Instaglam

Last updated: May 21, 2026

Privacy Policy

This Privacy Policy describes how Instaglam (“Instaglam,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use our website at instaglam.com and our booking platform (together, the “Services”).

We are based in Oshawa, Ontario, Canada. This policy is designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and — where applicable to users located in the European Economic Area or United Kingdom — the General Data Protection Regulation (GDPR) and UK GDPR.

1. Who We Are

Instaglam is a beauty services marketplace that connects clients with independent beauty professionals (“vendors”). We act as the data controller for personal information collected through the Services.

Contact:
Instaglam
Oshawa, Ontario, Canada
Email: privacy@instaglam.ca

2. Information We Collect

We collect personal information in the following categories:

2.1 Information You Provide Directly

  • Account registration: name, email address, password, and role (client or vendor).
  • Vendor profile: business name, service descriptions, pricing, location, portfolio images, and banking/payout details collected via Stripe.
  • Bookings: service requested, date, time, notes, and any preferences you enter.
  • Communications: messages you send through the platform, support requests, and feedback.

2.2 Information Collected Automatically

When you visit or use our Services, we automatically collect certain technical and usage information, including:

  • IP address and approximate geolocation (country/city level)
  • Browser type, version, and device type
  • Operating system
  • Pages visited, links clicked, time spent, and navigation paths
  • Referring URLs
  • Session identifiers and access timestamps

2.3 Cookies and Tracking Technologies

We currently use essential cookies required for the Services to function (e.g. authentication session tokens). We intend to expand our use of cookies and similar tracking technologies in the future, including analytics cookies, advertising cookies, and third-party pixels, to the fullest extent permitted by applicable law and subject to your consent where required.

When we deploy additional tracking tools, we will update this policy and, where required by GDPR or CASL, present a cookie consent mechanism that allows you to opt in or out of non-essential categories.

2.4 Information from Third Parties

  • Stripe: payment status, transaction identifiers, and fraud signals. We do not store full card numbers.
  • Future integrations: we may receive data from analytics providers, advertising networks, social media platforms, and other partners as we expand the Services.

3. How We Use Your Information

We use personal information for the following purposes:

  • Providing the Services: creating and managing accounts, processing bookings, facilitating payments, and connecting clients with vendors.
  • Communications: sending transactional emails (booking confirmations, receipts, reminders), service updates, and responses to support requests.
  • Marketing: where you have opted in, sending promotional communications about Instaglam features, offers, and partner services. You may withdraw consent at any time.
  • Analytics and product improvement: understanding how users interact with the Services, measuring performance, identifying bugs, and developing new features.
  • Personalisation: tailoring search results, recommendations, and on-platform experiences based on your behaviour and preferences.
  • Advertising: delivering targeted advertising on our platform and on third-party channels, including through retargeting, to the extent permitted by applicable law and your consent settings.
  • Fraud prevention and security: detecting, investigating, and preventing fraudulent transactions, abuse, and security incidents.
  • Legal compliance: meeting obligations under applicable law, responding to lawful requests from authorities, and enforcing our Terms of Service.

4. Legal Bases for Processing (GDPR)

For users located in the EEA or UK, we rely on the following legal bases:

  • Contract performance: processing necessary to create your account, fulfil bookings, and process payments.
  • Legitimate interests: fraud prevention, platform security, internal analytics, and improving the Services — where these interests are not overridden by your rights.
  • Consent: marketing communications, non-essential cookies, and targeted advertising. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation: processing required to comply with applicable laws.

5. Disclosure of Your Information

We may share your personal information with:

  • Other users: vendor profiles (name, services, location, ratings) are visible to clients. Client names and booking details are shared with the vendor for the relevant booking.
  • Service providers: third-party vendors who process data on our behalf under contractual obligations, including Supabase (database and authentication), Stripe (payments), Vercel (hosting), and analytics or advertising providers we engage from time to time.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
  • Law enforcement and legal process: where required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of Instaglam, our users, or the public.

We do not sell your personal information to third parties for their own independent marketing purposes.

6. International Transfers

Our service providers may store or process your information outside Canada, including in the United States. Where personal information is transferred outside Canada, we ensure appropriate safeguards are in place consistent with PIPEDA. For transfers from the EEA or UK, we rely on adequacy decisions or Standard Contractual Clauses as appropriate.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. When you close your account, we will delete or anonymise your personal information within a reasonable period, subject to any legal retention requirements (e.g. financial records).

8. Your Rights

8.1 Canadian Users (PIPEDA)

You have the right to:

  • Know what personal information we hold about you and how it is used.
  • Access your personal information and request corrections.
  • Withdraw consent to certain uses, subject to legal and contractual restrictions.
  • Challenge our compliance with PIPEDA by contacting us or the Office of the Privacy Commissioner of Canada.

8.2 EEA / UK Users (GDPR)

In addition to the above, you have the right to:

  • Erasure: request deletion of your personal information in certain circumstances.
  • Restriction: request that we limit processing in certain circumstances.
  • Portability: receive a copy of your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Lodge a complaint: with your local data protection authority.

To exercise any of these rights, email us at privacy@instaglam.ca. We will respond within 30 days.

9. Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information against unauthorised access, disclosure, alteration, and destruction. These include encrypted data storage via Supabase, HTTPS for all data in transit, and access controls limiting who within our team can access personal data.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password and to notify us promptly if you suspect unauthorised access to your account.

10. Children's Privacy

The Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

11. Third-Party Links

The Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the revised policy with an updated “Last updated” date. For material changes, we will provide additional notice (such as an email notification or a prominent in-app notice) where required by law. Continued use of the Services after changes become effective constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Instaglam Privacy Officer
Oshawa, Ontario, Canada
Email: privacy@instaglam.ca

If you are located in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada. If you are located in the EEA or UK, you may contact your local data protection authority.