App Privacy Policy
This Privacy Policy explains how Jessica Vegas Professional Hair & Makeup Artist ("Jessica Vegas", "we", "our", or "us") collects, uses, stores, shares, and protects personal information across our website, client portal, team portal, bridal app, team app, communications systems, and connected social media tools. This policy is intended to cover our Shopify website, our Google Apps Script CRM, our client-facing and team-facing mobile and web apps, and connected messaging and social integrations.
1. What this policy applies to
This policy applies to information collected through:
- Website and store: jessicavegas.com, Shopify storefront pages, product pages, checkout, forms, and customer accounts
- Client-facing services: bridal enquiry flows, proposal and booking experiences, client portal, bridal suite, support forms, invoices, runsheets, and related mobile app features
- Team-facing services: team app, schedules, runsheets, operational dashboards, and internal collaboration tools
- Communications channels: email, SMS, Instagram direct messages, Facebook Messenger, contact forms, support messages, and notification workflows
- Connected services: Google Workspace, Shopify, Meta, Stripe, Xero, Apple services, and approved automation or AI-assisted workflows used to support operations
2. The information we collect
Depending on how you interact with us, we may collect:
- Identity information such as your name, email address, phone number, wedding date, event location, and role in a booking
- Booking and service information such as requested services, bridal party details, timeline details, trial notes, artist allocation details, invoices, payments, and booking history
- Communications content such as emails, SMS messages, portal support messages, direct messages, contact form submissions, and internal notes linked to servicing your booking or enquiry
- Account and access information such as login email, booking code, app session records, device and session metadata, and activity related to authenticated portal use
- Uploaded or linked content such as inspiration images, files, forms, profile images, and assets you choose to provide. Where you upload photos or images through the app, those files are stored in your designated client folder on Google Drive, managed by us on your behalf, and used solely to deliver your booked services.
- Social and messaging identifiers such as Instagram, Facebook, or other messaging account identifiers when you contact us through those channels
- Technical information such as browser type, device type, timestamps, page interactions, IP-related diagnostics, and operational logs reasonably required for security and support
- Electronic signature data such as your drawn or typed signature image, full name as entered at time of signing, IP address, browser information, and acceptance timestamp, collected when you sign a proposal or service agreement electronically through our online booking or proposal system
3. How we use your information
We use personal information to operate and improve our business, including to:
- Respond to enquiries, quotes, and bookings
- Prepare proposals, contracts, invoices, runsheets, schedules, and client support responses
- Operate client-facing and team-facing apps, portals, and dashboards
- Coordinate communications across email, SMS, and social messaging channels
- Provide customer support, appointment reminders, service updates, and operational notifications
- Process payments, bookkeeping, reconciliation, and related financial administration
- Manage team operations, staffing, scheduling, and day-of-service coordination
- Protect our systems, prevent misuse, investigate incidents, and maintain service quality
- Create approved marketing or social content using business-owned or properly authorised assets
- Record and store electronic signatures and acceptance data as a legally binding record of agreement to our service terms, in accordance with the Electronic Transactions Act 1999 (Cth) and the Electronic Transactions Act 2000 (NSW)
4. AI-assisted communications and social tools
We may use AI-assisted tools and automation to help draft communications, triage messages, suggest social captions, organise support workflows, and streamline operational tasks. These tools are used to assist our team, not to replace human accountability. We do not intentionally use AI tools to make binding legal, payment, or booking decisions without human review.
Where we use AI-assisted workflows, they may process limited business and communications content necessary to generate drafts, summaries, classifications, or suggested responses. Examples may include approved workflows involving OpenAI, Anthropic, Google, Meta, Apple automation, or other internal tools we authorise for business operations.
5. Social media, messaging, and Meta-connected features
If you contact us through Instagram or Facebook, we may receive and store information supplied through those platforms, including your message content, timestamps, attachments, and platform-scoped identifiers needed to respond and keep a service history. We may also connect these messages to an existing client record where appropriate to support your booking or enquiry.
If our business uses social-media-related app features such as content drafting, posting assistance, direct message handling, webhook integrations, or business inbox automation, those features operate under this Privacy Policy as part of our communications and operational systems.
