What we keep, what we don't, and why.
Last updated 8 May 2026. This is the plain-language version — the legal version follows underneath.
The short version
- We store the minimum needed to run your bookings: salon settings, services, staff, clients (name + phone + Telegram ID), and the bookings themselves.
- We don't sell your data. Ever. Not to advertisers, not to partners, not for "anonymous analytics."
- Your client list belongs to your salon. You can export it any time as CSV. If you cancel, you can take it with you.
- Payments via ARCA — card data never touches our servers.
- We use Sentry for error tracking and Grafana / Loki for log aggregation. Both store data inside the EU.
What we collect
For salon owners: email, password hash, salon details, billing info (held by our payment processor, not us). For clients: name and phone number you collect at booking time, plus the Telegram user ID if they book via the bot.
What we do with it
Run your bookings. Send reminders. Show analytics inside your dashboard. Email you receipts and product updates (you can opt out of updates at any time). That's the whole list.
Where it lives
Postgres database hosted in the EU (Frankfurt). Encrypted at rest, TLS in transit. Daily backups retained for 30 days, then rotated.
Your rights
You can request a copy of every byte of data we hold about you. You can ask us to delete it. Email privacy@timba.am and we'll respond within 30 days, often same-week.
Cookies
We use a session cookie to keep you signed in to the dashboard, and one analytics cookie. See the cookies page for the breakdown.
Updates to this policy
If we change anything material, we'll email registered owners and post a notice on this page. We'll never quietly change the substance.