Privacy Policy

Last updated: April 20, 2026

1. Introduction

MUA Studio ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

2. Information We Collect

We collect the following types of information:

2.1 Information You Provide

• Account information: Name, email address, password, business name, booking page username, and profile photo when you create an account.
• Business data: Client records (including name, contact details, skin profile, safety notes, preferences, session history), bookings, service menus, product inventory, invoices, portfolio images, and session records you enter into the app.
• Payment account information: If you connect Stripe to accept client payments, we store your Stripe Connect account identifier. Your Stripe account credentials, bank details, and tax information are held by Stripe, not by us.
• Subscription billing: App Store subscriptions are processed by Apple, and Google Play subscriptions are processed by Google. We receive the subscription status, product identifier, and transaction identifier from Apple or Google, but never your payment card details.
• Contract documents: Contract templates, contract content, and signed-document references you create for use with clients.
• Messaging content: Message templates and messages you send to clients through the Service (via email or WhatsApp).
• Communications: Messages you send to us for support or feedback.

2.2 Information Collected Automatically

• Device information: Device type, operating system, and unique device identifiers.
• Push notification tokens: Apple Push Notification service (APNs) tokens on iOS, and Firebase Cloud Messaging (FCM) tokens on Android, are stored so we can deliver booking alerts and reminders to your device.
• Usage data: Features used, screens viewed, session identifiers, referral/UTM parameters, and interaction patterns. This is captured by our own first-party analytics — we do not embed third-party analytics SDKs in the app.
• Log data: IP address, access times, and error logs for security and troubleshooting.

2.3 Community Contributions

When you contribute product information to the Community Product Database (product name, brand, category, shade, barcode, PAO, and product photos), this data is shared with all other MUA Studio users. Community contributions are distinct from your private business data:

• What is shared: Product details you contribute (name, brand, category, shade, barcode, PAO months, and product photos). This information is visible to all authenticated MUA Studio users.
• What is not shared: Your identity as a contributor is private. Other users cannot see who contributed a product. Only you see a "You contributed this" indicator on products you submitted.
• Verification data: When you verify a product ("I own this too"), your verification is counted anonymously toward the product's trust score. Other users cannot see who verified a product.
• Contribution statistics: Your total contribution count and tier badge (Bronze, Silver, Gold) are visible on your profile. These reflect quantity of contributions, not specific products.

Community product sharing is enabled by default when you add a new product. You can disable this on a per-product basis using the "Share with Community" toggle in the product form.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service.
• Process your subscription and manage your account.
• Process payments you accept from your clients through Stripe, including calculating platform fees and (if enabled) applicable sales tax.
• Send transactional messages on your behalf to your clients (booking confirmations, reminders, invoice links) via email and, where you enable it, WhatsApp.
• Send transactional notifications to you (expiry alerts, booking updates, push notifications).
• Provide customer support.
• Detect and prevent fraud, abuse, or security incidents.
• Analyze usage patterns to improve features and user experience.

We will never sell your personal data or your clients' data to third parties.

4. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including:

• TLS/SSL encryption for all data transmission.
• Encrypted database storage.
• Regular security audits and vulnerability assessments.
• Role-based access controls for our team.

5. Data Sharing and Third Parties

Your private business data (clients, bookings, invoices, personal product inventory) is never shared with other MUA Studio users or used for advertising. We share information with third parties only in the following circumstances:

• Stripe (payment processing): When you accept client payments through the Service, payment details (amount, currency, client name and email, service description) are sent to Stripe, Inc. to process the charge. Card and bank details are collected and held by Stripe directly — we never see or store them. Stripe's handling of this data is governed by the Stripe Privacy Policy.
• Apple (subscriptions and push notifications): App Store subscription status, purchase receipts, and APNs device tokens are exchanged with Apple to operate subscriptions and deliver push notifications on iOS.
• Google (subscriptions, push notifications, crash reports): On Android, Google Play subscription status and purchase tokens are exchanged with Google Play Billing to operate subscriptions; Firebase Cloud Messaging device tokens are exchanged with Google to deliver push notifications; and anonymized crash and performance diagnostics may be sent to Firebase to help us debug issues.
• WhatsApp / Meta (optional messaging): If you enable WhatsApp messaging, the message content, your client's phone number, and delivery metadata are sent to Meta Platforms via the WhatsApp Business Cloud API to deliver the message.
• DocuSeal (optional e-signature): If you send a contract for signature, the contract content, signer name, and signer email are sent to DocuSeal to handle the signing workflow and produce a signed document.
• Google Calendar (optional integration): If you connect Google Calendar, booking details (title, time, location, notes) are synced to your Google account so events appear on your calendar.
• Email delivery and cloud hosting providers: Transactional email providers and cloud infrastructure providers that help us operate the Service.
• Product data lookup: When you scan a product barcode, the barcode may be sent to public product databases (such as UPCitemdb and Open Beauty Facts) to retrieve product information. No account or client data is sent.
• Legal requirements: When required by law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

Community Product Database: Product information you contribute to the Community Product Database is shared with all authenticated MUA Studio users by design. This is a separate, opt-in data category from your private business data. See Section 2.3 for details on what is and is not shared.

We require all third-party providers to protect your data in accordance with this policy.

5A. Client Data You Store in the Service

You are the data controller for the client information you enter into MUA Studio (client names, contact details, skin profiles, allergies, photos, and session records). We process this information on your behalf as your data processor. You are responsible for:

• Obtaining any consents required under applicable law (including, where relevant, explicit consent for sensitive data such as allergy information or client photos).
• Responding to data-subject requests from your clients (access, correction, deletion, portability).
• Sending your clients only messages they have consented to receive, and honoring opt-out requests.

We will assist you with client data-subject requests on reasonable notice. You can export or delete client records at any time from within the app.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate data.
• Deletion: Request deletion of your account and personal data.
• Portability: Export your data in a commonly used format.
• Opt-out: Unsubscribe from marketing communications at any time.

Community contributions: You may request removal of products you contributed to the Community Product Database. If a product has been verified by other users, we may retain the product data in anonymized form (removing your association as contributor) to preserve the integrity of the community database.

To exercise these rights, contact us at privacy@muastudio.co.

7. Data Retention and Account Deletion

We retain your data for as long as your account is active or as needed to provide the Service. You can delete your account at any time from within the app (open your Profile or Settings screen and tap "Delete Account"), or by emailing privacy@muastudio.co from the address associated with your account.

When you delete your account, we will delete your personal data and the client records you stored within 30 days, except where retention is required by law (for example, financial transaction records required for tax reporting, which may be retained for up to seven years in anonymized form).

8. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@muastudio.co