Effective: 10 February 2026

Privacy Policy

Introduction

At Photonsoft Pty Ltd (ABN 67 656 104 559), an Australian company based in Sydney, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information provided by users of our software (the "Service") and complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the General Data Protection Regulation (GDPR) where applicable. By accessing and using our Service, you agree to the terms and conditions of this Privacy Policy, and you consent to the collection, use, and disclosure of your personal information as described below. If you do not agree with this Privacy Policy, please do not use the Service.

Information we collect

We collect the following types of information when you use our Service:

  1. Personal Information: This includes information you provide to us directly or indirectly, such as your name, email address, phone number, and salon information (e.g., name, address, and services offered). We collect this information when you create an account, make a booking, or otherwise interact with our Service.

  2. Usage Information: We collect information about how you use the Service, including the pages you visit, the features you use, and the time you spend on the Service. We may use cookies and other tracking technologies to gather this information.

How we use your information

We use your personal information for the following purposes:

  1. To provide, maintain, and improve the Service, including responding to your inquiries and providing customer support.

  2. To personalise your experience by customising the content, features, and advertisements you see on the Service.

  3. To communicate with you about updates, promotions, and other marketing materials related to the Service.

  4. To protect the security and integrity of the Service and our users' information, and to prevent and detect fraud, security breaches, and other harmful activities.

  5. To comply with legal obligations and enforce our Terms of Service.

We will never sell your personal information to third parties.

Legal basis for processing

We process your personal information based on one or more of the following legal bases:

  1. Your consent, such as when you voluntarily provide us with your personal information.

  2. Performance of a contract, such as when we need to process your personal information to fulfil our obligations under the Terms of Service.

  3. Our legitimate interests, such as improving our Service, maintaining security, and providing customer support.

  4. Compliance with legal obligations, such as responding to lawful requests from authorities.

Sharing your information

We may share your personal information with third parties in the following circumstances:

  1. With your consent, such as when you choose to share your information with a third-party service integrated with our Service.

  2. With service providers who perform functions on our behalf, such as payment processing, data storage, and email delivery. These service providers are prohibited from using your information for purposes other than providing services to us.

  3. In response to a legal request, such as a court order, subpoena, or government investigation, or to comply with applicable laws and regulations.

  4. In connection with a merger, acquisition, or sale of all or a portion of our assets, in which case your information may be transferred to the new owner.

Third-party service providers

We use the following categories of third-party service providers to operate and improve the Service. These providers process personal information on our behalf and are contractually obligated to protect your data:

  1. Analytics and session recording: We use PostHog for product analytics, event tracking, feature flags, and session recording. Session recordings capture your interactions with the Service, including mouse movements, clicks, scrolling, page views, navigation patterns, and text typed into form fields. Sensitive input fields (such as passwords and payment details) are automatically masked and are not captured. Recordings are used solely to improve the user experience and diagnose technical issues. We do not share session recordings with third parties. You can opt out of session recording at any time by contacting us at hello@bellabooking.com.

  2. Customer support: We use Intercom to provide in-app customer support and messaging. When you use the Service, Intercom may collect your name, email address, conversation history, and usage data (such as pages visited and actions taken) to enable proactive support and personalised help. Intercom sets its own cookies to provide this functionality.

  3. Error monitoring: We use Sentry to detect and diagnose software errors. When an error occurs, technical information about the error (including browser type, device information, and the actions leading to the error) may be transmitted to Sentry.

  4. Payment processing: We use Stripe to process payments and manage subscriptions. Stripe processes your payment information directly and is PCI DSS compliant. We do not store your full credit card details on our servers.

  5. Authentication: We use Auth0 to manage user authentication and account security.

  6. Communications: We use Twilio for SMS notifications (such as appointment reminders) and SendGrid for email delivery. These providers process phone numbers and email addresses as necessary to deliver messages on our behalf.

  7. Cloud infrastructure: We use Microsoft Azure for data storage, hosting, and AI-powered features. Your data may be stored on Azure servers located outside your country of residence.

Cookies and tracking technologies

We use cookies and similar technologies to operate and improve the Service. These include:

  1. Essential cookies: Required for the Service to function, including authentication and session management.

  2. Analytics cookies: Used by PostHog to understand how users interact with the Service and to improve user experience.

  3. Support cookies: Used by Intercom to provide customer support functionality.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

Account access for support

Authorised Bella Booking support personnel may access your account when reasonably necessary to respond to support requests, troubleshoot technical issues, perform maintenance, or ensure compliance with our terms. Such access is limited to what is necessary, logged for accountability, and our personnel are bound by confidentiality obligations. For further details, please refer to the Account Access for Support section in our Terms and Conditions.

Data breach notification

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme of the Privacy Act 1988 (Cth). Where applicable, we will also comply with GDPR breach notification requirements.

Data retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you cancel your account, we will delete your data within 90 days, except where we are required to retain it for legal, accounting, or regulatory purposes. Backup copies may be retained in encrypted form for a limited period after deletion. Analytics and aggregated data that cannot identify you may be retained indefinitely.

International data transfers

As an Australian company, we comply with Australian Privacy Principle 8 (APP 8) regarding cross-border disclosure of personal information. Some of our third-party service providers are located overseas, including in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure they comply with the APPs or are subject to a substantially similar privacy framework. Where applicable, we also implement Standard Contractual Clauses or other safeguards approved by the European Commission for transfers outside the European Economic Area (EEA).

Your rights under the GDPR

Under the GDPR, you have the following rights regarding your personal information:

  1. Access: You have the right to request access to the personal information we hold about you.

  2. Rectification: You have the right to request correction of any inaccurate personal information we hold about you.

  3. Erasure: You have the right to request the deletion of your personal information under certain circumstances, such as when the data is no longer necessary for the purposes it was collected or when you withdraw your consent.

  4. Restriction of processing: You have the right to request that we restrict the processing of your personal information under specific circumstances, such as when you contest the accuracy of the data or when the processing is unlawful.

  5. Data portability: You have the right to request that we provide you with a copy of your personal information in a structured, commonly used, and machine-readable format, or that we transfer it directly to another data controller, where technically feasible.

  6. Objection: You have the right to object to the processing of your personal information for direct marketing purposes or when the processing is based on our legitimate interests.

  7. Automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

  8. Withdraw consent: If we process your personal information based on your consent, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of the processing before the withdrawal.

To exercise any of these rights, please contact us using the contact information provided below.

Your rights under Australian privacy law

In addition to the rights listed above, as an Australian user you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Photonsoft Pty Ltd is bound by the APPs and is committed to handling your personal information in accordance with these principles.

Under the APPs, you have the right to:

  1. Request access to the personal information we hold about you (APP 12).
  2. Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13).
  3. Make a complaint to us about a breach of the APPs, and if unsatisfied with our response, lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

We will not disclose your personal information to overseas recipients without your consent or unless required by Australian law. Where we do transfer data internationally, we take reasonable steps to ensure the overseas recipient complies with the APPs.

Security

We take reasonable measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee the absolute security of your information.

Third-party links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing them with your personal information.

Children's privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without appropriate consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us immediately.

Changes to this privacy policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on our website and update the effective date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

Contact us

If you have any questions or concerns about this Privacy Policy, your rights under applicable privacy laws, or our privacy practices, please contact us or email us at: Photonsoft Pty Ltd (ABN 67 656 104 559).

hello@bellabooking.com

Last updated: 10 February 2026