Privacy Policy

1. Scope

This Privacy Policy applies to all visitors, users, and clinic personnel using the Autosify Beauty web platform.

For detailed disclosure under Turkish KVKK, please also read the KVKK Notice; both documents apply together.

2. Information we collect

• Account information: email, password hash, creation timestamp
• Salon membership: role, accepted-at, inviting user
• Session and security: IP, user agent, session ID, last-used time
• Usage data: request logs, error logs (no personal identifiers)
• Salon data: patient/doctor/appointment/message records entered by the SALON (the SALON is data controller)

3. Cookies

We use only functional cookies:

• clinic_at — short-lived session token (15 min, httpOnly, secure)
• clinic_sid — long-lived session ID (30 days, httpOnly, secure)
• NEXT_LOCALE — chosen language (1 year)

No advertising, tracking, or analytics cookies. No third-party analytics service.

4. Third-party services

The following providers are used for limited purposes:

• Resend (US) — invitation and system emails only
• Meta Platforms — the SALON connects its own WhatsApp Business account; message traffic is between the SALON and Meta directly
• VPS provider (in Türkiye / EU) — hosting

5. Children's privacy

We do not knowingly collect data from users under 13. For paediatric patient data entered by the SALON, explicit consent is between the SALON and the parent/guardian; the Platform records the consent timestamp.

6. Changes

We may update this policy from time to time. For material changes the version number is bumped and re-acceptance is requested at next sign-in.