Privacy Policy

Introduction

Knippa ("we", "us", "our") operates the knippa.app website and service. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and Dutch privacy law.

Data Controller

Knippa, Oldenzaal, the Netherlands. KvK: 57288135 | BTW: NL001183466B61. For privacy inquiries: support@knippa.app

What Data We Collect

Account holders (barbers/business owners)

Name, email address, password (hashed), business name, contact details, service and availability configuration, booking and appointment data, payment information (processed by Stripe).

Customers (people who book appointments)

Name, email address, phone number (if required by the business), booking details (service, date, time).

Automatically collected

Browser type and version, IP address, pages visited and time spent, cookies (see Cookie section).

Why We Collect Data

To provide and maintain the booking service, to process appointments and send notifications, to manage subscriptions and billing, to improve our service, and to communicate important updates. Providing your personal data is necessary to use the service — without it, we cannot create your account or process bookings.

Legal Basis (GDPR)

Contract performance (Art. 6(1)(b)): to create and manage your account, process bookings, handle payments, and send transactional notifications. Legitimate interest (Art. 6(1)(f)): to improve our service, ensure security, and prevent fraud. Consent (Art. 6(1)(a)): for marketing communications (opt-in only, withdrawable at any time).

Data Sharing

We share data only with: Stripe (payment processing), Resend (transactional email delivery), and Convex (database hosting, US-based, with EU data processing agreements). We do not sell your personal data to third parties.

Data Retention

Account data: Retained while your account is active, deleted within 30 days of account deletion. Booking data: Retained for 12 months after the appointment date. Payment records: Retained as required by Dutch tax law (7 years).

Your Rights (GDPR)

You have the right to: access your personal data, correct inaccurate data, delete your data ("right to be forgotten"), restrict processing, data portability, object to processing, and withdraw consent. To exercise these rights, email support@knippa.app. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

Security

We use industry-standard encryption (HTTPS/TLS), secure password hashing, and access controls to protect your data.

International Transfers

Some data is processed in the United States (Convex database hosting). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with GDPR Chapter V.

Changes

We may update this policy. We'll notify registered users of significant changes via email.

Contact

For privacy questions: support@knippa.app