logo
a
BOOK A DEMO
> TRY 14-DAY FREE TRIAL
M
> TRY 14-DAY FREE TRIAL
BOOK A DEMO
lifetime deal

Pinnacle360 Privacy Policy

Introduction

Pinnacle360 (“we,” “us,” or “our”) is committed to protecting the privacy of our users and their data. This Privacy Policy explains what information we collect through our salon software platform and related services (the “Services”), how we use and share that information, and the measures we take to safeguard your information. This Policy is written in clear, straightforward language so that our salon business customers (“Professionals” or “Users”) can understand our practices. By using Pinnacle360, you agree to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

(For purposes of EU data protection law, Pinnacle360 will act as a data processor on behalf of Professionals for client data they input, and as a data controller for Professionals’ own account data. We are prepared to comply with GDPR and other applicable laws as described below.)

Information We Collect

We collect only the information that we need to provide and improve our Services, and we do so by fair and lawful means. The types of information we collect can be grouped into the following categories:

  • Information You Provide Directly: When you create an account or use Pinnacle360, you provide personal information such as your name, business name, email address, phone number, physical address, login credentials, and payment information for subscription billing. You may also enter data into the system in the course of using the Services – for example, your client lists (including your clients’ names, contact details, birthdays, and appointment histories), appointment calendars, service and product offerings, pricing, photos or logos, and other content related to your business. All of this information is collected and stored on our systems as you provide it.

  • Payment and Financial Data: If you make purchases or use integrated payments through Pinnacle360, you will provide payment details such as credit card numbers or bank account information. These payments are processed via our third-party payment processors, and we do not store full payment card details on our servers (we may store a payment token or record of the transaction). Billing information for your subscription (like your card’s last four digits, expiration, and billing address) may be stored with our payment processor or in encrypted form for record-keeping and recurring billing.

  • Information Collected Automatically: Like many online services, we automatically collect certain technical information when you use our Services. This includes device and usage data such as your IP address, browser type, device type, operating system, referring URLs, pages viewed, links clicked, and the dates/times of access. We may use cookies, pixels, and similar tracking technologies to collect and remember some of this information. For example, we use cookies to keep you logged in to your account and to analyze how you navigate our site. We also collect logs of actions taken within the platform (e.g., appointment created, invoice sent) for security, auditing, and support purposes.

  • Location Data (if applicable): If you use features that require location (for example, a mobile app feature to find nearby salons or to tag the location of an appointment), we may collect geolocation data from your device, but only with your permission through your device settings.

  • Information from Third Parties: We may receive information about you from third-party sources that you choose to integrate with Pinnacle360. For instance, if you connect an integration (such as Google Calendar or a social media account), or if you log in via a third-party single sign-on, we may receive certain information (like your calendar events or profile information) as permitted by that third-party. Additionally, if a client of yours books through a third-party partner platform that connects to Pinnacle360, we might receive the booking details via that partner. These third-party sources are used to enhance your experience and will only provide us data in accordance with their privacy policies and your settings.

  • Communications: If you communicate with us (for example, via customer support requests, emails, or chat), we collect the information in those communications. This may include contact information and the content of your messages. We use this information to respond to you and improve our Services and support. We may also collect feedback you provide in surveys or questionnaires.

We do not knowingly collect personal information from anyone under the age of 13 (and any use of our Services by minors is not permitted under our Terms). If we learn that we have collected personal data from a child under 13, we will take steps to delete such information promptly.

How We Use Your Information

We use the collected information for the following business and commercial purposes, always on a lawful basis and respecting your privacy:

  • Providing and Improving the Services: Primarily, we use your information to provide you with the Pinnacle360 Services you have requested. This includes using the data you enter to manage appointments, send notifications to you or your clients, process transactions, and display information on your customized booking pages. We also analyze usage patterns and feedback to improve the functionality, reliability, and user experience of our platform. For instance, understanding how users navigate the dashboard helps us optimize the interface.

  • Account Management and Support: We use contact information (like email and phone number) to set up and maintain your account, communicate with you about account administration, and provide customer support. Examples include sending you confirmations of sign-up or subscription payments, alerting you to important product changes or security issues, and responding to your support tickets or inquiries.

  • Communicating with You: We send various communications, including: (a) Service-related announcements (e.g., if we need to inform you of a temporary downtime, software updates, or changes to this Policy or our Terms), (b) Notifications you configure (like appointment reminders via email/SMS to you or your clients), and (c) Marketing communications (only in accordance with your preferences). If you have opted in, we may send newsletters, product offers, or other marketing emails. You can opt out of marketing messages as described in the “Your Rights and Choices” section below. We do not send your clients marketing on our own behalf unless they separately interact with us as users.

