Pháp lý

Chính sách Quyền riêng tư

Có hiệu lực từ May 14, 2026

Lưu ý về ngôn ngữ: Nội dung chính sách bên dưới giữ nguyên bằng tiếng Anh vì đây là phiên bản có giá trị pháp lý. Mình đang chuẩn bị bản dịch tiếng Việt được luật sư review. Nếu anh chị có thắc mắc về bất kỳ phần nào, vui lòng email [email protected] và mình sẽ giải thích cụ thể.

This Privacy Policy explains how Onyx Tech ("Onyx", "we", "us") collects, uses, and shares information when you use Làm Nail POS (the "Service"). We are a business-to-business service: the salons that use our software are our customers, and their customers' data is processed on their behalf.

1. What we collect

Salon staff (managers, technicians):

  • Name, phone number, email address
  • Hashed PIN used to sign in at the chair
  • Role, shift status, and activity within the Service
  • Web push subscription tokens (if you opt in to buzz notifications)

Salon customers (the people who get their nails done):

  • Name, phone number, email address (when provided)
  • Visit history, services received, tips, and notes entered by salon staff
  • Payment metadata returned by Stripe (last 4 digits, card brand, payment timestamp) — we never store full card numbers or CVV

Technical data:

  • IP address, user agent, and request timing for security and rate limiting
  • Error reports from Sentry, with PII (phone numbers, PINs, tokens) automatically scrubbed before transmission

2. How we use it

  • Deliver the Service: visits, scheduling, payouts, checkout, reporting
  • Process payments through Stripe
  • Send transactional SMS via Twilio (receipts, booking confirmations, tech buzz escalations) — never marketing without consent
  • Bill paying salons for the Service
  • Provide customer support when contacted
  • Detect and prevent abuse (rate limiting, fraud signals)
  • Improve the Service through aggregated, de-identified analytics

3. Sub-processors

We rely on a small set of vendors to operate the Service. Each is contractually bound to handle data on our behalf:

  • Supabase — database, authentication, file storage
  • Vercel — application hosting and edge delivery
  • Stripe — payment processing and subscription billing
  • Twilio — transactional SMS and voice
  • Upstash — rate-limiting cache (Redis)
  • Sentry — application error monitoring (PII-scrubbed)
  • Cloudflare — DNS and DDoS protection

We do not sell personal information. We do not share data with third parties for their own marketing.

4. Data retention

While your salon's account is active, we keep the data needed to operate the Service and meet legal and accounting requirements. When a salon's account is terminated, we delete primary data within 30 days. Encrypted database backups are retained on a rolling 7-day window per Supabase's default policy and expire automatically. Aggregated, de-identified analytics may be retained indefinitely.

5. Your choices and rights

If you are a salon customer (a person whose nails were done at a salon using our Service), the salon is the controller of your data. Contact the salon first; we will assist them in honoring requests.

If you are a salon owner or staff member, you may request access, correction, export, or deletion of your data by emailing [email protected]. Depending on your jurisdiction (e.g. California CCPA/CPRA), you may also have the right to opt out of certain processing and to be free from retaliation for exercising these rights.

6. Security

All traffic is encrypted in transit using TLS. Database access is restricted by row-level security policies scoped to each salon. PINs are hashed; payment card numbers never touch our servers and are tokenized by Stripe. We continuously monitor for errors and abuse via Sentry and Upstash rate limiting. No system is perfectly secure; we will notify affected salons of any confirmed material breach without undue delay.

7. Children

The Service is intended for use by businesses. We do not knowingly collect data from anyone under 13. If you believe a child's data has been entered into the Service, contact us and we will work with the relevant salon to remove it.

8. International users

The Service is operated in the United States. By using the Service from outside the U.S., you consent to the transfer and processing of your data in the United States, which may have different data-protection laws than your country of residence.

9. Cookies and tracking

We use only the cookies necessary to keep you signed in and to protect the Service from abuse. We do not use advertising cookies or third-party trackers on the in-app surfaces. The marketing website (lamnailpos.com) may use first-party analytics that do not require consent banners under most jurisdictions.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced in the Service or by email at least 14 days before they take effect.

11. Contact

Privacy questions, access requests, or complaints: email [email protected] or call 323.380.1565. See also our Terms of Service.