Privacy Policy

Trixel Pro ("we", "us") is a multi-tenant SaaS that helps cosmetics dealers and salons manage daily sales, stock, credit, staff incentives, and customer history. This policy explains what we collect, why, and the rights you have over your data.

• Account data: name, email, phone, role, and authentication metadata.
• Business data: dealer/salon profile, products, prices, stock, sales, payments, expenses, targets, gifts/samples.
• Customer data (salon): customer name, phone, email, visit history, loyalty points.
• Uploaded files: payment proofs and receipts you upload, stored in a private bucket.
• Diagnostics: minimal logs needed to operate the service (no third-party advertising trackers).

Every record belongs to a single tenant — either a dealer or a salon. The database enforces this with row-level security policies. Users can only read or write rows in their own tenant. Cross-tenant access is rejected at the database layer, not just in the application code.

• To run the features you use (sales, ledger, stock, gifts/samples, reports).
• To authenticate you and protect your account.
• To provide aggregated dashboards inside your own tenant.
• To send transactional notifications you trigger (e.g. invoices, low-stock alerts).

We do not sell your data, and we do not use it to train AI models.

• Lovable Cloud (Supabase) — managed Postgres database, authentication, and file storage.
• Google — optional social sign-in (we receive your email and profile name only).

We keep your business records for as long as your tenant is active. If your tenant is cancelled, transactional records may be retained for up to 12 months to comply with local tax and accounting rules, after which they are deleted or anonymised.

• All traffic is encrypted in transit (HTTPS/TLS).
• Data is encrypted at rest by our cloud provider.
• Passwords are hashed (bcrypt-equivalent), never stored in plaintext.
• Privileged actions (payment recording, stock writes, gifts) require role checks server-side.
• Stock changes and credit limits are enforced atomically at the database level to prevent oversell.

You may at any time:

• Access and export your tenant's data.
• Correct inaccurate records inside the app.
• Request deletion of your account and associated personal data.
• Withdraw consent for optional features.

The service is intended for businesses and is not directed at children under 16.

Questions or data requests: privacy@tritechwebsolutions.com