SUNMULE

Privacy Policy

Last updated: April 25, 2026

SunMule ("SunMule," "we," "our," or "us") operates a cloud-based salon management platform, including associated IoT hardware, mobile applications, and web services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Account & Contact Information

When you or your organization signs up for SunMule, we collect information such as:

  • First and last name
  • Business name and address
  • Email address and phone number
  • Billing and payment information (processed via our payment processor; see Section 4)

1.2 Customer Data You Provide

As part of operating your salon through SunMule, you may input or import customer records including names, contact information, visit history, membership status, and purchase history. This data belongs to you and is processed by us solely to provide the Service.

1.3 Usage & Device Data

We automatically collect certain technical data when you use the Service, including:

  • IP addresses and device identifiers
  • Browser type and operating system
  • Pages visited, features used, and session duration
  • IoT device telemetry from Honey Badger hardware (room control events, connectivity status)

1.4 Communications

If you contact us for support or otherwise communicate with us, we retain records of those communications.

2. How We Use Your Information

We use collected information to:

  • Provision, operate, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails and SMS notifications (e.g., session confirmations, billing receipts)
  • Provide in-app support and respond to inquiries
  • Generate analytics and reports for your account
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with applicable legal obligations

We do not sell your personal data or your customers' personal data to third parties for advertising purposes.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, our legal bases for processing personal data are:

  • Contract performance — to provide the Service you have subscribed to
  • Legitimate interests — to operate and improve our platform, prevent fraud, and communicate with you
  • Legal obligation — to comply with applicable laws
  • Consent — where you have explicitly provided it (e.g., marketing communications)

4. Third-Party Service Providers

We share information with trusted service providers who assist us in operating the Service. These providers are contractually obligated to protect your data and may only use it for the purposes we specify. Key providers include:

  • Microsoft Azure — cloud infrastructure, hosting, and compute
  • MongoDB — database storage
  • USIO — payment processing and EFT billing (your payment card data is transmitted directly to USIO and is not stored on SunMule servers)
  • SMS/email gateway providers — for transactional notifications
  • Cloudinary — media asset delivery

We do not share your data with third parties for their own independent marketing purposes.

5. Data Retention

We retain your account and customer data for as long as your subscription is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. IoT device telemetry logs are retained for a rolling period necessary to support diagnostics and analytics features. You may request deletion of your account data at any time (see Section 9).

6. Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls and least-privilege principles
  • Hardened cloud infrastructure with logging and anomaly detection
  • Regular security reviews and dependency management

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@sunmule.com.

7. Cookies & Tracking

SunMule uses session cookies and similar technologies to maintain authentication state and remember preferences. We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings, though some Service functionality may be affected.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (subject to legal retention requirements)
  • Export your data in a portable format
  • Restrict or object to certain processing activities
  • Opt out of marketing communications at any time

To exercise these rights, email us at privacy@sunmule.com. We will respond within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you via email or in-app notice. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries, please contact:
SunMule
privacy@sunmule.com

← Back to Home | Terms of Service →