Privacy Policy

1. Who this policy applies to

This Privacy Policy applies to two groups of people:

• Groomers — pet grooming professionals who sign up for and use Zeluna to manage their business. We refer to groomers as “Customers” or “you” depending on context.
• End users — the pet owners (clients of our Customers) whose contact and pet information our Customers store in Zeluna. We refer to end users as “End Users.”

Our relationship is directly with Customers. We store and process End User information on behalf of our Customers as their service provider. End Users should direct most privacy questions to the specific groomer or salon they do business with.

2. Information we collect

2.1 Information you provide directly

When a Customer signs up for Zeluna, we collect:

• Name, email address, and password
• Business name, business type (salon, mobile, or both), and business address
• Phone number (optional)
• Payment information (processed and stored by Stripe — see Section 5)

When a Customer uses Zeluna to manage their grooming business, they enter information about their End Users, including:

• End User name, email address, phone number, and physical/mailing address
• Pet information: name, species, breed, weight, age, behavioral notes, grooming history, photos, vaccination records
• Appointment history, payment history, and notes

End Users may also provide information directly to a Customer through Zeluna's online booking interface — for example, when booking an appointment, completing a paperwork form, or replying to an SMS or email.

2.2 Information we collect automatically

When you visit usezeluna.com or use the Zeluna platform, we automatically collect:

• IP address, browser type, device information
• Pages visited, actions taken, timestamps
• Referrer URL and basic analytics events

We use cookies and similar technologies to operate the Service, remember session state, and understand usage patterns. We do not use third-party advertising trackers.

2.3 Information from third parties

If you sign in with Google, we receive your name, email, and profile photo from Google. We do not receive your Google password or any other Google account information.

If Stripe processes a payment for you, Stripe shares limited transaction metadata with us (amount, status, payment method type, last four digits of card) so we can show you a receipt. We never receive full card numbers.

3. How we use information

We use information to:

• Provide and operate the Zeluna platform
• Authenticate Customers and protect their accounts
• Process payments (via Stripe)
• Send transactional emails and SMS messages on behalf of Customers (appointment confirmations, reminders, receipts, account notifications)
• Respond to Customer support requests
• Detect and prevent fraud, abuse, and security incidents
• Improve the Service through usage analytics
• Comply with legal obligations

We do not use End User information for our own marketing. We do not sell End User information to anyone, ever.

4. SMS messaging — important notice

We send SMS messages on behalf of our Customers to their End Users (e.g., appointment reminders, confirmations). We also send operational SMS messages directly to Customers about their Zeluna account (e.g., account alerts, security notifications) when they opt in.

Important commitments regarding SMS data:

No mobile information, phone numbers, or SMS opt-in consent will be shared with third parties or affiliates for marketing or promotional purposes at any time. This applies to:

• Phone numbers entered into Zeluna by Customers or End Users
• SMS consent records and opt-in/opt-out status
• SMS message content and metadata

We share phone numbers only with our messaging infrastructure provider (Twilio) for the sole purpose of delivering messages that the Customer has authorized. We do not provide phone numbers, opt-in lists, or messaging data to advertisers, affiliates, lead generators, or any other party for marketing purposes.

End Users may opt out of SMS at any time by replying STOP to any message. Customers may opt out of operational SMS in their account settings. Opt-outs are honored immediately and permanently for that phone number unless the user opts back in.

See our SMS Messaging Policy for full details on the SMS program.

5. Who we share information with

We share information only with parties that help us operate the Service. Specifically:

5.1 Service providers

• Supabase — database hosting, authentication, and file storage
• Vercel — application hosting
• Stripe — payment processing (Customer subscriptions and End User payments via Stripe Connect)
• Twilio — SMS delivery
• Resend — transactional email delivery
• Sentry — error tracking and crash reporting (no personal data sent intentionally)
• Cloudflare — DNS, network security, email forwarding

Each provider is bound by its own privacy and security obligations and may only use the information we share with them to perform services for us.

5.2 Legal disclosures

We may disclose information when required by law, subpoena, court order, or to protect our rights, the safety of users, or the integrity of the Service. We will notify Customers of legal requests unless prohibited by law.

5.3 Business transfers

If Zeluna is acquired or merged with another business, Customer and End User information may transfer as part of the transaction. We will provide notice and an opportunity to delete data before any such transfer takes effect.

5.4 What we never do

We never sell personal information. We never share SMS opt-in consent or phone numbers with third parties for marketing, advertising, lead generation, or any non-operational purpose.

6. How long we keep information

We keep Customer account information as long as the account is active. After account closure, we retain backups for up to 90 days for disaster recovery, then permanently delete the data.

We keep End User information as long as the Customer maintains the relationship with that End User. Customers may delete End User records at any time through the Zeluna dashboard.

We keep payment records for the period required by tax and accounting regulations (typically 7 years).

7. Your rights

7.1 Customer rights

Customers may:

• Access and export their account data at any time via the dashboard
• Correct inaccurate information
• Delete their account (which permanently deletes all associated data after the 90-day backup retention period)
• Opt out of marketing emails (transactional emails cannot be opted out of while the account is active)

7.2 End User rights

End Users should contact the Customer (groomer or salon) they do business with for most requests, since the Customer is the data controller for that information. End Users may also contact us at support@usezeluna.com if they cannot reach the Customer.

7.3 California residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights including:

• The right to know what personal information we collect
• The right to delete personal information
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. To exercise California rights, email support@usezeluna.comwith the subject “CCPA Request.”

8. Children's privacy

The Zeluna platform is not intended for use by anyone under the age of 18. We do not knowingly collect information from children. If we learn that a child under 18 has provided information to us, we will delete it promptly.

9. Security

We protect information using industry-standard practices:

• All data transmitted in transit is encrypted with TLS
• Data at rest is encrypted by our database provider
• Authentication credentials are hashed and salted
• Service-role access keys are restricted to server environments and never exposed to client devices
• Payment information is tokenized by Stripe; we never store full card numbers

No system is completely secure. We make no warranty that information stored with us will never be compromised. If a breach occurs that affects personal information, we will notify affected Customers as required by law.

10. International users

The Zeluna platform is operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using the Service, you consent to this transfer.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify Customers of material changes by email and by posting a notice on the Service. Continued use of the Service after changes means you accept the updated policy.

12. Contact

For privacy questions or to exercise your rights, contact us at: