SpaMngr

Privacy Policy

Effective date: March 16, 2026

Effective date: March 16, 2026

1. Introduction

SpaMngr is an invite-only mobile application for spa management. It is used by spa owners and their staff to coordinate rooms, sessions, schedules, and employee records. Access requires an invitation from a spa administrator.

In this Privacy Policy, "SpaMngr," "we," "us," and "our" refer to the operator of the SpaMngr application.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, when it may be disclosed, and what rights and choices may be available to you under applicable law.

2. Data We Collect

We collect the personal data reasonably necessary to provide and operate the SpaMngr service:

We do not collect payment information, health information, or browsing history.

3. How We Use Your Data

Your data is used solely to operate the SpaMngr application:

We do not sell your personal data, share it for cross-context behavioral advertising, or use it for advertising purposes.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

5. Data Sharing and Disclosure

We do not sell or rent your personal data. We may share data only in the following limited circumstances:

6. Data Storage and Security

We use infrastructure provided by our service providers, including Google Firebase, to store and process app data. Personal data may be processed in the United States and other countries where those providers operate.

We implement access controls, Firestore security rules, and Cloud Function authorization to ensure that each user can only access data they are permitted to view within their spa.

7. Third-Party Services

SpaMngr uses the following third-party services:

8. Data Retention

Your data is retained for as long as you have an active account. Session history is kept for reporting purposes even after a session ends.

If you delete your account, we delete or anonymize personal data associated with your account, including your profile, memberships, vacation requests, and notification-related records, except where limited retention is reasonably necessary for legal compliance, security, fraud prevention, dispute resolution, or internal recordkeeping.

Session service records: Session records (room assignments, service timestamps, and therapist display name snapshots) are retained by the spa operator as historical business records even after a user account is deleted. These records form the basis of monthly work reports and attendance summaries. After account deletion, the record is pseudonymized — the user's account no longer exists, but a snapshot of the display name at the time of the service may remain in the session record. If you have questions about session records retained after account deletion, contact us at contact@spamngr.cloud.

9. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal data, including rights to request access, correction, deletion, or other rights available under applicable law.

To exercise privacy-related rights, contact us at contact@spamngr.cloud. We may need to verify your identity before processing certain requests.

10. California Privacy Notice

If you are a California resident, you may have rights under California law regarding your personal information, including the right to know what personal information we collect and how we use and disclose it, the right to request correction of inaccurate personal information, and the right to request deletion of personal information, subject to applicable exceptions. California law also protects consumers from unlawful discrimination for exercising applicable privacy rights.

In the last 12 months, depending on how the app is configured and used, we may have collected the following categories of personal information:

We collect personal information directly from you, automatically from your device and app usage, and from your spa administrator or spa configuration. We collect and use this information to provide and operate the app, manage accounts and spa membership, send notifications, support spa operations, maintain security, and improve service reliability.

We may disclose these categories of personal information to:

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

We do not use sensitive personal information for purposes other than providing and operating the app's requested features.

California residents may submit privacy-related requests by contacting us at contact@spamngr.cloud.

11. Push Notifications

SpaMngr uses Firebase Cloud Messaging (FCM) to deliver push notifications for session reminders, vacation approvals, and other in-app events. You can disable push notifications at any time through your device's system settings. Disabling notifications will not affect your ability to use the app.

12. Vietnamese Users

SpaMngr respects Vietnamese personal data protection laws applicable to users in Vietnam. Vietnamese users may exercise their rights to access, correct, or request deletion of their personal data by contacting us at contact@spamngr.cloud.

Please note that personal data may be processed through infrastructure operated by our service providers, including in the United States and other countries where they operate. Personal data may be processed outside of Vietnam through infrastructure operated by our service providers, subject to applicable law.

13. Children's Privacy

SpaMngr is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and post the revised version here. We encourage you to review this policy periodically.

15. Cookies and Tracking

The SpaMngr mobile app does not use cookies. The SpaMngr website (this page) does not use tracking cookies or third-party analytics scripts. We do not track users' activities across third-party websites or online services for behavioral advertising purposes through this website.

16. Contact

If you have questions about this Privacy Policy or your personal data, please contact us:

SpaMngr
contact@spamngr.cloud