Informativa sulla Privacy

Beauty By Francesca ("we," "us," "our") is a sole proprietorship operated by Francesca, located at 1959 Front St Ste 402, East Meadow, NY 11554. This policy explains what information we collect through our website (beautybyfrancesca.co) and in the course of providing our services, why we collect it, and how we keep it safe.

We're a small local salon, not a big corporation — we treat your information the way we'd want ours treated.

Policy effective date: March 2, 2026

What We Collect

Booking Form

When you book an appointment, we collect your first name, last name, email address, phone number, and any optional notes about your appointment. This information is sent to Square (our booking and payment platform) to create your appointment, and we use Resend to send you a confirmation email.

Returning Client Verification

If you've booked with us before, we offer a quick email verification to speed up your next booking. We send a one-time verification code to your email address. Once verified, your name and phone number are pre-filled, and any cards you've saved with Square are shown (we only see the last 4 digits, card brand, and expiration — never your full card number). This verification uses a secure, cryptographically signed token that expires after 10 minutes.

Payment Information

When you pay for services, your card details are handled directly by Square's secure payment system. Your full card number never touches our website or servers — it goes straight to Square. If you choose to save a card on file for future visits, that card is stored by Square, not by us. We can only see the last 4 digits, card brand, and expiration date. Square is PCI-DSS Level 1 certified, the highest level of payment security.

Event Inquiry Form

For bridal and event styling inquiries, we collect your name, email, phone number, event type, event date, ready-by time, guest count, venue name, event location, zip code, services needed, how you heard about us, Instagram handle (optional), any inspiration photos you upload, and an optional message.

Photos are stored securely with Cloudflare R2. Your event location is sent to Geoapify (a mapping service) to help us estimate travel distance. If you provide an Instagram handle, we may use it to look up your public profile picture to help Francesca recognize you. The form is protected by Cloudflare Turnstile to prevent spam.

Text Messages (SMS)

We may send you appointment reminders and updates via text message through Square. By providing your phone number when booking, you consent to receive these service-related texts. You can opt out of text messages at any time by replying STOP or by contacting us. Standard message and data rates may apply.

Client Photos

With your permission, Francesca may photograph her work during or after your appointment for use on social media (Instagram, Facebook) or our website gallery. We will always ask before taking or posting photos. If you'd prefer not to be photographed or would like a photo removed, just let us know.

Analytics

We use Google Analytics (GA4) to understand how people use our site — things like which pages are popular and how visitors find us. This data is anonymous and aggregated. GA4 may set its own cookies to do this. To learn more about how Google collects and processes data, visit How Google uses data when you use our partners' sites or apps (opens in a new tab).

Local Storage

During the booking flow, we temporarily store your selections (like your chosen service and time slot) in your browser's localStorage so you don't lose your progress if you navigate away. This data stays on your device and is automatically cleared when you complete your booking.

Cookies

Our site sets a cookie to remember your dark mode preference. Our admin area also uses secure session cookies for authentication. In addition, our third-party services (Google Analytics and Cloudflare) may set their own standard cookies for analytics and security purposes.

How We Use Your Information

• To process and confirm your appointment bookings
• To send appointment reminders via email or text message
• To verify your identity for returning-client convenience features
• To respond to bridal and event styling inquiries
• To estimate travel distance for on-location event services
• To understand how our website is used so we can improve it
• To protect our forms from spam and abuse
• To send occasional marketing emails or promotions (only with your consent — see below)

Marketing Emails

From time to time, we may send promotional emails about seasonal offers, new services, or salon news. We will only send marketing emails if you've opted in or given us your consent. Every marketing email includes an easy way to unsubscribe. If you opt out, we will stop sending promotional emails promptly — but you'll still receive transactional emails (like booking confirmations) since those are part of the service you requested.

Service Providers

We work with a handful of trusted services to run our website and business:

• Square — appointment booking, payment processing, saved cards, and appointment reminder texts (Square Privacy Policy (opens in a new tab))
• Resend — sending confirmation and notification emails (Resend Privacy Policy (opens in a new tab))
• Cloudflare — website hosting, security, photo storage, and bot protection (Cloudflare Privacy Policy (opens in a new tab))
• Google Analytics — anonymous website usage analytics (Google Privacy Policy (opens in a new tab))
• Geoapify — location mapping for event travel estimates (Geoapify Privacy Policy (opens in a new tab))

Each of these services has its own privacy policy governing how it handles data. We only share the minimum information needed for each service to do its job.

We Don't Sell Your Data

Period. Your personal information is never sold, rented, or traded to third parties. The only parties who see your data are us and the service providers listed above, solely for the purposes described in this policy.

How We Protect Your Information

We take reasonable steps to protect your personal information, including:

• All data transmitted between your browser and our website is encrypted via HTTPS/TLS
• Payment card data is handled entirely by Square (PCI-DSS Level 1 certified) and never stored on our servers
• Uploaded photos are stored in Cloudflare's secure cloud storage with access controls
• Email verification uses cryptographically signed tokens that expire after 10 minutes
• Form submissions are rate-limited to prevent abuse
• We use trusted, reputable service providers who maintain their own security programs

No system is 100% secure, but we work hard to protect your information using industry-standard practices appropriate for our size and the nature of our business.

Data Breach Notification

In the unlikely event that your personal information is compromised in a security breach, we will notify you and the appropriate New York State authorities as required by the NY SHIELD Act and New York General Business Law, in the most expedient time possible.

How Long We Keep It

We keep your booking and inquiry information for as long as needed to provide our services, maintain our business records, and comply with any legal obligations. Uploaded event photos are kept for the duration of your inquiry and planning process. Booking flow data stored in your browser's localStorage is automatically cleared when you complete your booking.

If you'd like us to delete your information, just reach out and we'll take care of it.

Your Rights

You have the right to:

• Ask what personal information we have about you
• Request that we correct or delete your information
• Opt out of marketing emails at any time (using the unsubscribe link in any marketing email, or by contacting us)
• Opt out of text messages by replying STOP
• Request removal of any photos of you from our social media or website
• Opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on (opens in a new tab)

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal reasons. When we do, we'll update the policy effective date shown at the top of this page. For significant changes, we'll make reasonable efforts to notify you (such as a note on our website). We encourage you to review this page periodically.