Privacy Policy

Privacy Policy Effective date: September 5, 2025

  1. Who We Are This Privacy Policy explains how “The BeautyBell” (“we”, “us”, “our”) collects and processes your personal data when you use our mobile apps (iOS/Android) and website (the “Services”). The data controller is:
  • Controller: Ahmet Basli (The BeautyBell)
  • Email: [email protected]
  • Domain: https://beautybell.app
  • Jurisdiction/Governing law: Indonesia (venue: Jakarta)
  • Language: English controls in case of conflict with Bahasa Indonesia
  1. What We Collect We collect the following categories of data, depending on how you use the Services.

2.1 Account & Identity (All Users)

  • Data: name, email, Google account identifiers (googleId, verifiedEmail), profile photo
  • Source: Google Sign‑In
  • Use: account creation/login, identification, security
  • Basis: contract necessity; legitimate interests (fraud/security)

2.2 Contact Details (All Users)

  • Data: phone number; preferred language
  • Use: booking coordination, transactional notifications, support
  • Basis: contract necessity

2.3 Eligibility / Age (Customers)

  • Data: date of birth
  • Use: age gating (18+), eligibility verification
  • Basis: legal obligations; contract necessity

2.4 Customer Profile & Addresses (Customers)

  • Data: first/last name, profile picture (optional), isActive; addresses (street, city, state, postalCode, country, label, coordinates), default address coordinates
  • Use: map display, booking address and discovery, account management
  • Basis: contract necessity; consent for device location (see 2.6)

2.5 Artist Profile (Artists)

  • Data: first/last name, phone, profile picture (optional), professional bio, specializations, years of experience, isActive, preferred travel time (if set), verificationStatus, isOnline?, pricing ranges, default address coordinates, cancellationCounter
  • Use: marketplace listing; quality/safety; blacklist enforcement after repeated accepted‑then‑canceled bookings
  • Basis: contract necessity; legitimate interests (platform integrity and safety)

2.6 Location (Customers & Artists)

  • Data: precise location “when in use” only; saved address coordinates
  • Use: show booking location; discovery; on‑map features
  • Basis: consent (OS‑level for location); contract necessity for address data
  • Note: We do not collect background location. If we add background tracking in the future, we will request additional consent and update this Policy.

2.7 Media (Customers & Artists)

  • Data: photos you upload (profile, service images)
  • Use: identity and listing content
  • Basis: consent (upload action); contract necessity (listing)

2.8 Notifications (All Users)

  • Data: device push tokens; OS/platform
  • Use: transactional pushes (booking status, acceptance, payouts)
  • Basis: contract necessity; consent at OS level

2.9 Payments & Payment Hold (All Users; Artists for payouts)

  • Data: Xendit/XenPlatform identifiers (customer IDs, artist sub‑accounts), payment method tokens/ids, transaction/refund/payout ids; saved bank accounts for payouts (channelCode, accountHolderName?, accountNumber, isDefault, isActive, lastUsedAt)
  • Use: accept payments, payment hold via our payment partner (Xendit), automatic release after the completion window (3 hours after completion unless a support ticket blocks), withdrawals, refunds/voids
  • Basis: contract necessity; legal obligations (financial/tax)
  • Note: We do not store raw card/wallet PAN. We store provider tokens/ids from Xendit.

2.10 KYC / Verification (Artists)

  • Data: ID documents, selfies, interview artifacts; verification status
  • Use: compliance, fraud prevention, payout eligibility
  • Basis: legal obligations; legitimate interests (trust/safety)
  • Note: Collected by us and/or Xendit; stored securely. Currently stored outside the app; may later be stored in‑app.

2.11 Support & Disputes (All Users)

  • Data: ticket text, attachments, booking/payment references, contact details
  • Use: resolve issues; coordinate refunds/chargebacks; temporarily block auto‑transfer while a ticket is open
  • Basis: contract necessity; legitimate interests

2.12 Devices & Security (All Users)

  • Data: userId/customerId/artistId, push token, platform (ios/android/web), appVersion, locale, timezone, deviceId, IP, role
  • Use: notifications, session/account association, localization, fraud/security, debugging
  • Basis: contract necessity; legitimate interests (security/service continuity)

