🔥 You’re Early! The First 99 Shops Get 33% OFF — For Life

Join the First 99!

Title: Salon Ring — Data Processing Addendum
Last Updated: Oct 15,2025

1) Parties & Roles
Customer is Controller; Salon Ring is Processor when handling personal data on your instructions to deliver the Services.

2) Subject Matter, Duration, Nature & Purpose
Processing caller/business data to route calls/SMS, record/transcribe, analyze, and perform booking actions in third-party schedulers (e.g., Booksy) for the term of your agreement and any wind-down period.

3) Personal Data & Data Subjects
Data subjects: your staff and callers. Data: names, contact info, caller ID, call audio/recordings/transcripts, SMS/MMS content/metadata, booking details, configuration data. No special category data should be submitted.

4) Instructions
Processor acts only on Controller’s documented instructions, including for transfers, unless law requires otherwise (we’ll notify where permitted).

5) Confidentiality
Authorized personnel are bound by confidentiality.

6) Security
Processor implements appropriate technical/organizational measures (see Annex II).

7) Subprocessors
General authorization to use subprocessors listed in Annex III (and successors providing the same or similar services). We remain liable for their performance and will notify of material changes to allow reasonable objections.

8) International Transfers
If processing outside an adequacy jurisdiction, the parties rely on valid transfer mechanisms (e.g., EU SCCs Module 2 incorporated by reference; UK Addendum/IDTA as applicable).

9) Assistance
We’ll assist with data subject requests, DPIAs, and breach notifications considering the nature of processing and information available.

10) Personal Data Breach
We’ll notify without undue delay after becoming aware and provide information reasonably required to support your notifications.

11) Audits
Once per year on reasonable notice, we’ll provide information and allow audits by you or an independent auditor under confidentiality, limited to facilities/docs relevant to the Services.

12) Deletion/Return
Upon termination, we’ll delete or return personal data (your choice) within a reasonable time unless law requires retention; backups are overwritten on normal cycles.

13) Liability; Order of Precedence
Liability per the main agreement; this DPA controls for data protection conflicts.

Annex I — Details of Processing
Exporter: Customer (Controller). Importer: Salon Ring (Processor). Activities: Sections 1–3. Frequency: continuous. Duration: term + wind-down. Transfers: as needed to subprocessors/regions.

Annex II — Security Measures (summary)
Governance & access controls (MFA/least privilege), encryption in transit/at rest, network security & monitoring, secure development & secrets mgmt, backups/DR, incident response, vendor risk mgmt, customer controls (disable recordings, retention windows, deletion tools).

Annex III — Authorized Subprocessors (illustrative; subject to update)
Telephony & SMS: Twilio (or equivalent); AI runtime/orchestration & LLMs: Vapi; OpenAI (or alternatives you or we configure); Cloud: AWS/GCP/Azure; Payments: Stripe; Analytics/monitoring; Email/SMS delivery; Support tools. We’ll maintain an up-to-date list upon request or published URL and notify of material changes.

Contact: [email protected] / [email protected]