Privacy Policy
Last updated: May 25, 2026
1. Introduction
Salonat (“Salonat”, “we”, “us”, or “our”) provides a friends-first social and matchmaking platform: trusted people host private “salons,” introduce friends they know, explore matches through icebreakers and optional deeper flows, customize avatars and 3D salon spaces, and communicate in-app. Salonat is not only a dating app—it combines social networking, introductions, user-generated content, avatar experiences, and messaging.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and what choices you have. It applies to the Salonat mobile application, our websites (including this marketing site), and related online services (collectively, the “Service”).
By using the Service, you acknowledge this policy. If you do not agree, do not use the Service. Our Terms of Use govern your use of Salonat and work together with this policy.
2. Information we collect
We collect information in the categories below. What we receive depends on how you use Salonat.
A. Information you provide
-
Account and profile (matchmakers): email, password (stored as a secure hash, never in plain
text), phone number (required at registration), public handle (
user_handle), display name and signup name, profile photos (typically at least one at signup), bio, age or birthdate, pronouns, gender, location, occupation, education, interests, relationship and matching preferences, Instagram username (if you add it), and other profile fields you choose to complete. - Avatar and appearance data: avatar model selection, colors, outfit choices, zoom/focus settings, and optional custom avatar asset URLs you save. Some avatar tooling may process a face photo on your device to suggest stylized likeness; we do not describe uploading your entire camera roll for that feature unless you explicitly choose to save or share a resulting asset.
- Salon and social graph data: people you add to your salon (“participants”) including their name, phone number, how you met them, descriptions and preferences you enter about them, avatar gender for salon display, and records of matches you create between participants.
-
Consent and responses: when someone you invited responds (including via SMS links), we store
consent status and timestamps (for example
consent_given_at) associated with that participant record. - Messages and match activity: in-app icebreaker chat text, voice notes (stored as files with URLs in our systems), game state, revealed profile information during matched flows, Mashroobat (“مشروبات”) session answers when you use that feature, and optional notes you send (for example a “salon knock” message to a public salon owner).
- 3D salon and room content: furniture placement, floor and wall styles, and related layout data for your salon space, which may be visible on your public salon page.
- Ratings and feedback: salon ratings you submit about other users (including star values and whether the rating is anonymous), subject to product rules (for example ratings among connected friends).
- Support and legal requests: information you send when you contact us (email content, reports, attachments).
B. Information collected automatically
- Device and app data: device type, operating system, app version, language/locale, and general diagnostic data needed to operate and secure the Service.
- Log and usage data: server logs (including IP address, request timestamps, and error information), API activity, and security-related events (for example rate limiting).
-
Crash and product analytics (when enabled): if we configure crash reporting (currently
Sentry via
EXPO_PUBLIC_SENTRY_DSNon release builds), we may receive stack traces, device/OS context, session identifiers, and product funnel events (such as signup, salon opened, match created) and screen paths (for example which app screen was active). We configure these tools not to send email, phone numbers, passwords, chat text, or voice note content in analytics properties. After login, Sentry may receive an internal numeric user id and optional public handle to group crashes—not your legal name or email in those events. - Realtime connection metadata: when you use live features (Socket.io), we process connection and room membership data needed to deliver events (for example new chat messages) to the right session.
- Approximate location: we do not run continuous GPS tracking as a core feature today. Profile location fields and distance preferences are information you type, not automatic background location, unless we introduce that separately and update this policy.
C. Information from your device contacts (invite flow)
On supported mobile platforms, you may use the system contact picker to choose one person at a time to invite. With your permission, the app reads the name and phone number of the contact you select and pre-fills the invite form. We do not upload or store your full address book on our servers. Only the name and phone you submit when creating a participant are sent to Salonat.
D. Information from other users about you
Other users may add information about you when they invite you to a salon or create a match involving you—for example your name, phone number, and descriptions they provide. If you already have a Salonat account linked to that phone, we may connect their participant record to your account and notify you in-app instead of sending SMS where the product rules allow.