2.13 Analytics/Ads

  • Current status: no analytics SDKs, no third‑party ads, no tracking for advertising.
  • Future tools (e.g., Google Tag Manager) will be added only with notice/consent where required, and this Policy will be updated.
  1. How We Use Personal Data
  • Provide and operate the Services (search, booking, messaging/notifications, maps)
  • Payments and payment hold via our payment partner (capture, hold, refund/void, automatic release to artists)
  • Payouts to artists (via Xendit; artist bears payout fee per Xendit’s terms)
  • Identity verification and fraud/safety (including blacklist enforcement)
  • Customer support and dispute resolution (including chargebacks with Xendit)
  • Security, monitoring, debugging, and service integrity
  • Compliance with law and tax/accounting obligations (PPN/VAT on platform fees)
  1. Payments, Fees, and Taxes (Summary)
  • Platform fee: 15% of service totalPrice; PPN/VAT 11% on the platform fee only; amounts rounded up to IDR integer.
  • Customer charge: grandTotal = totalPrice + platformFee + VAT.
  • Payment release: sends booking.totalPrice to the artist’s Xendit account (platform keeps platformFee + VAT).
  • Payout fees: Xendit payout fee (e.g., IDR 2,500) is borne by the artist and may change over time per Xendit’s current pricing.
  • Artist taxes: artists are responsible for their own taxes on services; platform does not withhold on payouts.
  • Wallets supported: OVO and DANA (via Xendit). Cards not enabled now.
  1. Legal Bases (Indonesia; analogous global principles)
  • Contract necessity: to provide the Services you request (accounts, bookings, payments/payouts).
  • Legitimate interests: platform integrity, fraud/security, service improvement, customer support.
  • Consent: device location “when in use”, notifications at OS level, media uploads; future analytics/marketing if introduced.
  • Legal obligations: tax/accounting, KYC/AML where applicable.
  1. Sharing and Recipients (Processors/Sub‑processors) We share data with service providers under contracts that require appropriate safeguards:
  • Microsoft Azure (East Asia): hosting, DB, logs
  • Cloudflare R2 + Cloudflare CDN: media/object storage and CDN
  • Google Maps SDK: map display and geolocation features
  • APNs / FCM / Expo Notifications: push notifications
  • Xendit XenPlatform: payments, payment hold, refunds, payouts and, where applicable, KYC
  • OVO, DANA: e‑wallet payment rails (through Xendit)
  • Zoho Mail: email services for support/notifications We do not sell personal data.

  1. International Transfers Your data may be processed or stored outside Indonesia (e.g., Azure region, Cloudflare CDN, APNs/FCM infrastructure). We use contractual and technical safeguards appropriate to the transfer and will update this Policy if transfer practices materially change.

  2. Retention

  • Account/profile data: life of account + 30 days for operational close‑out; backups/logs per system cycles
  • Bookings/payments records: 5 years (or longer if legally required)
  • KYC/verification: 5 years after last use (or as required by law)
  • Support tickets: 2 years after resolution
  • Security/usage logs: up to 30 days
  • Device tokens/media/addresses: until removed or account deletion We may retain limited information as required by law or for the establishment, exercise, or defense of legal claims.

  1. Children The Services are intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us at [email protected] for deletion.

  2. Your Rights Subject to applicable law, you may request:

  • Access to your data; correction; deletion
  • Portability (where applicable)
  • Withdrawal of consent (e.g., location permissions) without affecting prior processing
  • Restriction or objection to certain processing (where applicable) How to exercise: use in‑app “Delete Account” in Settings or contact [email protected]. We may ask you to verify your identity before responding. Deletion requests will be honored promptly, subject to legal/financial record‑keeping obligations (e.g., maintaining transaction records for 5 years).
  1. Device Permissions (Mobile)
  • Location (When in Use): to show map and booking locations
  • Photos: to upload profile/service images
  • Camera: to take profile/service images (no background recording)
  • Notifications: transactional booking/payment updates Removed: Calendar, Reminders, Microphone (not used). If we add new permissions, we will request consent and update this Policy.
  1. Safety and Enforcement
  • We may temporarily block automatic payment release via our payment partner while a support ticket is open.
  • Artists who cancel accepted bookings three times (not necessarily consecutively) may be blacklisted until support reactivation.
  • We may suspend/terminate accounts for fraud, abuse, or policy violations (see Terms).

  1. Security We use industry‑standard technical and organizational safeguards (including encryption in transit and access controls) to protect your information. We continually improve our security measures and promptly address potential issues.

  2. Prohibited Content/Services (Summary) This marketplace is for beauty services. Prohibited categories include illegal activities, dangerous or harmful services, medical/clinical procedures requiring licensing, adult/sexual content, and any service violating law or our policies. We may expand permitted categories later (e.g., dog grooming/barber, massage) in line with law and store policies.

  3. Changes to This Policy We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated version at https://beautybell.app/privacy and adjust the “Effective date” above. Where required, we will seek consent for material changes.

  4. Contact

  • Email (General/Support/Privacy): [email protected] If you have concerns about our handling of personal data, please contact us. We will work to resolve your inquiry promptly.
  1. Jurisdiction and Language This Policy is governed by the laws of Indonesia, with exclusive venue in Jakarta. In case of any discrepancy between language versions, the English version controls.
← Back to Home