Privacy policy

Version 2.0 — last updated: 25 April 2026.

1. Who we are

Sweeber Technologies (“Avana”, “we”, “us”) provides an online booking platform for independent salons and beauty professionals. To use Avana we process personal data. Under the General Data Protection Regulation (GDPR), Avana is the controller for some of these processing activities and acts as processor on behalf of the salon for others.

Contact:

• Sweeber Technologies B.V., Torenlaan 5B, 1402AT Bussum, the Netherlands
• Privacy email: support@getavana.com
• Phone: +31 6 57 60 32 79

2. Who this policy applies to

This policy applies to three groups of people who interact with Avana:

• Salon owners and their staff who hold an Avana account.
• Clients of those salons who book an appointment through an Avana booking page.
• Visitors to our website who do not (yet) have an account.

For each group we explain below which data we process and why.

3. What data we collect

3.1 Salon owners and staff

• Identification: first and last name, email address, phone number, photo (optional).
• Business data: company name, address, company registration number, VAT number, IBAN.
• Account data: hashed password, login timestamps, IP address at login.
• Usage data: which features you use, which settings are active, error logs.
• Communications: messages you send to our support team.
• Billing data: subscription history, invoices, payment status (the card or bank details themselves are stored with our payment processor — not with us).

3.2 Clients booking through Avana

• Booking data: name, email address, phone number, chosen service, date, time, price.
• Optional fields: answers to intake forms the salon has set up (for example medical information or preferences).
• Payment data: when a client prepays, we store the payment status (amount, method, transaction ID); the bank details themselves stay with the payment processor.
• Notes: notes the salon adds to the client profile.
• Communication history: which confirmations, reminders and change emails the client received.

3.3 Website visitors

• Log files: IP address, browser, operating system, pages visited, timestamp.
• Cookies: functional cookies to make the website work (see section 11).
• Contact form: if you fill in the contact form we store your name, email, phone (optional) and message.

4. Why we process data (purposes and legal bases)

Under GDPR we may only process personal data on one of the six legal bases. The table below shows the legal basis for each purpose.

5. How long we keep data

We do not keep personal data longer than necessary:

• Account and business data: for as long as the account is active, plus 90 days after cancellation (so you can request your data back).
• Client booking data: for as long as the salon keeps its Avana account, or shorter if the salon deletes the client profile.
• Invoices and accounting data: 7 years (statutory tax retention).
• Log files and security logs: 12 months.
• Contact form submissions: 24 months, then automatically deleted.
• Marketing consent: until you unsubscribe; then immediately deleted from the marketing list.

If you request erasure, we delete all data we are allowed to delete within 30 days. Data we are legally required to keep (such as invoices) remains stored until the statutory period has lapsed.

6. Who we share data with

We only share data with third parties when it is necessary to deliver the service or when we are legally required to. We sign GDPR-compliant data processing agreements with all of these providers.

• Hosting partner in the European Union — for storage of database and files.
• Payment processor — to process payments.
• Email service — to send transactional emails (confirmations, reminders).
• SMS service — to send SMS reminders.
• Bookkeeping/invoicing software — to manage invoices.
• Customer support tooling — to manage support tickets.
• Logging and monitoring tools — to detect bugs and attacks.
• Authorities — only when we are legally required (for example, on a court order).

We do not sell personal data to third parties. We never share a salon's client data with other salons, marketplaces or ad networks.

7. Transfers outside the EU

Our main infrastructure is located in the European Union. Some processors (for example our email provider) may process data in countries outside the EU. In that case we use one of the legal safeguards under GDPR: the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision. On request we provide insight into which clauses we use.

8. Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Concrete measures:

• Encryption of data in transit via HTTPS/TLS.
• Encryption at rest where supported by our hosting partner.
• Encrypted password storage using modern hashing algorithms.
• Role-based access control (least privilege).
• Two-factor authentication for internal staff.
• Regular audits, penetration tests and code reviews.
• Logging of security events with active monitoring.
• Encrypted backups with regular restore tests.

