BeauPros

Privacy Policy

Effective 2026-04-15

This Privacy Policy explains how Bang Bang Bang PTE LTD (“we”, “our”, “us”) collects, uses, discloses, and protects your personal data when you visit our salons, book appointments, purchase services or products, or interact with our staff and systems across our brands (U Hair, EX Style, Coulisse Hair, Coulisse Heir, Ex Beauty).

We comply with the Personal Data Protection Act 2012 of Singapore (“SG PDPA”) and the Personal Data Protection Act 2010 of Malaysia (“MY PDPA”) where applicable.

1. What personal data we collect

We collect only what is needed to serve you. This includes:

  • Identity: full name, phone number, email address, gender, date of birth.
  • Service history: services received, products purchased, stylist, outlet, date and time.
  • Hair and treatment records: hair type, condition, allergies, colour history, formulas used, photos taken with your consent.
  • Financial: payment method, prepaid wallet balance, package redemption history. We do not store full credit card numbers; card processing is handled by our payment provider.
  • Communications: messages you send to our staff, appointment confirmations, feedback.
  • Technical: when staff interact with our system on your behalf, we log the action and the acting staff member for audit purposes.

2. Why we collect it

  • To provide salon services, schedule appointments, and process payments.
  • To maintain accurate service records so any stylist can safely pick up where another left off (e.g., prior colour formulas, allergies).
  • To manage your prepaid wallet balance and package entitlements.
  • To communicate with you about your appointments, purchases, and (with your separate consent) promotions.
  • To comply with legal obligations, including tax records and data subject requests.

3. Consent

We ask for your consent before collecting your personal data, typically at first registration. You may withdraw consent at any time by contacting our Data Protection Officer (see section 10). Withdrawal does not affect processing that has already occurred, and may mean we cannot continue serving you.

Marketing communications (SMS, WhatsApp, email) require separate, opt-in consent. You may opt out at any time — we will honour opt-outs across all our brands, not just the one you interacted with.

4. How we share your data

Your personal data stays within Bang Bang Bang PTE LTD and our brands. We share it only in these narrow cases:

  • Service providers: our cloud hosting provider (Supabase, region ap-southeast-1 / Singapore), payment processor, and communications provider. Each is bound by data-processing terms equivalent to this policy.
  • Across our brands: we may share hair and service records between brands under the same parent entity when you visit a different brand, only with your explicit consent at that visit.
  • Legal: when required by law, court order, or a legitimate regulatory request.

We do not sell personal data. We do not share it with advertising networks.

5. Where your data lives

Your data is stored in Singapore (Supabase ap-southeast-1 region). For Malaysian customers, data remains in Singapore under PDPA-compliant protections; cross-border transfer to Singapore is considered a jurisdiction providing “comparable protection” under MY PDPA guidelines, and is covered by our data-processing agreement with Supabase. You consent to this transfer by using our services.

6. How long we keep it

  • Active customer records: kept for as long as you remain our customer.
  • Dormant records: retained for up to 5 years after your last visit, then anonymised or deleted.
  • Financial records (transactions, receipts): retained for 7 years, as required by Singapore tax and accounting law.
  • Consent records and audit logs: retained while the underlying data exists, then 5 years after deletion for dispute resolution.

7. How we protect it

  • All data in transit is encrypted with TLS 1.2 or above.
  • Data at rest is encrypted at the database level.
  • Access is scoped by role — staff at one outlet cannot access data from unrelated outlets.
  • All changes to customer records are logged with the acting staff member and timestamp.
  • Financial balances (wallet credit, packages) are recorded in an append-only ledger — no one, including administrators, can silently alter your balance history.

8. Your rights

Under SG PDPA and MY PDPA you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Withdraw consent — revoke any consent previously given.
  • Portability (SG PDPA, once in force) — request your data in a machine-readable format.
  • Lodge a complaint — contact the Personal Data Protection Commission (SG) at pdpc.gov.sg or the Department of Personal Data Protection (MY) at pdp.gov.my.

We will respond to access and correction requests within 30 days. Send requests to our Data Protection Officer (see section 10).

9. Data breach notification

In the unlikely event of a data breach that is likely to result in significant harm to affected individuals, we will notify the Personal Data Protection Commission (Singapore) within 72 hours of becoming aware, and notify affected individuals as soon as practicable thereafter, in accordance with SG PDPA section 26D and MY PDPA equivalent provisions.

10. Contact our Data Protection Officer

For any privacy question, access request, correction request, or breach concern:

  • Email: {{DPO_EMAIL}}
  • Phone: {{DPO_PHONE}}
  • Post: Bang Bang Bang PTE LTD, {{COMPANY_ADDRESS}}
  • UEN: {{COMPANY_UEN}}

11. Children

Customers under 13 must have a parent or guardian present to consent on their behalf. We do not knowingly collect personal data from children under 13 without parental consent.

12. Cookies and tracking

Our staff-facing systems use only essential cookies for login and security. We do not use advertising cookies, cross-site tracking, or third-party analytics on customer-facing pages beyond what is strictly necessary.

13. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with an updated effective date, and where appropriate, communicated to you directly.

  • 2026-04-15 — initial publication.