Compliance Summary
📅 Last Updated: December 2025
This page provides an overview of Trimzy's privacy, security, and data
handling practices for investors, partners, and app store submissions.
1. Privacy & Legal Compliance
DPDP Act (India)
Trimzy adheres to the Digital Personal Data Protection Act principles:
- Consent-based data collection
- Clear purpose limitation
- User rights to access, correction, and deletion
- Secure processing standards
GDPR-Aligned Practices
- Right to be forgotten
- Right to data access
- Transparent processing
- Minimal data collection
2. Security & Infrastructure
Backend: Supabase
- Encrypted database storage
- Role-based access control
- IP + timestamp logging for safety
- Rate-limiting & spam filtering
Frontend & Platform Security
- Form validation
- Planned XSS sanitization layers
- No dangerous inline scripts
- Secure design for future scaling
3. Data Handling Practices
Collected Data
Customers:
- Name, phone, email, city, consent
Salon Partners:
-
Salon name, owner name, phone, email, address, optional details,
consent
System (Automatically Logged):
Retention
-
Data retained for up to 24 months unless deletion is requested
4. Transparency Documents
Trimzy provides:
- Privacy Policy
- Terms of Service
- Cookie Policy
- Data Deletion & User Rights
5. User Rights
Users may request:
- Access to their data
- Correction of data
- Permanent deletion