Privacy Policy

Last updated: 1 January 2025

Summary: Trimly collects business and operational data to provide its salon management service. We do not sell your data. Business data is isolated per account using row-level security. You can request deletion at any time.

This Privacy Policy describes how Trimly (“we”, “us”, “our”) collects, uses, and protects information when you use our salon and spa management software, including the web admin dashboard, POS application, and related services (collectively, the “Service”).

By using Trimly, you agree to the collection and use of information as described in this policy. If you are using Trimly on behalf of a business, you confirm you have authority to agree to these terms on that business's behalf.

1. Information we collect

Account and business information

When you register a business account, we collect your name, email address, business name, business type, location, and billing information. This is necessary to create and manage your account.

Operational data you enter

In the course of using Trimly, you and your staff will enter:

  • Client records — names, phone numbers, email addresses, appointment history, preferences, and notes
  • Staff records — names, roles, PIN codes (stored hashed), and commission information
  • Appointment and transaction records
  • Service, product, and inventory data
  • Loyalty program enrollments and points balances
  • Gift card issuances and redemptions

This data belongs to your business. You control it. We process it only to provide the Service.

Device and technical data

When you use the POS application, we collect device identifiers, app version, platform type, and last-seen timestamps for device management and support. We do not access device microphones, cameras, or location data beyond what is explicitly required for a feature you initiate.

Usage data

We collect anonymised data on how the Service is used — features accessed, error reports, and performance metrics — to improve the platform. This data does not identify individual users or businesses.

2. How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the Trimly platform
  • Process transactions and billing
  • Authenticate users and manage permissions
  • Provide customer support and respond to enquiries
  • Send service-related communications (e.g. trial expiry notices, billing receipts)
  • Improve and develop new features based on aggregated usage patterns
  • Comply with legal obligations

We do not use your business's client data for marketing, profiling, or any purpose other than operating the Service.

3. Data storage and security

Trimly's cloud infrastructure is hosted on Supabase. All data is encrypted in transit (TLS 1.2 or later) and at rest (AES-256).

Each business's data is protected by row-level security (RLS) at the database level, meaning your data is cryptographically isolated from all other businesses on the platform.

The offline POS stores data locally on the device using an encrypted local database. Data syncs to the cloud when connectivity is available.

If you become aware of any security vulnerability, please contact us at security@trimlyos.com.

4. Sharing your information

We do not sell, rent, or trade your personal or business data. We share data only in these limited circumstances:

  • Service providers: We work with third-party providers to operate the Service (e.g. Supabase for database hosting, Flutterwave for payment processing). These providers are contractually bound to protect your data and may not use it for their own purposes.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business transfer: In the event of a merger or acquisition, customer data may be transferred. We will notify you in advance via email and prominently on our website.

5. Data retention

We retain your business account data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow you to export or reactivate. After 90 days, data is permanently deleted.

You may request earlier deletion at any time by contacting hello@trimlyos.com. Deletion requests are processed within 30 days.

Some data may be retained for longer where required by law (e.g. financial transaction records).

6. Your rights

You may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain types of processing

To exercise any of these rights, contact us at hello@trimlyos.com. We will respond within 30 days.

7. Cookies and tracking

The Trimly web application uses strictly necessary cookies for authentication (session management) and preference storage (e.g. selected branch). We do not use advertising cookies, tracking pixels, or third-party analytics that identify individual users.

You can configure your browser to refuse cookies, but this may affect your ability to use certain features of the Service.

8. Children's privacy

The Trimly Service is intended for use by businesses and adults over the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting a notice on the Trimly admin dashboard at least 14 days before the change takes effect.

10. Contact us

For privacy-related enquiries, data requests, or to report a concern: