PIPEDA Compliance

Privacy Policy

This page is maintained by AuraBook to explain how we handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). It is not an independent certification or audit. Last updated: July 15, 2026.

Privacy Officer

Questions, access requests, and complaints about your personal information should be directed to our Privacy Officer.

Email: privacy@aurabook.app

Mailing address: [Add your business mailing address]

The 10 PIPEDA Fair Information Principles

1. Accountability

AuraBook is responsible for personal information under its control. A designated Privacy Officer oversees compliance with this policy and PIPEDA.

2. Identifying Purposes

We identify why we collect personal information at or before the time of collection — to create accounts, take bookings, process payments, send reminders, and operate the salon marketplace.

3. Consent

We collect, use, and disclose personal information only with your knowledge and consent, except where law allows or requires otherwise. You may withdraw consent at any time, subject to legal or contractual restrictions.

4. Limiting Collection

We limit the personal information we collect to what is necessary for the purposes identified — typically name, contact details, booking history, and (for salon owners) business details.

5. Limiting Use, Disclosure & Retention

Personal information is used only for the purposes for which it was collected and is retained only as long as necessary to fulfill those purposes or to meet legal obligations.

6. Accuracy

We keep personal information as accurate, complete, and up-to-date as needed. You can review and correct your profile from your account at any time.

7. Safeguards

We protect personal information with appropriate safeguards: encryption in transit (HTTPS), role-based access controls, row-level security on our database, and least-privilege secrets management.

8. Openness

Our policies and practices are made available through this page. Contact our Privacy Officer for additional detail about how we manage personal information.

9. Individual Access

On request, we will tell you what personal information we hold about you, how it is used, and to whom it has been disclosed. We will provide access in a reasonable time and at minimal or no cost.

10. Challenging Compliance

You may challenge our compliance with PIPEDA by contacting the Privacy Officer. Unresolved concerns may be referred to the Office of the Privacy Commissioner of Canada (priv.gc.ca).

What we collect

  • Account information — name, email, optional phone, profile photo.
  • Booking information — services, appointments, staff selection, loyalty points.
  • Salon information (owners) — business name, location, photos, services, staff and hours.
  • Technical information — authentication tokens, session activity needed to operate the service securely.

Service providers (subprocessors)

We use trusted service providers to operate AuraBook. They process personal information on our behalf, under contract, and only for the purposes we direct.

  • Lovable Cloud — managed hosting, database, authentication, and file storage.
  • [Email provider] — transactional emails such as confirmations and reminders.
  • [Map provider] — displaying salon locations.

Some providers may store data outside Canada. Where that is the case, the information remains subject to the laws of the jurisdiction in which it is held, in addition to the protections in this policy.

Retention & deletion

We retain personal information for as long as your account is active and for a reasonable period afterward to meet legal, accounting, or operational obligations. You can request deletion of your account and associated personal information by contacting the Privacy Officer.

Your rights under PIPEDA

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent for non-essential uses (subject to legal/contractual limits).
  • File a complaint with our Privacy Officer or, if unresolved, with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Breach notification

In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA, and keep a record of the breach.

Contact

For any privacy-related question, please contact privacy@aurabook.app.