Should a data breach occur, we assess it under our incident procedure. For breaches that must be reported, we notify the supervisory authority within 72 hours and — when legally required — the affected individuals directly.

9. Your rights under GDPR

Under GDPR you have several rights regarding your personal data. You can exercise any of these rights by emailing support@getavana.com. We respond within 30 days.

• Access — you may request which data we hold about you.
• Rectification — have inaccurate or incomplete data corrected.
• Erasure (“right to be forgotten”) — when we no longer need the data and no statutory retention applies.
• Restriction — temporarily stop processing while a dispute is ongoing.
• Object — object to processing based on legitimate interest.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent — for processing based on consent (such as marketing).
• Not be subject to automated decisions with legal effects — we do not use such decisions.
• Lodge a complaint with the supervisory authority (in the UK: the ICO at ico.org.uk; in Ireland: the DPC at dataprotection.ie; in Australia: the OAIC at oaic.gov.au).

To prevent abuse we may ask for additional identification before acting on a request — for example a copy of an ID document with the photo and ID number redacted.

10. Salon clients — who do you contact?

If you booked an appointment through an Avana booking page and want to access, change or delete your data, the salon is the controller and Avana is only the processor. Please first contact the salon you booked with — their contact details are in your confirmation email. If that does not work, write to support@getavana.com; we will help further or pass the request on to the salon.

11. Cookies and similar technologies

Avana uses cookies and similar technologies to make the website work and to measure improvements. We distinguish three types:

• Functional cookies — strictly necessary: logged-in sessions, language preference, security. No consent required.
• Analytical cookies — to anonymously measure which pages are visited. We use a privacy-friendly setup with no transfer of personal information to ad networks.
• Third-party marketing cookies — we do not set them. Avana shows no external ads and shares no personal data with ad platforms.

You can block or delete cookies via your browser settings. Disabling functional cookies may impair the use of Avana.

12. Marketing communication

We only send marketing emails (such as product updates or newsletters) if you have given us explicit consent — for example by ticking the option when creating an account, or via an opt-in on the website. Every marketing email contains an unsubscribe link. Unsubscribing takes effect immediately.

Transactional emails (confirmations, reminders, invoice notifications) we keep sending because they are necessary to deliver the service.

13. Automated decision-making and profiling

Avana does not use automated decision-making with legal effects or similarly significant consequences for you. Features such as no-show prevention and waitlists use simple, transparent rules — not opaque machine-learning models — for binding decisions.

14. Children

Avana is intended for business use by adults. We do not target children under 16 and do not knowingly collect personal data from children. Salon clients may sometimes be younger (for example at a kids' hair salon); the salon is then responsible for obtaining consent from a parent or guardian.

15. Avana as processor — Data Processing Agreement

For the data you process about your own clients via Avana, the salon is the controller and Avana is the processor. By default we conclude a Data Processing Agreement through your acceptance of the terms of service — those terms also serve as a Data Processing Agreement. A signed copy is available on request via support@getavana.com.

16. Retention after cancellation

Cancel your Avana account, and we keep your data accessible in archived form for 90 days, so you can request an export or reactivate your account. After that, personal data is deleted — with the exception of what we are legally required to keep (invoices, accounting).

17. Filing a complaint

Do you feel we are not handling your data carefully? Please write first to support@getavana.com — we always try to resolve a complaint within 14 days. If we cannot reach an agreement, you can file a complaint with the supervisory authority that applies to you (UK: ICO; Ireland: DPC; Australia: OAIC; or another EU/EEA Data Protection Authority).

18. Changes to this policy

We may update this privacy policy from time to time. Material changes — such as new categories of processing or new processors — are announced by email to account holders in advance and published on this page at least 30 days before they take effect. The latest version is always available at /en/privacy.

19. Contact

Questions, complaints or requests about this privacy policy? Email support@getavana.com or call +31 6 57 60 32 79. For general questions you can also use our contact form.