  • Processing Payments and Subscription Billing: We use financial and personal information to bill subscription fees, process any purchases or transactions you initiate (e.g., selling a gift card or charging a client’s credit card for a no-show fee), and to detect and prevent fraudulent transactions. This involves sharing necessary information with our secure payment processor. We also use your information to provide receipts, invoices, or payment confirmations.

  • Security and Fraud Prevention: Information (like IP addresses, device information, and account activity) is used to protect our platform, our users, and their data. We monitor for suspicious or malicious activity, verify accounts, enforce our Terms of Service, and investigate potential fraud, spam, or unauthorized access. For example, unusual login patterns might trigger an alert or additional verification steps.

  • Compliance with Legal Obligations: We may process and retain your information as needed to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For instance, keeping records of payments for tax and accounting regulations, or using personal data to fulfill data subject rights requests under GDPR if applicable. We also may use and disclose information as required to respond to lawful subpoenas, court orders, or to establish or exercise our legal rights or defend against legal claims.

  • Aggregated and Anonymized Data: We may aggregate and/or anonymize information such that it can no longer be linked to you or your clients. We may use this aggregated data for purposes such as business analytics, developing new features, research, and marketing. For example, we might compile statistics like “average number of appointments per day per salon” from across our user base, which would not identify any individual business or person. This aggregated data may also be shared with third parties (such as a report on industry trends), but it will not contain any personal data.

  • Other Business Purposes: We may use your information for other legitimate business purposes, such as protecting our rights and property, accounting, audits, and for corporate transactions (if we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that deal as permitted by law).

We will not use personal information for purposes materially different from those disclosed in this Policy without your consent. If we plan to use your data for a new purpose, we will update this Privacy Policy and notify you when required.

How We Share Your Information

We understand that your information is important, and we are not in the business of selling your personal data. We share user information only in the ways described below, and with appropriate safeguards in place:

  • Service Providers: We use trusted third-party companies to perform certain business-related functions necessary for the provision of our Services. Examples include cloud hosting providers (for data storage and infrastructure), email/SMS delivery services (to send out communications), payment processors (to handle credit card transactions in a PCI-compliant manner), and analytics services (to help us understand how the platform is used). These service providers are given access only to the information necessary to perform their specific tasks on our behalf, and they are contractually obligated to protect your information and use it only for the purposes we specify. For instance, if we use an email service to send appointment reminders, that provider will use the client’s email address only to send the specific reminder and not for any other purpose.

  • Business Partners and Integrations: If you choose to use integrations or third-party partnerships through Pinnacle360 (such as an integration with a marketing platform or an online booking marketplace), we will share the necessary data with the partner only as needed to fulfill the integration. For example, if you enable an integration to send newsletters, we might send your client email list to that integrated service, but only under your instructions. We will always ask for your authorization before sharing your information with any third parties for their own purposes.

  • Affiliates: Pinnacle360 may share information with our corporate affiliates (for example, if we are part of a family of companies under common ownership) in order to operate and improve the Services. Any affiliates will honor the commitments in this Privacy Policy.

  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with a legal obligation or governmental request; (b) protect and defend the rights, property, or safety of Pinnacle360, our users, or others; (c) investigate and defend against any third-party claims or allegations; or (d) prevent or stop activity that we consider illegal, unethical, or legally actionable. This includes exchanging information with law enforcement or regulators when appropriate.

  • Your Clients (as directed by you): In the normal operation of the Services, some of your information will be shared with your clients and site visitors by your own actions. For example, when a client books an appointment via your Pinnacle360 online booking page, the system will display to that client certain business information (such as your business name, address, service offerings, staff names, and available time slots). If a client requests their personal data from us, we might refer them to you as the business owner, or with your consent, provide the data to comply with law. Note that we treat the information you input about your clients as your data; we do not use those client details for our own purposes (other than as needed to provide the service to you) and we don’t share those client details with third parties except as directed by you or as needed to provide the Services (e.g., sending an SMS reminder via our SMS gateway, which uses the client’s phone number you provided).

  • Aggregate or De-Identified Data: As mentioned, we may share aggregated or de-identified information (which can no longer be linked back to an individual user or client) with third parties for any lawful purpose, such as industry analysis or research. For example, we could share statistics like total number of appointments booked across all Pinnacle360 users in a year. This data will not identify you or any person by name.

  • Corporate Transactions: If Pinnacle360 is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. In such cases, we will ensure the successor entity honors the commitments of this Privacy Policy or notify you if your information will be handled under a different privacy policy, at which point you may choose to stop using the Services.

Importantly, we do not sell personal information to third-party data brokers or advertisers. We also do not share your personal information with third parties for their direct marketing purposes unless you give us consent to do so.

Data Storage and Security

Storage Location: Your data is stored securely on Amazon Web Services (“AWS”) cloud servers. These servers may be located in the United States (or another country where AWS or our service providers maintain data centers). We choose AWS for its robust security measures and compliance certifications, which help us ensure your information is protected. By using the Services, you acknowledge that your personal information may be transferred to and stored in the United States or other jurisdictions, which may have different data protection laws than your home country. Regardless of location, we will protect your data as described in this Policy.

