Privacy and GDPR
As a salon owner you work with personal information every day -- names, phone numbers, email addresses, appointment details, and sometimes sensitive health notes. Salonnare is built to help you manage this data responsibly and comply with privacy regulations such as the GDPR.
Don't worry -- you don't need to be a legal expert. This guide explains the practical tools at your disposal. There are two levels of export: per individual client (from the client detail view) and for your entire salon (from Settings).

What is the GDPR?
The GDPR (General Data Protection Regulation) is a European privacy law that gives people control over their personal data. In short, your clients have the right to:
- Know what data you hold about them.
- Get a copy of their data.
- Ask you to delete their data.
Salonnare gives you the tools to handle these requests in a few clicks.
Exporting one client (access request)
When a client asks "What data do you have about me?", you export the full record of that single client. This happens in the client detail view:
- Go to Clients and open the client's profile.
- Click the Export button (with the download icon). This button is only visible to administrators.
- A JSON file is downloaded named
export-klant-<id>-<date>.json. - Send this file to the client.
What's in the client export?
The export bundles everything linked to that client:
- The full client record (contact details, date of birth, address, notes).
- All appointments and their status.
- Colour formulas, labels, and CRM segments.
- Loyalty transactions and memberships.
- Receipts (POS orders), no-show and deposit payments.
- Contact preferences, sent intake/form invitations, and gift cards.
Health notes in the export
Does the client have health notes (allergies, medication, skin conditions) in the secure vault? Those are only included decrypted if you have the right to view them -- which automatically applies to administrators and to staff with the proper permission. If you don't have access, the export simply states that the health notes are not included and must be requested separately from an authorised staff member.
Every decrypted note that ends up in an export is recorded in the vault's access log. This keeps it traceable who viewed which sensitive data and when.
Deleting a client (deletion request)
When a client asks "Delete my data":
- Go to Clients and open the client's profile.
- Click Delete.
- Confirm the deletion.
What happens next
After you click delete:
- The client is hidden immediately from your lists and searches.
- The appointment history is kept for your records, but is decoupled from the personal data.
- The personal data is removed from the active record.
Exporting your whole salon (account level)
You can also export a complete copy of all your salon data at once -- not one client, but your full administration. You do this in Settings:
- Go to Settings.
- Open the Privacy & GDPR section.
- Click Export JSON for a full export, or Export CSV for a flat client list.
The JSON export contains all your tables: clients, appointments, staff, products, invoices, receipts, settings, and more. This is useful for your own records, when switching systems, or for compliance purposes.
Deleting your Salonnare account
In the same Privacy & GDPR section you can submit a request to delete your entire account:
- Go to Settings > Privacy & GDPR.
- Click Delete my account and confirm in the dialog.
The 30-day grace period
- After the request, a 30-day grace period starts. During this period your account is marked for deletion, but not yet erased.
- Change your mind? Click Cancel deletion to fully restore your account.
- Only after 30 days is your salon data permanently removed.
How long is data kept?
| Type of data | How long it's kept |
|---|---|
| Personal client data | Until the client or you request deletion |
| Appointment data | Kept as records, decoupled from personal data after deletion |
| Financial data | At least 7 years (legally required for tax) |
| Health notes (vault) | Stored encrypted, with automatic cleanup after the retention period |
Data processing agreement
Salonnare processes data on your behalf. If you need a formal data processing agreement for your records, you can request one from the support page.
Keep it simple
Privacy compliance doesn't have to be complicated. Three habits that keep you on the right side:
- Only collect what you need -- don't fill in every field for every client.
- Respond quickly to data requests -- the export button makes it a matter of clicks.
- Review your client list regularly and clean up old records.
Want to check who downloaded exports? See the Audit Log. For more on managing your clients, see Managing clients.