6. SMS and phone communications
If you provide a phone number, we may use it for service-related SMS, booking updates, reminders, support replies, or other business communications connected to your enquiry or booking. Marketing SMS, if used, will only be sent in accordance with applicable consent and unsubscribe requirements.
7. Payments and financial systems
Payments may be processed through Shopify, Stripe, Xero, or other approved finance providers used by our business. We do not store full card details in our own app systems. Payment processors handle payment information in accordance with their own privacy and security practices.
8. App authentication
Our mobile app authenticates users via Shopify's customer account system. When you log in, we use your Shopify customer email and account session to verify your identity and determine what features and content you can access within the app. We do not use separate usernames or passwords outside of the Shopify account infrastructure. Your session is managed by Shopify in accordance with Shopify's Privacy Policy.
9. Photos, camera, and device permissions
Certain features of our app (such as uploading a profile photo or inspiration images) may request access to your device's photo library or camera. We only request these permissions when you actively use a feature that requires them. We do not access your camera or photo library in the background, and we do not use photos for any purpose other than the specific upload action you initiate. Uploaded files are stored in Google Drive as described above. You can manage app permissions at any time through your device settings.
Our app does not request access to your precise or approximate GPS location. Venue address search features use text-based address lookup (Google Places) only. Your device location is never accessed or transmitted.
10. Advertising and tracking
We do not use your personal information for advertising, cross-app tracking, or targeted marketing through third-party ad networks. We do not share data with advertising platforms for the purpose of serving you ads. Any analytics or operational data collected through our app is used solely to operate and improve our services for you.
11. Cookies, analytics, and app activity
Our website, portals, and apps may use cookies, session storage, authentication cookies, analytics, and similar technologies to support login, security, functionality, performance monitoring, and service improvement.
Push notifications
Our mobile app uses OneSignal to send push notifications to your device. OneSignal may collect your device push token, notification delivery status, and engagement data in order to deliver and manage notifications on our behalf. Push notification data is used solely to send you service-related updates, booking reminders, and operational communications relevant to your account. You can manage or disable push notifications at any time through your device notification settings (iOS: Settings > Notifications; Android: Settings > Apps). For more information, see OneSignal's Privacy Policy.
12. How we share information
We may share information with trusted service providers and platforms only where reasonably necessary to operate the business, including providers such as Shopify, Google, Meta, Stripe, Xero, Apple, and approved communications or automation tools. We may also share information with assigned team members, contractors, or artists where necessary to deliver booked services and coordinate operational work.
We do not sell personal information as a standalone product.
13. Data retention
We retain information for as long as reasonably necessary to operate the business, support current and historical bookings, meet legal or tax obligations, resolve disputes, maintain internal records, or protect the business from misuse. Different categories of data may be retained for different periods depending on operational and legal requirements.
14. Data deletion and your rights
You may request access, correction, or deletion of personal information we hold about you, subject to legal, operational, and contractual limitations. Some information may need to be retained where required for tax, accounting, dispute handling, fraud prevention, or legitimate business recordkeeping.
For app, portal, or Meta-connected data requests, contact us at hello@jessicavegas.com. If a deletion request is submitted through a Meta platform integration, we will process it through our registered data deletion workflow and provide a confirmation reference where applicable.
15. Security
We take reasonable technical and organisational steps to protect personal information. However, no internet-based platform or storage method can be guaranteed to be completely secure.
16. International and third-party services
Because we use third-party platforms and cloud services, your information may be processed or stored in countries outside your local jurisdiction, subject to the practices of those providers.
17. Children
Our services are not directed to children under 13, and we do not knowingly collect personal information from children through our apps or website except where information is provided by a parent, guardian, or booking contact in connection with legitimate event services.
18. Updates to this policy
We may update this Privacy Policy from time to time. The latest version will be posted on our website and, where appropriate, linked from our app or business integrations.
19. Contact us
If you have privacy, data, or account-related questions, contact Jessica Vegas Professional Hair & Makeup Artist at hello@jessicavegas.com.