Security Measures: Pinnacle360 takes data security seriously and implements industry best practices to protect your information. We employ a variety of technical and organizational measures to safeguard data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: All network communications between your device and our servers are encrypted via HTTPS/TLS. Sensitive data (such as passwords and payment information) is encrypted in transit and at rest. For example, passwords are stored only in hashed form, and any payment card data is handled by our PCI-compliant payment processor using tokenization and encryption.

  • Access Controls: Access to databases and systems containing personal data is restricted to authorized Pinnacle360 personnel and contractors who require it for their job duties (principle of least privilege). Those with access are bound by confidentiality obligations. Administrative access to our systems requires strong authentication measures.

  • Monitoring and Testing: We monitor our systems for security breaches and have intrusion detection and prevention systems in place. Regular security audits, vulnerability assessments, and penetration testing are conducted to evaluate and improve our security posture. AWS also provides built-in security features and undergoes independent third-party audits (such as SOC 2 and ISO 27001), which complement our own efforts.

  • Backup and Resilience: We perform regular data backups and use redundancy to ensure the availability of the Services. In case of an incident, we have disaster recovery plans ready to restore functionality and data.

  • PCI Compliance: As noted, any handling of credit card data aligns with PCI-DSS requirements. We do not store full card numbers or CVVs on our systems to reduce risk. (See Payment Processing and PCI-DSS Compliance in our Terms for more information.)

  • Employee Training: Our team members are trained on data privacy and security practices, and we maintain internal policies to safeguard data (including incident response procedures should a breach occur).

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. However, in the unlikely event of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. For example:

  • Account and profile information is kept as long as your account is active. If you delete your account or if it is terminated, we will initiate deletion of your data within a reasonable period, except for information we are required or permitted to retain for legal compliance or legitimate business purposes. Backups containing your data may persist for a short period until they are rotated out.

  • Transaction records and payment information may be retained to complete transactions and thereafter as needed for financial record-keeping (typically at least 7 years for accounting and tax records) and fraud prevention.

  • Client appointment data and other operational records you input are retained until you remove them or delete your account. You have control within the app to delete or modify much of your data. Removing data from live systems might not immediately remove all archival copies, but we will overwrite or purge backups over time.

  • Communications with customer support may be retained for a period to assist with your current or future inquiries and to improve our Services.

  • We may retain aggregated or anonymized data indefinitely, as it no longer contains personal information.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely dispose of it or anonymize it.

Your Rights and Choices

We aim to provide you with control over your personal information. Depending on your jurisdiction and the nature of the data, you may have certain rights regarding the personal data we hold about you. We also provide various tools in your account settings to access, modify, or delete the information you have provided to us.

Your Choices:

  • Access and Correction: You can access and update most of your account information by logging into your Pinnacle360 account and editing your profile or settings. For example, you can change your contact information, password, business details, and so forth. It is your responsibility to keep your personal information current and accurate. If you need assistance accessing or correcting other personal data that you believe we hold, you may contact us (see “Contact Us” below). We will respond to access requests within a reasonable timeframe.

  • Data Portability: In certain jurisdictions, you have the right to request a copy of personal data you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another service provider where technically feasible. We can assist in exporting your data (for example, providing a CSV of your client contacts or appointments) upon request.

  • Deletion of Data: You have the ability to delete specific information via the Services (for instance, you can remove a client or delete an appointment record in the app). You may also request deletion of personal data we hold about you. If you wish to close your Pinnacle360 account and have us delete your account information, you can do so in your account settings or by contacting our support team. Upon such request, we will delete your personal data that we are not required to retain. Note that deleting your data is irreversible, and you will not be able to recover that information later. Also, certain residual copies may remain in system backups for a brief time, but will be purged in the normal course of our operations. We will confirm with you once your account has been deleted.

  • Opt-Out of Marketing: As mentioned, if you prefer not to receive marketing emails or newsletters from us, you can opt out at any time by clicking the “unsubscribe” link in those emails or by adjusting your email preferences in your account settings. To opt out of promotional text messages, reply “STOP” to any such message or follow provided instructions. Please note that even if you opt out of promotional communications, we may still send you transactional or administrative messages related to your account (such as billing notices, security alerts, or service announcements) as these are not promotional in nature.

  • Cookies & Tracking: Most web browsers are set to accept cookies by default, but you can typically remove or reject cookies through your browser settings. Be aware that disabling cookies may affect the functionality of our website (for example, you might need to log in more frequently, and certain features might not work as intended). We currently do not respond to “Do Not Track” signals, as there is no consensus on how to interpret them, but we continue to monitor developments around DNT standards. You may also opt out of certain analytics or advertising cookies by using browser opt-out tools or visiting sites such as the Network Advertising Initiative’s opt-out page.

