Privacy Policy

1. Introduction

Welcome to YourClaws ("we," "our," or "us"). We are a nail salon service operated in the United States, serving clients in Malang, Indonesia. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services.

This Privacy Policy complies with:

• Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP)
• Indonesian Law No. 11 of 2008 on Electronic Information and Transactions (UU ITE), as amended
• U.S. applicable state privacy laws

2. Information We Collect

2.1 Information You Provide

We collect the following personal information when you use our services:

• Booking Information: Full name, email address (optional), phone number with country code, service type, preferred appointment date and time, and optional notes or design requests
• Contact Form: Full name, email address, phone number with country code (optional), and message content
• Reviews: Your name, rating, review text, and optional images (up to 5 images, JPEG, PNG, GIF, or WebP format, max 10MB per image)
• Language Preference: Your selected language (English or Indonesian)

2.2 Automatically Collected Information

We automatically collect certain information when you visit our website:

• Analytics Data: Page visits, visit dates, language preferences, and visit counts
• Technical Data: IP address, browser type, and device information (for admin session security)
• hCaptcha Verification: CAPTCHA tokens to prevent spam and automated submissions

3. How We Use Your Information

We use your personal information for the following purposes:

• Appointment Management: To process and confirm your bookings, send appointment reminders, and manage scheduling
• Communication: To send booking confirmations via WhatsApp and email, respond to your inquiries, and request reviews after services
• Service Improvement: To analyze usage patterns, improve our website and services, and track popular services
• Review Management: To display customer reviews on our website (after approval)
• Security: To prevent fraud, spam, and unauthorized access to our systems
• Legal Compliance: To comply with applicable laws and regulations

4. How We Share Your Information

We may share your personal information with the following third parties:

4.1 Service Providers

• WhatsApp: For sending booking confirmations and review requests to your phone number (+62 882-9108-4467 for confirmations)
• Email Service: For sending email confirmations and communications via mailer.yourclaws.com
• hCaptcha: For spam prevention and bot detection on our forms
• Instagram Graph API: For displaying our gallery images from @aidayum_

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Storage and Security

Your data is stored on servers operated in the United States. We implement reasonable security measures to protect your personal information, including:

• Secure database storage (MariaDB/MySQL with UTF8MB4 encoding)
• Password-protected admin access with session-based authentication
• HTTPS encryption for data transmission
• Email authentication (DKIM, SPF, DMARC) for secure communications
• hCaptcha verification to prevent automated abuse
• Session tracking with IP address and user agent logging for security monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for the following periods:

• Appointment Records: Retained indefinitely for business records and analytics
• Contact Messages: Retained indefinitely or until you request deletion
• Reviews: Retained indefinitely while published on our website
• Admin Sessions: Session data expires after 2 years of inactivity
• Review Tokens: Expire after 30 days from appointment completion
• Analytics Data: Retained indefinitely for business insights

You may request deletion of your personal information at any time by contacting us (see Section 11).

7. Your Rights (Indonesian Data Subjects)

Under Indonesian Personal Data Protection Law (UU PDP), you have the following rights:

• Right to Access: Request information about what personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain conditions
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to File a Complaint: File a complaint with the Indonesian Data Protection Authority

To exercise any of these rights, please contact us at [email protected] or WhatsApp +62 882-9108-4467.

8. Cookies and Tracking Technologies

Our website uses cookies for the following purposes:

• Session Cookies: To maintain admin login sessions (httpOnly, sameSite: strict, 2-year expiration)
• Analytics: To track page visits and understand user behavior

You can control cookies through your browser settings. However, disabling cookies may affect website functionality.

9. Third-Party Links and Trademarks

Our website may contain links to third-party websites and services, including:

• Instagram (@aidayum_)
• WhatsApp
• Email providers

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

9.1 Trademark Usage

Our website displays the official logos and brand marks of WhatsApp and Instagram for the purpose of linking to our business presence on these platforms. These trademarks are the property of their respective owners:

• WhatsApp: WhatsApp and the WhatsApp logo are trademarks of WhatsApp LLC, a Meta company.
• Instagram: Instagram and the Instagram logo are trademarks of Instagram LLC, a Meta company.

The use of these logos does not imply endorsement by WhatsApp, Instagram, or Meta. We use these marks solely to identify our official business accounts on these platforms and to provide convenient links for our customers to contact us.

10. Children's Privacy

Our services are not intended for children under 13 years of age (or 16 in Indonesia). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this policy and may notify you via email or website notice.

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

13. International Data Transfers

Your personal information may be transferred to and processed in the United States, where our servers are located. By using our services, you consent to the transfer of your information to the United States, which may have different data protection laws than Indonesia.

We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy and applicable laws, regardless of where it is processed.

14. Consent

By using our website and services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services.

For Indonesian users: In accordance with UU PDP, we obtain your explicit consent when collecting sensitive personal data. You may withdraw your consent at any time by contacting us.