Sody App Privacy Policy

1. Introduction

Sody App Pte. Ltd. ("Sody," "we," "us," or "our") is committed to protecting the privacy of our users ("users," "you," or "your"). Sody operates a platform that connects consumers with beauty and wellness salons and professionals. This platform includes:

• Sody App: The mobile application for consumers to browse, book, and pay for salon services.
• Sody Partner: The mobile application for salons and professionals to manage their business, bookings, and customer interactions.
• Our website: sody.app and any related services.

These are collectively referred to as the ("Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform. It also describes your choices regarding use, access, and correction of your personal information, including in relation to third-party advertising.

This Privacy Policy complies with the Personal Data Protection Act 2012 of Singapore (PDPA) and other applicable data protection laws.

By accessing or using the Platform, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Platform.

2. Information We Collect

We collect the following types of information:

2.1 Information You Provide Directly:

• Account Information: When you create an account (either as a Consumer or a Salon), we collect your name, email address, and password. You may also choose to provide additional information, such as your phone number, profile picture, date of birth, and gender. Salons are required to provide additional information, including business name, UEN (or legal name), business address, and bank account details.
• Booking Information: When you make a booking, we collect information about the requested service, date, time, Salon, and any special requests or instructions.
• Salon Information (Sody Partner): Salons provide information about their services, pricing, availability, cancellation policies, and business details.
• User Content: We collect any content you submit to the Platform, including reviews, ratings, photos, videos, and communications through the in-app chat.
• Communications: When you contact us (e.g., via email, in-app chat, or customer support), we collect the content of your communications.
• Payment Information: While we use PayNow for payment processing and do *not* store full credit card details, we may collect and store limited transaction information, such as the date, time, amount, and the last four digits of your payment method identifier (if applicable). We also collect and store information related to your PayNow account as needed to facilitate transactions.
• Sensitive Information (Optional): If you choose to provide us with sensitive personal information, such as health conditions or allergies, when booking an appointment or communicating with a Salon, we will only use this information to facilitate the provision of the requested services and will handle it with extra care as required by applicable law. You are not required to provide us with sensitive information.

2.2 Information Collected Automatically:

• Usage Data: We collect information about how you use the Platform, including the features you use, pages you visit, Salons you view, searches you conduct, and booking activity.
• Device Information: We collect information about the device you use to access the Platform, including the device type, operating system, unique device identifiers (e.g., device ID, advertising ID), IP address, and mobile network information.
• Location Information: With your consent, we collect precise location information from your device using GPS, Wi-Fi, and other location technologies. You can enable or disable location services through your device settings. We use this information to provide location-based features, such as finding nearby Salons. Even without precise location, we may infer coarse location (e.g., city) from your IP address.
• Log Data: Our servers automatically record information ("log data") created by your use of the Platform. This may include your IP address, browser type, referring/exit pages, operating system, date/time stamps, and clickstream data.
• Cookies and Similar Technologies: We use cookies and similar technologies (e.g., web beacons, pixels, SDKs) to collect information about your activity, browser, and device. Cookies are small text files stored on your device. We use them for authentication, remembering user preferences, personalizing content, and analyzing usage. Some of these technologies may also be used by our third-party partners, including advertising partners (see Section 5). You can control cookies through your browser settings, but disabling them may affect the functionality of the Platform.
• Calendar Data (Sody Partner - with consent): If a Salon chooses to use the calendar synchronization feature in Sody Partner, we will access their calendar data to facilitate booking management. This access is only with the Salon's explicit consent, and the data is used solely for this purpose.

2.3 Information from Third Parties:

• Social Media: If you choose to link your Sody account with a social media account (e.g., Facebook), we may receive information from that social media platform, such as your name, profile picture, and email address, in accordance with the social media platform's authorization procedures.
• Third-Party Partners: We may receive information about you from third-party partners, such as marketing partners or data analytics providers. This information is used to improve our services and personalize your experience. This also includes advertising partners as detailed in Section 5.

