Privacy Policy

BeautyBind

Effective Date: May 26, 2026
Last Updated: May 26, 2026

This Privacy Policy explains how Verelium, Obrt za računalno programiranje ("we", "us", or "our") collects, uses, stores, and protects personal information when you use BeautyBind (the "Service"), available at https://beautybind.com.

BeautyBind is a software-as-a-service (SaaS) platform designed for businesses and individual professionals.

1. Information We Collect

Account Information — including name, email address, phone number, and business details.
Authentication Information — authentication is managed through Supabase Auth. Passwords are securely hashed and never accessible to us in plain text.
Third-Party Login Information — if you sign in using Google OAuth or another provider, we may receive limited account information such as your name and email address.
Customer Data — users may enter customer information such as names, email addresses, phone numbers, and notes.
Payment Information — payments are processed securely through Paddle.com Market Ltd ("Paddle"), our Merchant of Record and payment processor.
Usage and Analytics Data — including browser type, operating system, public website pages visited, device information, and referral URLs.
Technical Information — including IP address, session information, and security logs.
Cookie and Tracking Information — including cookies and similar technologies used to operate the website and remember preferences.

Users should not upload or submit sensitive personal data (including health data, biometric data, government identification numbers, or similar special-category data) unless legally permitted and strictly necessary.

2. How We Use Information

To provide, maintain, and improve the Service
To create and manage user accounts
To process subscriptions and billing
To provide customer support
To monitor and improve website performance
To detect abuse, fraud, and unauthorized access
To comply with legal obligations
To send service-related communications
To send marketing communications where consent has been provided

3. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

Contractual necessity — to provide the Service and manage subscriptions.
Legitimate interests — to secure, maintain, and improve the Service.
Consent — for analytics cookies and marketing communications where required.
Legal obligations — where processing is required by applicable law.

4. Cookies and Analytics

We use cookies and similar technologies to operate the website and improve user experience.

We use Google Analytics to understand how visitors interact with public pages of the website. Google Analytics is only activated after consent where required by applicable law.

We do not use Google Analytics advertising features, remarketing, or cross-context behavioral advertising.

Cookie preferences are managed using vanilla-cookieconsent. Users may withdraw or modify consent at any time through the cookie preferences settings available on the website.

We may also use browser local storage and similar technologies to improve application performance, remember user preferences, and enhance the functionality of the Service.

5. Third-Party Service Providers

We use trusted third-party providers to operate the Service, including:

Supabase — authentication and database infrastructure
Paddle — subscription billing and payment processing
Fly.io — cloud hosting infrastructure
Cloudflare — security services and Turnstile anti-spam protection
Google Analytics — website analytics

Cloudflare Turnstile may collect technical and behavioral information necessary to distinguish legitimate users from automated requests.

6. Customer Data Processing

Users of the Service may submit personal information relating to their own customers or contacts ("Customer Data").

In such cases, the user submitting the information is responsible for ensuring they have a lawful basis to process that information.

We process Customer Data on behalf of our users in accordance with their instructions and applicable data protection laws.

7. Data Security

Encryption in transit using TLS/SSL
Secure authentication and access controls
Hashed password storage through Supabase Auth
Restricted infrastructure access
PCI-compliant payment processing handled by Paddle

While we use commercially reasonable security measures, no system can guarantee absolute security.

8. International Data Transfers

Most personal data is hosted within the European Economic Area (EEA).

Some service providers may process limited personal data outside the EEA, including in the United States. Where transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

9. Your Rights Under GDPR

If you are located in the EU/EEA, you may have the right to:

Access your personal data
Correct inaccurate information
Request deletion of your data
Restrict or object to processing
Withdraw consent
Request data portability

You may also lodge a complaint with your local supervisory authority. In Croatia, the supervisory authority is the Agencija za zaštitu osobnih podataka (AZOP).

10. Data Retention

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Account information is generally retained while an account remains active. Certain billing and accounting records may be retained longer where required by law.

11. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children.

12. Contact Information

Verelium, Obrt za računalno programiranje
Pino Budićin 19, 52424 Motovun, Croatia
Email: support@beautybind.com

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page together with an updated revision date.