Privacy Policy

Who We Are

HairLab Academy is a professional hair care studio and educational institution based in Sacramento, California, operating at 6790 Florin Perkins Rd, Sacramento, CA 95828. For the purposes of this Privacy Policy, "we," "us," and "our" refer to HairLab Academy and its authorized personnel.

We are the data controller for all personal information collected through our website and in the course of our service and educational operations. If you have questions about our data practices, you may contact us at studio@hairlab-academy.com.

What Information We Collect

We collect personal information only to the extent necessary to provide our services, respond to your inquiries, and fulfill our legal obligations. The categories of information we may collect include:

Information You Provide Directly:

• Full name
• Email address
• Phone number (when provided voluntarily)
• Postal address (for correspondence purposes)
• Your inquiry, message content, or stated area of interest
• Health-related information relevant to hair and scalp care (disclosed voluntarily during consultations)
• Professional background and experience level (for academy enrollment)
• Payment information (processed securely through third-party payment processors; we do not store full payment card details)

Information Collected Automatically:

• IP address and general geographic location
• Browser type and version
• Operating system and device type
• Pages viewed on our website and time spent on each page
• Referring website or search query that led you to our site
• Date and time of visits
• Cookies and similar tracking technologies (see our Cookie section below)

How We Use Your Information

We use the personal information we collect for the following purposes:

• Service Delivery: To book, confirm, and perform hair care appointments and to communicate with you about the specifics of your session, treatment plan, or program enrollment.
• Communication: To respond to inquiries submitted through our contact form, answer questions, and provide follow-up information related to your specific situation.
• Academy Administration: To process enrollments, communicate program schedules, deliver course materials, and issue certificates or completion documents.
• Personalization: To tailor our services and treatment recommendations to your individual hair and scalp profile, as assessed during your diagnostic consultation.
• Business Operations: To process payments, manage our appointment schedule, maintain internal records, and ensure the smooth operation of our studio.
• Website Improvement: To analyze how visitors use our website and identify areas for improvement in navigation, content, and user experience.
• Legal Compliance: To comply with applicable laws, regulations, and professional standards, including record-keeping obligations.
• Safety: To protect the health and safety of clients, students, and our team, and to respond to potential risks or incidents.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes under any circumstances.

Legal Basis for Processing

We process your personal information on the following legal bases:

• Performance of a Contract: Where processing is necessary to deliver the services or programs you have engaged us to provide.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, maintaining website security, and conducting internal analytics, provided these interests are not overridden by your rights.
• Consent: Where you have provided explicit consent to specific processing activities, such as receiving non-essential communications. You may withdraw this consent at any time.
• Legal Obligation: Where processing is required to comply with applicable laws or professional regulations.

Sharing Your Information

We do not share your personal information with third parties except in the following limited circumstances:

• Service Providers: We may share your information with trusted third-party vendors who assist us in operating our website and business, such as payment processors, booking software providers, and website hosting services. These providers are contractually required to maintain the confidentiality and security of your data and are prohibited from using it for any other purpose.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transitions: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change through a prominent notice on our website.
• With Your Consent: We may share your information with additional third parties with your explicit prior consent.

Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve any disputes, and enforce our agreements. Retention periods vary based on the nature of the information:

• Client consultation and treatment records are retained for a minimum of three (3) years following your last appointment, in compliance with applicable professional and regulatory requirements.
• Academy enrollment and certification records are retained for a minimum of seven (7) years.
• Contact form submissions and general correspondence are retained for a maximum of two (2) years unless related to an ongoing matter.
• Website analytics data is retained in aggregated and anonymized form and is not subject to deletion timelines.

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with any individual.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze site usage, and support certain website functionalities. A cookie is a small text file placed on your device when you visit a website. Cookies do not contain personal information on their own but may be linked to personal information you have provided.

We use the following types of cookies:

• Strictly Necessary Cookies: These are essential for the website to function correctly and cannot be disabled. They enable basic features such as page navigation and access to secure areas of the site.
• Performance and Analytics Cookies: These cookies collect anonymous information about how visitors use our website, which pages are most visited, and whether any errors occur. This information helps us improve the website's performance and user experience.
• Functionality Cookies: These cookies allow the website to remember choices you make and provide enhanced, personalized features such as storing form progress or language preferences.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and set preferences for specific websites. Note that disabling certain cookies may affect the functionality of our website.

Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted through our website
• Access controls limiting data access to authorized personnel only
• Secure password policies and authentication practices for staff accounts
• Regular review of data handling procedures and security practices
• Use of reputable, security-compliant third-party service providers

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected individuals and relevant authorities in the event of a data breach, in accordance with applicable law.

Your Rights and Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Erasure: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Restrict Processing: You may request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You may request that we provide you with a copy of your personal information in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal information where we rely on legitimate interests as our legal basis.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the information provided at the end of this document. We will respond to all verified requests within thirty (30) days. In some cases, we may need to verify your identity before processing your request.

Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at studio@hairlab-academy.com, and we will take steps to delete such information from our systems promptly.

Clients under the age of 18 must have a parent or legal guardian present during any in-studio service or consultation, and any academy enrollment for individuals under 18 must be authorized in writing by a parent or legal guardian.

Third-Party Links

Our website may contain links to third-party websites, platforms, or services that are not operated or controlled by HairLab Academy. This Privacy Policy applies only to information collected through our own website and services. We are not responsible for the privacy practices, content, or data collection policies of any third-party websites.

We encourage you to review the privacy policy of every website you visit before providing any personal information. The inclusion of a link to a third-party website on our site does not imply endorsement of that site's privacy practices or content.

International Data Transfers

HairLab Academy is based in the United States and primarily serves clients and students within the United States. If you access our website or provide personal information to us from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website or providing your information, you consent to such transfer, storage, and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed or stored.

Changes to This Privacy Policy

HairLab Academy reserves the right to update or modify this Privacy Policy at any time, at our sole discretion. When we make material changes, we will update the "Last Updated" date at the top of this page. We may also, at our discretion, notify you of significant changes via email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services following the posting of any modifications constitutes your acknowledgment of the updated Privacy Policy and your agreement to be bound by its terms.

If you disagree with any changes to this Privacy Policy, you should discontinue use of our website and services and contact us to request deletion of your personal information, subject to any applicable legal retention requirements.