Your responsibility: users who invite others should only add people they know, should provide accurate contact details, and should respect that person’s expectations and applicable law (including consent for outreach). If you believe someone added you without permission, contact us (see Contact).
E. Information we do not collect (today)
- Payments: we do not process payment card data in the current product; see Terms — Payments for future features.
- Generative AI chats: we do not offer a general-purpose AI companion that stores your conversations with a large language model provider today; see Automated systems.
- Mobile push notifications: core notifications today are in-app (and SMS for certain flows). Dedicated push notification providers are not described here unless we enable them and update this policy.
3. How we use information
We use personal information to:
- create and authenticate accounts and maintain sessions;
- operate salons, participant lists, matching, icebreakers, Mashroobat, and related social features;
- display avatars, salon layouts, and public salon pages to the audiences described in this policy;
- send in-app notifications (matches, knocks, invites, and similar);
- send SMS messages through our messaging provider when configured (for example salon invites, match notifications, and “ping” invites to join Salonat), and log message metadata in our database;
- link phone numbers to existing accounts to avoid duplicate outreach and deliver in-app notices;
- enforce consent and response flows for participants;
- provide realtime delivery of match and chat events;
- host, back up, and retrieve photos, voice notes, and 3D-related assets;
- improve reliability, performance, and security (including crash analytics);
- detect, investigate, and address abuse, fraud, and policy violations;
- comply with law and respond to lawful requests;
- communicate with you about the Service and support requests.
We may use aggregated or de-identified information that cannot reasonably identify you for analytics and product improvement.
4. Social visibility — who can see what
Salonat’s trust model depends on clear visibility rules. The following describes our current product behavior at a high level; specific screens may show additional context.
- Matchmakers (salon hosts): can see full participant names, phone numbers, descriptions, match status, and high-level progress on matches they created, as implemented in host tools.
- Participants without a full account: interact through secured links and limited flows; they do not receive the full matchmaker dashboard. Profile details revealed during icebreakers follow game and match rules.
- Matched pairs: can see each other’s icebreaker chat, voice notes, and progressively revealed information according to match state—not the entire salon roster’s private notes.
- Public salon visitors: anyone with your public handle can view your public salon page (3D room layout and related public profile elements we expose there). Visitors who are logged in may “knock” on your salon; you receive an in-app notification that can include their display name, handle, and optional note.
- Public search: limited public discovery features may expose handles and display-oriented fields—not your email or password.
- Identity reveal: some information stays anonymized or partial until match steps complete; when the product reveals identity (for example connected accounts or post-icebreaker profile views), that reveal is intentional within the flow—not a public directory of all users.
You control what you submit. Do not put sensitive information in bios, salon notes, or messages unless you intend to share it with the recipients who can access that part of the Service.
5. Messaging and communications
- In-app messages: chat and voice content in matches are stored so both sides can participate and so we can investigate abuse reports. You are responsible for what you send.
-
SMS: when Twilio (or a successor provider) is configured, we send transactional SMS to phone
numbers you or your matchmaker supplied—for example when you are added to a salon, matched, or pinged to join
Salonat. SMS may include links with scoped tokens. Message content and delivery metadata may be logged in
sms_logs. Standard carrier charges may apply to recipients. - Email: we may send account-related or support email if we enable it; today primary account identifiers include email for login.
- In-app notification feed: stored in our database and shown inside the app.
You can revoke device permissions (contacts, camera, photos, microphone) in OS settings; some features will stop working without them.
6. Automated systems (current and future)
Today: matching and introductions are driven by users and salon hosts, not by an opaque autonomous dating algorithm that decides your relationships without human involvement. We use software rules to enforce product logic (eligibility, consent, deduplication, rate limits).
Not yet implemented: large-language-model features, AI-generated profile copy, automated moderation classifiers, or paid recommendation engines. If we add them, we will update this policy to describe what data is processed, whether outputs are shown to you or others, and any third-party AI providers involved.