3. How We Use Your Information

We use your information for the following purposes:

• Providing and Managing the Platform: To operate, maintain, and improve the Platform, including providing customer support, processing bookings, facilitating payments, and developing new features.
• Personalization: To personalize your experience on the Platform, such as recommending Salons, services, or content based on your preferences and past activity.
• Communication: To communicate with you about your account, bookings, updates to the Platform, and other service-related matters. We may also send you marketing communications (with your consent where required by law), which you can opt out of at any time.
• Analytics and Research: To analyze usage trends, understand how users interact with the Platform, and conduct research to improve our services.
• Security and Fraud Prevention: To protect the security and integrity of the Platform, detect and prevent fraud, and enforce our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
• Facilitating Salon Operations (Sody Partner): For Salons, we use information to manage bookings, communicate with customers, process payments, and provide other features of the Sody Partner app.
• Displaying Advertising: To display third-party advertisements in the app, some of which may be personalized to your interests, as further described in Section 5. This helps support our Platform and allows us to offer some services for free or at a lower cost.

4. How We Share Your Information

We may share your information in the following circumstances:

• With Salons (for Consumers): When you make a booking, we share necessary information with the Salon to facilitate the service, including your name, contact information, booking details, and any special requests.
• With Consumers (for Salons): We share Salon information with Consumers, including business name, address, services offered, pricing, availability, and reviews.
• With Service Providers: We share information with third-party service providers who assist us in operating the Platform, such as payment processors (PayNow), cloud storage providers, data analytics providers, and marketing service providers. These service providers are contractually obligated to protect your information and only use it for the purposes we specify.
• With Advertising Partners: We may share or allow the collection of certain information (such as device identifiers, IP address, general location information, and non-personally identifiable usage data) by third-party advertising partners, such as Meta Audience Network, to enable them to display personalized advertisements in our app. These partners may collect information directly via SDKs integrated into our app, as further detailed in Section 5.
• With Legal Authorities: We may disclose your information to legal authorities if required by law, legal process, or government request, or if we believe it is necessary to protect the rights, property, or safety of Sody, our users, or others.
• Business Transfers: If Sody is involved in a merger, acquisition, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
• With Your Consent: We may share your information with other third parties with your explicit consent.
• Aggregated or De-identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, or other purposes.

5. Third-Party Advertising

We partner with third-party advertising networks, such as Meta Audience Network, to display advertisements within the Sody App. These advertisements help us to offer some of our services for free or at a lower cost.

Our advertising partners may collect and use information about your use of the Sody App and other websites and apps over time to provide you with personalized advertising. The information collected by these partners may include:

• Device Identifiers: Such as your device's Advertising ID (e.g., Google Advertising ID (GAID) for Android, Identifier for Advertisers (IDFA) for iOS).
• Usage Data: Information about how you interact with our app and the ads displayed (e.g., ads viewed, ads clicked, app activity, session duration).
• Device Information: Such as your device type, model, operating system version, IP address, language settings, and mobile network information.
• Location Information: Coarse location (e.g., country or city) derived from your IP address, or precise location if you have granted location permissions to our app and the ad network supports it for advertising purposes.

These advertising partners use this information, often in conjunction with their own data, to build a profile of your interests and show you ads that are more likely to be relevant to you. The data collection and use by these third-party advertising partners are governed by their respective privacy policies, not ours.

For more information on how Meta collects and uses your data through Audience Network, and how to control your information, please visit Meta's page: Meta Privacy Policy and Meta Audience Network Policy .

