Privacy Policy
Last updated: 3 July 2026
Hivance (hivance.app) is a salon management platform that is a proprietary brand owned and operated by Shantanu Awate, an individual operating under the laws of India, with a principal place of business at Otur, Pune, Maharashtra, 412409, India ("Operator", "we", "us", or "our").
We are committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform and services.
This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).
1. Information We Collect
1.1 Information You Provide
- Account Information: Phone number, name, email address (optional), and business details during registration.
- Organization Data: Salon name, address, business type, number of branches, and staff details.
- Customer Records: Customer names, phone numbers, visit history, service preferences, and notes as entered by you.
- Financial Data: Transaction records, service pricing, staff commission configurations, and revenue data as entered by you.
- Communications: Messages sent via the WhatsApp automation feature, support requests, and feedback.
1.2 Information Collected Automatically
- Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
- Device Fingerprinting: For fraud prevention and payment security, our authorized payment aggregator may collect dynamic device fingerprints including device attributes, browser configuration, and hardware identifiers. This data is processed securely and used solely for transaction authentication and fraud detection.
- Usage Data: Pages visited, features used, time spent, click patterns, and interaction logs.
- Network Information: IP address, approximate geolocation (city-level), and internet service provider.
- Performance Data: App load times, error reports, and crash logs for service improvement.
1.3 Information from Third Parties
- Payment Processor: Our authorized payment aggregator provides us with transaction status, payment method type (not full card numbers), and billing confirmations.
- Authentication Services: Firebase Authentication provides verified phone number confirmation.
2. How We Use Your Information
- Service Delivery: To provide, maintain, and improve the platform and its features.
- Authentication & Security: To verify your identity, secure your account, and prevent unauthorized access.
- Payment Processing: To process subscription payments, generate invoices, and manage billing cycles via authorized third-party payment aggregators.
- Communication: To send service notifications, subscription alerts, feature updates, and respond to support queries.
- WhatsApp Automation: To deliver appointment reminders, follow-up messages, and promotional communications on your behalf to your customers.
- AI Features: To provide business insights, recommendations, and analytics through our AI assistant. Your data may be processed by Google AI services in anonymized form.
- Fraud Prevention: To detect and prevent fraudulent transactions, unauthorized access, and abuse of the Service.
- Analytics: To understand usage patterns, improve features, and enhance user experience.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
3. Data Storage & Security
- Your data is stored on secure cloud infrastructure provided by Supabase (hosted on AWS), with servers located in the Mumbai (ap-south-1) region, ensuring data residency within India.
- All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.
- We implement Row Level Security (RLS) policies ensuring complete data isolation between different salon organizations.
- Access to production databases is restricted to authorized personnel only, with audit logging enabled.
- We conduct periodic security assessments and maintain incident response procedures.
- Payment-related data (card numbers, bank account details) is never stored on our servers. All payment processing is handled by our authorized third-party payment aggregator in compliance with PCI-DSS standards.
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
- Payment Processing: With our authorized payment aggregator for processing subscription payments and detecting fraud.
- Messaging Services: With WhatsApp Business API providers for delivering automated messages to your customers.
- AI Processing: With Google AI services for generating business insights (data is anonymized before processing).
- Legal Requirements: When required by law, court order, or government authority under applicable Indian law.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to users.
- With Your Consent: In any other circumstances where you provide explicit consent.
5. Cross-Border Data Transfer
Your primary data is stored within India (AWS Mumbai region). However, certain third-party services (such as Google AI for analytics) may process anonymized data outside India. Such transfers are conducted in compliance with Section 16 of the DPDPA 2023 and only to jurisdictions not restricted by the Central Government. We ensure appropriate safeguards are in place for any cross-border data processing.
6. Data Retention
- Active Accounts: Your data is retained for as long as your account is active and you maintain a subscription.
- Post-Cancellation: After account cancellation, your data is retained for 30 days to allow recovery. After 30 days, data is permanently deleted from active systems.
- Backups: Data may persist in encrypted backups for up to 90 days after deletion from active systems.
- Legal Obligations: Financial transaction records are retained for 8 years as required under the Income Tax Act, 1961 and GST regulations.
- Anonymized Data: Aggregated, anonymized data that cannot identify individuals may be retained indefinitely for analytics and service improvement purposes.
7. Your Rights
Under the Digital Personal Data Protection Act, 2023 and applicable regulations, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (subject to legal retention requirements).
- Data Portability: Request an export of your data in a machine-readable format.
- Withdraw Consent: Withdraw consent for data processing at any time (this may affect Service availability).
- Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity, as per Section 9 of the DPDPA 2023.
- Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India.
To exercise any of these rights, contact us at privacy@hivance.app. We will respond within 30 days of receiving your request.
8. Cookies & Local Storage
This platform is a Progressive Web App (PWA) that uses:
- Local Storage: To store authentication tokens, user preferences (theme settings), and offline data for PWA functionality.
- Service Workers: To enable offline access and cache application assets for performance.
- Session Storage: For temporary data needed during your active session.
We do not use third-party tracking cookies. Essential storage cannot be disabled as it is required for the Service to function.
9. Children's Privacy
The Service is intended for use by adults (18 years and above) for business purposes. We do not knowingly collect personal data from children under 18. If we become aware that a minor has provided personal data, we will take steps to delete such information promptly, in accordance with Section 9 of the DPDPA 2023.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 15 days before they take effect. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
11. Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDPA 2023, the details of our Grievance Officer are:
- Name: Shantanu Awate
- Email: grievance@hivance.app
- Address: Hivance, Otur, Pune, Maharashtra, 412409, India
- Response Time: Within 30 days of receiving a complaint
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
By using this Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your information as described herein.