Privacy Policy

Information You Provide Through Forms

We only collect information you voluntarily provide to us through our website forms:

• Booking Request Forms: Name, email address, phone number, preferred spa location, appointment date/time, treatment selections, and special requests
• Newsletter Subscription: Email address for wellness updates and spa news via Mailchimp
• New Client Registration: Name, contact details, date of birth, spa treatment history, skincare preferences, treatment goals, and relevant medical history for treatment safety
• Feedback Forms: Name, email, visit date, spa location, and detailed feedback ratings about your experience

Website Analytics (Optional)

With your consent, we collect basic website usage data through Vercel Analytics:

• Page Views: Which pages you visit and time spent
• Basic Device Information: Browser type, device type, and screen size
• Geographic Region: General country/city location (not precise location)
• Referral Sources: Which website you came from

This data is completely anonymous and helps us improve our website experience. You can disable analytics through our privacy preferences.

Privacy and Cookie Preferences

We store your privacy choices in browser cookies to remember your preferences:

• Privacy Consent: Whether you've accepted or declined our privacy policy
• Cookie Preferences: Your choices for analytics, Instagram content, and marketing communications
• Preference Timestamp: When you made your privacy choices

Data We Access from Instagram

We access only public data from our own Instagram business account through Instagram's API:

• Public Posts: Photos, videos, and captions from our Instagram account (@serenityspakenya)
• Post Metadata: Publication timestamps, post types (photo/video), and Instagram post URLs
• No Personal Data: We do not access any personal information, private content, or user data from Instagram users
• Business Content Only: All content displayed is from our official business account and is already publicly accessible on Instagram

How We Use Instagram Data

• Website Display: Instagram posts are embedded on our website to showcase our spa locations, treatments, and facilities
• Temporary Caching: Content is cached for 1 hour maximum to improve website performance and reduce API calls
• Direct Linking: Users can click through to view the original posts on Instagram
• No Modifications: We display Instagram content as-is without alterations to the original posts
• No Commercial Use: Instagram content is used solely for displaying our own business content, not for advertising or commercial redistribution

Data Retention and Storage

• Short-Term Caching: Instagram content is temporarily cached for a maximum of 1 hour to improve website performance
• No Permanent Storage: We do not permanently store Instagram data in our databases
• Automatic Refresh: Content is automatically refreshed from Instagram's API to ensure accuracy
• Cache Clearing: Cached content is automatically cleared and refreshed regularly

Your Privacy Rights Regarding Instagram Integration

• No Personal Data Collection: We do not collect, store, or process any personal information from Instagram users who view our content
• No User Tracking: We do not track Instagram user activity, behavior, or interactions
• No Data Sharing: Instagram content is never shared with third parties beyond display on our website
• Contact Rights: You may contact us regarding any questions about our Instagram integration
• Data Deletion: Since we only display public content and don't store personal data, there is no personal data to delete, but you may contact us with any concerns

Compliance and Technical Implementation

Our Instagram integration follows all required security and compliance standards:

• Meta Platform Compliance: Full compliance with Meta's Platform Terms, Platform Policy, and Data Policy
• API Best Practices: Secure API token storage, rate limiting, and proper error handling
• Data Security: All Instagram API communications use HTTPS encryption
• Access Control: API access tokens are securely stored as server environment variables
• Regular Reviews: We regularly review our API usage and permissions to ensure continued compliance
• Fallback Systems: Graceful handling when Instagram API is unavailable with appropriate placeholder content

Form Data Processing

Information from our website forms is used solely for:

• Booking Requests: Forwarded directly to our spa locations to arrange your appointment
• Newsletter: Added to our Mailchimp list for spa updates and wellness tips
• New Client Forms: Shared with your chosen spa location to prepare for your visit
• Feedback: Sent to management and your spa location to improve our services

Data Sharing and Storage

• Email Processing: We use Resend service to deliver form submissions to our spa locations
• Newsletter Management: Mailchimp processes newsletter subscriptions (with their own privacy policy)
• No Database Storage: We do not store your form data in website databases
• No Data Sales: We never sell, rent, or share your personal information with unrelated third parties
• Spa Location Access: Only the relevant spa location receives your booking or client information

Privacy Preferences

You have full control over your privacy settings on our website:

• Accept All: Enable all features including analytics and Instagram content
• Essential Only: Use only basic website functionality with no tracking
• Custom Preferences: Choose exactly which features you want to enable
• Change Anytime: Update your preferences using the privacy banner or cookie settings

Newsletter and Communications

• Unsubscribe: Use the unsubscribe link in any newsletter email
• Update Preferences: Contact us to update your communication preferences
• No Spam: We only send relevant spa updates and wellness content

Data Requests

For any questions about your personal information, please contact us. Please note that since form data is processed via email, data retrieval requests may need to be directed to specific spa locations.