Opting Out of Personalized Advertising

You can generally opt out of personalized advertising from Meta and other participating ad networks. Here’s how:

• Device Settings:
  • For Android users: You can usually opt out by navigating to your device's Settings > Privacy > Ads and enabling "Opt out of Ads Personalization" or by resetting your Advertising ID. The exact path may vary by device manufacturer and Android version.
  • For iOS users: You can usually manage tracking preferences by going to Settings > Privacy & Security > Tracking. Here you can prevent apps from requesting to track you, or manage tracking for individual apps. Additionally, you can go to Settings > Privacy & Security > Apple Advertising and turn off "Personalized Ads". (Note: Paths may vary slightly depending on iOS version).
• Meta Ad Settings: You can also control your Meta ad personalization settings by visiting Meta Ad Settings or through your Facebook account settings.
• Industry Opt-Out Tools: You may also be able to opt-out of some third-party vendor's uses of cookies for personalized advertising by visiting the Digital Advertising Alliance’s (DAA) opt-out portal or the Network Advertising Initiative’s (NAI) opt-out page .

Please note that opting out of personalized advertising does not mean you will no longer see ads; it means the ads you see may be less relevant to your interests.

6. Legal Basis for Processing (Where Applicable)

Where applicable under the General Data Protection Regulation (GDPR) or other relevant data protection laws, we rely on the following legal bases for processing your personal information:

• Performance of a Contract: We process your information to fulfill our contractual obligations to you, such as providing the Platform and facilitating bookings.
• Consent: We may process your information based on your consent, such as for marketing communications, collecting precise location data, or for personalized advertising where required by law. You can withdraw your consent at any time (e.g., through app settings or as described in Section 5 for advertising).
• Legitimate Interests: We may process your information based on our legitimate interests, such as improving the Platform, preventing fraud, conducting analytics, and displaying non-personalized advertising, provided that these interests are not overridden by your data protection rights. For personalized advertising, we typically rely on consent where required.
• Legal Obligation: We may process your information to comply with legal obligations.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including providing the Platform, complying with legal obligations, resolving disputes, and enforcing our agreements. The specific retention period may vary depending on the type of information and the purpose of processing. Information collected for advertising purposes by our partners is subject to their retention policies. When your information is no longer needed, we will securely delete or anonymize it.

8. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption, access controls, data minimization, and regular security assessments. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18 (or the applicable age of majority in their jurisdiction if higher). We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from someone under 18 without verifiable parental consent, we will take steps to delete it as soon as possible. If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please contact us.

In compliance with advertising policies, if we become aware that a user is under the age where personalized advertising is permissible without parental consent, we will take steps to ensure that advertising shown to them is not personalized.

10. Your Rights and Choices

You have certain rights regarding your personal information, subject to applicable law. These rights may include:

• Access: You have the right to request access to the personal information we hold about you.
• Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., we may need to retain information to comply with legal obligations).
• Withdrawal of Consent: Where we process your information based on consent (including for personalized advertising as described in Section 5), you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Data Portability: In some cases, you may have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
• Objection: You may have the right to object to the processing of your personal information in certain circumstances, including for direct marketing purposes.
• Restriction: You may have the right to request that we restrict the processing of your personal information in certain circumstances.
• Choices Regarding Advertising: You have choices regarding the use of your information for personalized advertising, as detailed in Section 5.

To exercise these rights (other than advertising choices which are managed as described in Section 5), please contact us using the contact information provided below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

11. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country (such as Singapore, where Sody App Pte. Ltd. is based, or other countries where our service providers or advertising partners operate). When we transfer your information to other countries, we will take appropriate measures to protect your personal information in accordance with this Privacy Policy and applicable law, including the PDPA. This may include implementing standard contractual clauses or relying on other approved transfer mechanisms.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post any changes on the Platform and update the "Last Updated" date. If the changes are significant, we may provide a more prominent notice (such as by adding a statement to our homepage or sending you a notification). We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the posting of changes constitutes your acceptance of such changes.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at:

Sody App Pte. Ltd.
60 Paya Lebar Road #07-54
Singapore 409051
Email: [email protected]

You may also contact our Data Protection Officer (DPO) at [email protected] with the subject line "DPO Inquiry".