Privacy and GDPR

How to handle customer data requests -- exporting a single client from the client detail view, exporting your whole salon from Settings, and deleting clients or your account.

Privacy and GDPR

As a salon owner you work with personal information every day -- names, phone numbers, email addresses, appointment details, and sometimes sensitive health notes. Salonnare is built to help you manage this data responsibly and comply with privacy regulations such as the GDPR.

Don't worry -- you don't need to be a legal expert. This guide explains the practical tools at your disposal. There are two levels of export: per individual client (from the client detail view) and for your entire salon (from Settings).

Screenshot of privacy and gdpr

What is the GDPR?

The GDPR (General Data Protection Regulation) is a European privacy law that gives people control over their personal data. In short, your clients have the right to:

  • Know what data you hold about them.
  • Get a copy of their data.
  • Ask you to delete their data.

Salonnare gives you the tools to handle these requests in a few clicks.

Exporting one client (access request)

When a client asks "What data do you have about me?", you export the full record of that single client. This happens in the client detail view:

  1. Go to Clients and open the client's profile.
  2. Click the Export button (with the download icon). This button is only visible to administrators.
  3. A JSON file is downloaded named export-klant-<id>-<date>.json.
  4. Send this file to the client.

What's in the client export?

The export bundles everything linked to that client:

  • The full client record (contact details, date of birth, address, notes).
  • All appointments and their status.
  • Colour formulas, labels, and CRM segments.
  • Loyalty transactions and memberships.
  • Receipts (POS orders), no-show and deposit payments.
  • Contact preferences, sent intake/form invitations, and gift cards.
Besides JSON, you can also pull a simplified CSV version. It contains a flat summary of the client record, the appointments, and the gift cards -- handy to open quickly in a spreadsheet.

Health notes in the export

Does the client have health notes (allergies, medication, skin conditions) in the secure vault? Those are only included decrypted if you have the right to view them -- which automatically applies to administrators and to staff with the proper permission. If you don't have access, the export simply states that the health notes are not included and must be requested separately from an authorised staff member.

Every decrypted note that ends up in an export is recorded in the vault's access log. This keeps it traceable who viewed which sensitive data and when.

Deleting a client (deletion request)

When a client asks "Delete my data":

  1. Go to Clients and open the client's profile.
  2. Click Delete.
  3. Confirm the deletion.

What happens next

After you click delete:

  • The client is hidden immediately from your lists and searches.
  • The appointment history is kept for your records, but is decoupled from the personal data.
  • The personal data is removed from the active record.
Financial data (sales, invoices) must be retained for tax purposes. Even when a client is deleted, these records remain -- but they no longer contain traceable personal data.

Exporting your whole salon (account level)

You can also export a complete copy of all your salon data at once -- not one client, but your full administration. You do this in Settings:

  1. Go to Settings.
  2. Open the Privacy & GDPR section.
  3. Click Export JSON for a full export, or Export CSV for a flat client list.

The JSON export contains all your tables: clients, appointments, staff, products, invoices, receipts, settings, and more. This is useful for your own records, when switching systems, or for compliance purposes.

This account-level export is also recorded in the [Audit Log](./audit-log), so you can later prove who downloaded an export and when.

Deleting your Salonnare account

In the same Privacy & GDPR section you can submit a request to delete your entire account:

  1. Go to Settings > Privacy & GDPR.
  2. Click Delete my account and confirm in the dialog.

The 30-day grace period

  • After the request, a 30-day grace period starts. During this period your account is marked for deletion, but not yet erased.
  • Change your mind? Click Cancel deletion to fully restore your account.
  • Only after 30 days is your salon data permanently removed.
During the grace period you can still download a full data export, so you keep a copy of everything before it's gone for good.
The 30-day grace period applies to **deleting your salon account**. Deleting an **individual client** is immediate (the client disappears from your lists right away); there is no account-wide grace period for that.

How long is data kept?

Type of dataHow long it's kept
Personal client dataUntil the client or you request deletion
Appointment dataKept as records, decoupled from personal data after deletion
Financial dataAt least 7 years (legally required for tax)
Health notes (vault)Stored encrypted, with automatic cleanup after the retention period

Data processing agreement

Salonnare processes data on your behalf. If you need a formal data processing agreement for your records, you can request one from the support page.

Keep it simple

Privacy compliance doesn't have to be complicated. Three habits that keep you on the right side:

  1. Only collect what you need -- don't fill in every field for every client.
  2. Respond quickly to data requests -- the export button makes it a matter of clicks.
  3. Review your client list regularly and clean up old records.

Want to check who downloaded exports? See the Audit Log. For more on managing your clients, see Managing clients.

Related articles