Privacy Policy

Information We Collect

We collect the following types of information when you use the Kosher Spa app:

• Account information — your name, email address, and profile photo provided during sign-up via Clerk authentication
• Booking information — services booked, dates, times, staff selection, payment method, and booking history
• Payment information — transaction references and amounts processed through Paystack. We do not store your card number, CVV, or bank details — all sensitive payment data is handled exclusively by Paystack
• Wallet activity — top-up amounts, wallet balance, and transaction history stored securely on your device
• AI conversation data — messages you send to the KOSHER AI Advisor, used to provide responses and improve AI quality over time
• Usage analytics — anonymised data about how you navigate and use the app, including screens visited, features used, and session duration, collected via PostHog
• Device information — device type, operating system version, and app version for diagnostic and compatibility purposes

How We Use Your Information

We use your information to provide, improve, and personalise the Kosher Spa experience:

• To create and manage your account securely
• To process and confirm service bookings
• To handle payments and wallet transactions via Paystack
• To power the KOSHER AI Advisor with context-aware wellness recommendations
• To improve AI responses over time using anonymised conversation patterns
• To understand how users interact with the app through anonymised analytics, helping us improve features, fix issues, and build better experiences
• To send booking confirmations and relevant notifications
• To respond to customer support enquiries
• To detect and prevent fraudulent activity

Data Used to Improve Our Services

We collect certain data specifically to improve the Kosher Spa app and the KOSHER AI Advisor over time:

AI Improvement

Messages sent to the KOSHER AI Advisor may be reviewed in anonymised form to evaluate the quality of AI responses, identify areas for improvement, and train future AI models. We apply strict anonymisation before any such review — your name and personal identifiers are removed. You can opt out of AI data use for improvement purposes by contacting us.

Analytics

We use PostHog to collect anonymised usage analytics. This includes which features are used most, how users navigate the app, booking completion rates, and general performance metrics. This data is aggregated and never linked to your personal identity. It helps us understand what is working well and where we can improve the app.

What we do NOT do with your data:

• We do not use your data to show you third-party advertisements
• We do not sell any data — anonymised or otherwise — to data brokers or marketing companies
• We do not share identifiable personal data with any party not listed in this policy
• We do not use your AI conversations to train models without anonymisation

Third-Party Services

The Kosher Spa app integrates the following trusted third-party services, each governed by their own privacy policies:

• Clerk — Authentication and account management. clerk.com/privacy
• Paystack — Secure payment processing. PCI-DSS compliant. Card data never touches our servers. paystack.com/privacy
• Supabase — Backend database and API infrastructure. supabase.com/privacy
• PostHog — Anonymised product analytics. posthog.com/privacy
• Google (Gemini AI) — Powers the KOSHER AI Advisor. Conversations are subject to Google's AI usage policies. ai.google.dev

Data Storage & Security

Booking history and wallet data are stored locally on your device using secure AsyncStorage. Account and authentication data is stored securely via Clerk with industry-standard encryption in transit and at rest.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Payment processing is handled entirely by Paystack, which is PCI-DSS compliant.

Your Rights & Choices

You have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your account and all associated personal data
• Opt-out of AI improvement data use — Request that your AI conversation data not be used to improve our models
• Opt-out of analytics — Contact us to opt out of non-essential usage analytics
• Data portability — Request your data in a portable, machine-readable format

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

Children's Privacy

The Kosher Spa app is intended for users aged 13 and above. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the app, please contact us immediately and we will delete it promptly.

Data Retention

We retain your account data for as long as your account remains active. Booking records are kept for up to 2 years for service continuity purposes. Anonymised analytics data may be retained indefinitely as it cannot be linked to any individual. If you delete your account, we will remove your identifiable personal data within 30 days, except where retention is required by applicable Nigerian law.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When material changes are made, we will update the "Last updated" date at the top and notify users through the app. Continued use of the app after changes constitutes acceptance of the updated policy.