.
We regularly evaluate our AI systems and update our internal practices to ensure responsible, secure, and ethical use of these technologies.
20. Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please contact us at:
Email: [email protected]
Address: 13451 Baseline Ave Ste F, Fontana CA 92336
Last Updated: April 10, 2025.
Managed by haloflo
©2025 Hair Etc. All rights reserved.