ChiaTurn Privacy Policy
Effective date: 10/07/2025
Last updated: 10/07/2025
ChiaTurn (“ChiaTurn,” “we,” “us,” or “our”) helps salons track turns and appointments. We take a minimal-data approach and only process what’s necessary to provide the app and in-app purchases.
If you do not agree with this Policy, please do not use ChiaTurn.
1) Scope & Controller
This Policy applies to the ChiaTurn iOS and Android apps and related support.
Controller/Operator: ChiaTurn
Contact: [email protected]
2) What We Collect (Minimal Data)
We avoid collecting personal data unless it’s required for core features.
2.1 Information you provide
Account details: email (or other login identifier you choose).
Credentials: password (stored via industry-standard hashing; we cannot see your actual password).
User Content (app features): staff names, turn order, appointments, and list uploads you choose to store (e.g., employee rosters/notes).
Purchase records: non-sensitive in-app purchase receipts/transaction IDs (to unlock paid features).
2.2 Information we do not collect
No advertising identifiers (IDFA/AAID) and no ad tracking.
No third-party analytics SDKs.
No precise geolocation.
No contacts, photos, camera, or microphone data (unless we later add an explicit feature that needs it; you would be prompted).
2.3 Automatically processed technical data
For security/operations we may process limited technical data such as IP address, device/OS version, app version, timestamps, and error logs when you use the app or our services. This is used only to operate, secure, and troubleshoot the service, not to profile you.
3) How We Use Information
We use your information to:
Provide the service (authenticate accounts, store/sync your turns/appointments/lists, enable paid features).
Customer support you request.
Security & integrity (fraud/misuse prevention, troubleshooting, service reliability).
Legal compliance (e.g., tax/accounting for in-app purchases, lawful requests).
We do not sell or “share” personal information for cross-context behavioral advertising.
4) Platforms, SDKs, and Processors We Use
Unity (game/app framework): runtime used to build and run the app.
PlayFab (Microsoft): backend services for authentication, data storage (e.g., accounts, purchases, cloud data for your salon content), and server-side features.
Cloud hosting (e.g., Microsoft Azure or equivalent) to securely store data.
App Stores:
Apple App Store / Apple In-App Purchases (IAP) on iOS.
Google Play / Google Play Billing on Android.
We do not receive your full payment card details. We receive only purchase metadata (receipt/transaction ID) to grant or validate entitlements.
All providers act as processors/service providers on our behalf and may access data solely to deliver their services under confidentiality and security obligations.
5) Account Security & Your Responsibilities
We use reasonable safeguards (TLS in transit, hashed/salted passwords, access controls). No system is 100% secure.
You are responsible for safeguarding your credentials and device.
Account recovery: If you lose access to your email and cannot complete password reset, we may be unable to restore your account or data.
Disclaimer: To the fullest extent permitted by law, ChiaTurn is not responsible for loss of access or data resulting from forgotten/compromised passwords, reused or weak passwords, device compromise, or unauthorized access outside our control. This does not limit non-waivable consumer rights.
6) Data Retention
Account & User Content: kept while your account is active.
Inactive accounts: may be deleted or archived after a reasonable period (e.g., 48 months of inactivity).
Purchase/transaction records: retained as required for tax/accounting and legal obligations.
You may request deletion at any time (Section 11).
7) International Transfers
Data may be processed in the United States and other countries by our processors (e.g., Microsoft PlayFab/Azure). Where required, we implement appropriate safeguards for international transfers (e.g., Standard Contractual Clauses).
8) Children’s Privacy
ChiaTurn is not directed to children. Do not use ChiaTurn if you are under the age required to consent to data processing in your country (e.g., 13 in the U.S., up to 16 in parts of the EEA/UK) unless a parent/guardian has provided verifiable consent. If you believe a child used the app without consent, contact us to delete the account.
9) Your Choices
Access & update your account info from within the app (where available) or by contacting support.
Delete account & data by contacting support (subject to lawful retention).
Communications: we may send service emails/notifications (e.g., password reset, purchase confirmations). You can disable non-essential in-app notifications in settings.
10) Security Measures
We use reasonable administrative, technical, and physical measures such as TLS, hashed/salted passwords, scoped access, and logging. Despite these measures, no method is completely secure.
11) Your Rights (By Region)
We honor valid privacy requests as required by law.
EEA/UK (GDPR/UK GDPR): rights to access, rectification, erasure, portability, restriction/object, and to lodge a complaint. Legal bases:
Contract (provide the app/IAP you request)
Legitimate interests (security, service integrity; not overridden by your rights)
Legal obligation (tax/accounting, lawful requests)
United States (including CA/VA/CO/CT/UT): You may have rights to access, delete, correct, and opt-out of “sale”/“sharing.” We do not sell or share personal information for targeted advertising.
Canada/Other regions: We process to provide requested services and with consent where required; you can withdraw consent (features may stop working).
To exercise rights, email [email protected]
from your account email. We may verify your request (e.g., confirm via email). Authorized agents may submit requests where permitted.
12) Data Breach & Notifications
If a security incident affects your data, we will investigate and notify you and/or regulators as required by law.
13) Do Not Track
We do not track users across third-party sites and do not respond to browser “Do Not Track” signals.
14) Changes to This Policy
We may update this Policy. If changes are material, we will provide reasonable notice in the app or by email. Continued use after the effective date means you accept the updated Policy.
15) Contact Us
Questions or requests: [email protected]
Platform Disclosures
A) Apple App Store (iOS) – “App Privacy” Summary
Data Linked to You:
Identifiers: email (account).
Purchases: IAP receipt/transaction ID to grant features.
User Content: staff/turn/appointment data and list uploads you choose to store.
Purposes: App functionality, account management, and purchase verification.
Tracking: We do not track you across other companies’ apps or websites.
Data Not Collected: No ads data; no analytics SDKs; no precise location.
Final labels in App Store Connect may vary based on your exact implementation (e.g., if you add crash reporting). We currently avoid optional SDKs that would widen these categories.
B) Google Play (Android) – “Data safety” Summary
Collected data:
Personal info: email (account).
Financial info: purchase metadata (transaction/receipt IDs for entitlements).
App activity/User Content: salon data you enter (turns, appointments, list uploads).
Device or other IDs: not collected for ads; only limited technical logs for security/operations.
Purposes: App functionality, account management, purchase verification, security.
Data sharing: We do not sell or share data for advertising. Data may be processed by service providers (PlayFab/Microsoft, cloud hosting, Apple/Google billing).
Encryption: Data in transit is encrypted.
Data deletion: Users can request account/data deletion via support.
Additional Details About PlayFab & Unity
Unity: Used to build/run the app. We do not enable Unity Ads or Unity Analytics.
PlayFab (Microsoft): Provides authentication, cloud saves/storage for your account, purchase validation, and feature entitlements. PlayFab processes only what’s needed for these functions under our instructions. Where required, Microsoft’s data transfer safeguards apply.
Important Notes About Passwords & Account Loss
You are solely responsible for maintaining the confidentiality of your password and device.
If you cannot access your email to complete password reset, we may not be able to verify ownership or restore your account/data.
To the fullest extent permitted by law, we are not liable for losses arising from compromised credentials, device theft, malware, or failure to follow basic security practices (e.g., reusing passwords).
How to Exercise Your Rights or Request Deletion
You can delete your account in the app at any time.