Privacy Policy

1. Introduction

Sicus Media ("we", "our", or "us") operates the Sicus Media salon management platform at app.sicusmedia.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services, including any integrations with third-party services such as Google APIs.

2. Information We Collect

We may collect the following types of information:

• Account information: name, email address, and password when you create an account.
• Salon data: business name, address, phone number, operating hours, and services offered.
• Client data: names, phone numbers, appointment history, and preferences stored by salon owners.
• Booking data: appointment details, service selections, and scheduling information.
• Usage data: pages visited, features used, and general interaction with the platform.

3. Google API Data

When you choose to connect your Google account, we may access the following data through Google APIs with your explicit consent via OAuth:

• Google Business Profile: your business listing information, reviews, ratings, and business details to help you manage your online presence from within the Sicus Media dashboard.
• Google Ads: your advertising campaign data, performance metrics, and ad spend information to provide advertising insights and reporting within the platform.

How we use Google data: Data obtained from Google APIs is used solely to display relevant information within your Sicus Media dashboard and to provide analytics and management features. We do not use Google data for any purpose other than providing and improving the specific features you have connected.

You can disconnect at any time. You may revoke Sicus Media's access to your Google account at any time through your Google Account permissions page or through the Settings page within Sicus Media. Upon disconnection, we will stop accessing your Google data and delete any cached Google data within 30 days.

4. Google API Services — Limited Use Disclosure

Sicus Media's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve the user-facing features that are visible and prominent in our application's user interface.
• We do not transfer Google user data to third parties unless necessary to provide or improve user-facing features, to comply with applicable laws, or as part of a merger, acquisition, or asset sale with prior notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
• We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.

5. How We Use Your Information

• Provide and maintain the salon management platform.
• Send appointment confirmations, reminders, and notifications via SMS or email.
• Process bookings made through the public booking page.
• Generate reports and analytics for salon owners.
• Display Google Business Profile reviews and Google Ads metrics within the dashboard (when connected).
• Improve our services and user experience.
• Communicate updates, promotions, or support messages.

6. Data Sharing

We do not sell your personal information. We may share data with trusted third-party services solely to operate the platform:

• Twilio — for sending SMS notifications.
• Resend — for sending email notifications.
• Vercel — for hosting and infrastructure.
• OpenAI — for AI-powered features (business insights, image generation). Data sent to OpenAI is limited to the minimum required for each feature and is not used to train AI models.
• Google APIs — when you connect your Google account, data flows between Sicus Media and Google to provide integration features. Google data is never shared with any other third party.

7. Data Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), secure database hosting, and JWT-based authentication with session expiry. OAuth tokens for Google integrations are stored securely and encrypted at rest. However, no method of transmission over the internet is 100% secure.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Google API data is cached temporarily to improve performance and is refreshed on each access. You may request deletion of your account and all associated data (including any cached Google data) by contacting us. Upon account deletion, all your data will be permanently removed within 30 days.

9. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Revoke any third-party access (e.g., Google Business Profile, Google Ads) at any time through your Google Account settings or within the Sicus Media platform.
• Opt out of non-essential communications.

10. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking or advertising cookies.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. If we make material changes to how we handle Google user data, we will notify affected users by email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at info@sicusmedia.com.