7. Sharing information
We do not sell your personal information. We share information only as described below:
-
Service providers that help us run Salonat, under contracts that require them to protect data
and use it only for our instructions, such as:
- Cloud hosting for the API and database (for example managed Node hosting and PostgreSQL);
- Object storage (for example S3-compatible storage) for photos and large files;
- Twilio (or similar) for SMS when enabled;
- Sentry for crash and product analytics when enabled;
- Cache / rate-limit infrastructure (for example Redis-compatible services) where configured.
- Other users, as described in Social visibility, according to salon, match, and public-page rules.
- Legal and safety: when we believe disclosure is required by law, to protect users and the public, or to enforce our Terms.
- Business transfers: if we merge, acquire, or sell assets, information may transfer subject to this policy or a successor notice.
Provider privacy practices also apply—for example Sentry’s privacy policy and Twilio’s privacy policy.
8. User-generated content
Photos, text, voice notes, avatar customization, salon layouts, messages, and similar materials are user-generated content (“UGC”). You retain ownership of your UGC as between you and Salonat, but you grant us the rights described in our Terms — License so we can host and operate the Service.
We may—but are not obligated to—monitor UGC. We may remove content, restrict features, or suspend accounts when we believe content violates our Terms, creates risk, or is required by law.
9. Safety and moderation
We take harassment, impersonation, non-consensual sharing, and illegal content seriously. Depending on the build, you may report concerns by emailing hello@salonat.app with details (screenshots, usernames, match ids). In-app reporting tools may be added over time; when available, they will be described in the app and in our Terms.
We may preserve information related to safety investigations even after you delete content or close an account, as allowed by law.
10. Age restrictions
Salonat is intended for people 18 years of age or older (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided data, contact us and we will take appropriate steps to delete it where required.
You may be asked for age or birthdate in profile fields; providing false age information violates our Terms.
11. Data retention
- We keep information while your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements.
- SMS logs and server logs are retained for operational and abuse-prevention purposes for a period consistent with our internal schedules (contact us for specifics if you need them for a rights request).
- Backups may retain deleted data for a limited time before being overwritten.
- Inactive accounts: we may delete or anonymize dormant accounts after notice where permitted by law.
- Moderation records may be kept longer to prevent repeat abuse.
12. Your rights and choices
Depending on where you live (including the EEA/UK under GDPR, California under CCPA/CPRA, or Egypt under applicable data protection law), you may have rights to:
- access personal information we hold about you;
- correct inaccurate profile data in the app or by contacting us;
- request deletion of your account or certain data;
- export a copy of your data;
- object to or restrict certain processing;
- withdraw consent where processing is consent-based (without affecting prior lawful processing);
- lodge a complaint with a supervisory authority.
Self-service today: authenticated matchmakers can download a
profile JSON export via GET /api/auth/me/data-export (matchmaker profile fields
only; participants, matches, and messages are not included yet). Full export and automated
deletion across all tables are in progress—email us if you need help before those ship.
To exercise rights, email hello@salonat.app from the address tied to your account. We may verify your identity before responding.
13. Security
We implement commercially reasonable administrative, technical, and organizational safeguards (for example password hashing, HTTPS in production for API and SMS links, upload type checks for images, JWT authentication, and access controls on matchmaker data). No system is perfectly secure; we cannot guarantee that unauthorized access, loss, or alteration will never occur.
14. International users
Salonat may be operated from Egypt and/or other countries. If you access the Service from outside that region, your information may be transferred to, stored in, and processed in countries that may have different data protection laws than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) after legal review.
EEA/UK users: our legal bases may include contract performance, legitimate interests (security, analytics, fraud prevention), and consent where applicable. Contact us for a jurisdiction-specific summary if needed.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date. If changes are material, we will provide additional notice as required (for example in-app notice or email).
16. Contact
Privacy questions and rights requests: hello@salonat.app
General support uses the same address unless we publish a dedicated support channel on salonat.app.