  • Client Data: If you are an end-customer who interacted with a Professional using Pinnacle360 (for example, you booked an appointment with a salon that uses our platform) and you have questions or requests about your personal information (such as accessing or deleting your appointment history or personal details), please direct your inquiry to the relevant Professional (the salon/business). They are the party responsible for your data in that context. However, if you contact us, we will do our best to assist you or forward your request to the appropriate Professional. For instance, if we receive a deletion request from a client of one of our users, we may notify the user and help facilitate the removal of the client’s data from the user’s account.

Additional Rights for Certain Regions:
If you are a resident of certain jurisdictions, you may have additional privacy rights:

  • European Union / GDPR: If the General Data Protection Regulation (GDPR) applies to your data, you have specific rights including the right to object to or restrict our processing of your data, and the right to lodge a complaint with a supervisory authority in your country. Pinnacle360 will honor all applicable GDPR rights. For example, you have the right to withdraw consent where we rely on it (without affecting the lawfulness of prior processing), and the right to object to processing based on our legitimate interests. Since our user base as of now is primarily outside the EU, our processing is usually based on contract (providing the service to you) or legitimate interests (improving our service, securing it, etc.), but if we ever expand to the EU, we will ensure compliance and possibly appoint an EU representative or Data Protection Officer as required. We have a Data Processing Addendum available for our business customers to address controller/processor relationships under GDPR, and we adhere to principles of data minimization, purpose limitation, and security. If we transfer personal data from the EU to outside (e.g., to the U.S.), we will do so under approved transfer mechanisms (such as Standard Contractual Clauses) to ensure adequate protection.

  • California / CCPA: If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) (as amended by CPRA), such as the right to know what categories of personal information we collect and disclose, the right to request access to or deletion of your personal information, and the right to opt out of the “sale” or “sharing” of personal information (as defined by CCPA). However, Pinnacle360 does not sell personal information as defined by CCPA. If you are a California resident and send us a verifiable request regarding your data, we will treat it in accordance with CCPA. We will not discriminate against you for exercising any privacy rights. (Note: If this section becomes relevant, we will provide a more detailed California Privacy Notice in compliance with the law).

To exercise any of your rights or choices, or if you have questions or need assistance with privacy matters, you can contact us as described in the next section. We will respond to your request as soon as reasonably possible and within any timeframe required by law. We may need to verify your identity or authority to make the request (especially for access, portability, or deletion requests) by asking for information that matches our records.

Compliance with PCI-DSS and Financial Data Security

Given the nature of our Services in handling appointment payments and potentially storing client payment methods for bookings, we reiterate our commitment to Payment Card Industry Data Security Standard (PCI-DSS) compliance. All credit card transactions are processed via PCI-compliant third-party platforms, and we do not store sensitive payment card details on our systems beyond what is necessary. For example, if a client’s card is saved for future bookings, the full card data is stored at the payment gateway and we receive a secure token. We also mask card numbers (showing only last 4 digits) in our interface. We undergo regular compliance checks to ensure our payment flows meet PCI requirements, such as maintaining secure networks, protecting cardholder data via encryption, regularly monitoring networks, and implementing strong access controls. Users of our Services must also handle any card data with care – for instance, you should never write down or store unmasked card numbers from the system in an insecure manner. Please refer to our Terms of Agreement “Payment Processing and PCI-DSS Compliance” section for more details on merchant responsibilities in this regard.

International Data Transfers

Pinnacle360 is based in the United States, and the majority of our data processing occurs in the U.S. If you are accessing the Services from outside the United States, be aware that your information will likely be transferred to, stored, and processed in the United States and possibly other countries. These countries may have data protection laws that are different from those of your country of residence, and in some cases may not be as protective. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. Such safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data (if applicable), and ensuring U.S. recipients of EU data are obliged to protect personal data to EU standards. By using our Services, you consent to your information being transferred to our facilities and to those third parties with whom we share it as described in this Policy.

Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this Policy. If the changes are material, we will provide a more prominent notice (such as by email to account holders or by placing a notice on our website) explaining the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the information we collect. Your continued use of the Services after any update to this Privacy Policy will constitute your acceptance of the changes, to the extent permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Pinnacle360 Privacy Team
Email: [email protected]
Address: Pinnacle360, 515 E Las Olas Blvd, Fort Lauderdale Florida, USA.

We will do our best to address and resolve your inquiries. If you are not satisfied with our response and you are entitled to further remedies under applicable law (for example, contacting a data protection authority or regulator), we will provide you with information on those rights upon request.

Thank you for entrusting Pinnacle360 with your salon’s data. We value your privacy and are dedicated to safeguarding your personal and business information while providing you with an excellent service experience.