Data Processing Agreement (DPA)
Last updated: 2026-06-16
This DPA supplements the Terms and applies when GlowHub processes personal data on behalf of a Customer (Tenant).
1. Roles
- Customer (Tenant) = Data Controller.
- GlowHub = Data Processor processing data per Customer's instructions.
2. Purpose of Processing
- Operating the salon management service.
- Storing bookings, customers, and invoices.
- Generating reports and analytics for the Customer only.
3. GlowHub Obligations
- Process data only per Customer's instructions.
- Apply appropriate technical and organizational security measures.
- Notify the Customer within 72 hours of discovering any security incident.
- Assist the Customer in responding to data subject requests.
4. Sub-processors
We use trusted providers for hosting, email, payment, and messaging. We announce any new provider 30 days in advance.
5. International Data Transfers
When transferring data outside the Customer's country, we apply appropriate legal safeguards.
6. Data Subject Rights
We provide the Customer with tools to export and delete end-customer data within 30 days of request.
7. Data Return & Deletion
At end of relationship, we provide data in a readable format for 30 days, then securely delete it.
8. Contact
To request a signed DPA: legal@glowhub.app