Privacy Policy

1. Data controller

Sawatdi OÜ (registry code 14902539), located at Kalma 9, Tallinn, Estonia, is the data controller responsible for your personal data. If you have questions about how we handle your data, please contact us by email at sawatdi@sawatdi.com.

2. Data we collect

When you book an appointment, we collect:

• Name
• Phone number or email address (at least one is required)
• Any comments you voluntarily provide about your appointment
• Voucher codes or gift card identifiers provided during booking

To confirm a booking, we require your name and either a phone number or email address. This information is used to send you confirmations, reminders, and other appointment-related communications.

When you purchase a gift card, we collect your email address (provided by the payment processor) to send you the gift card details. If you choose to send a gift card to a recipient, we collect the recipient's email address for delivery.

3. Purpose of processing

We use your personal data to:

• Schedule and manage your appointments
• Send appointment confirmations and reminders
• Contact you regarding your booking if needed
• Issue invoices and process payments
• Process gift card purchases and deliver gift cards by email

4. Legal basis

We process your personal data on the basis of performance of a contract (GDPR Article 6(1)(b)). The data you provide is necessary to fulfill your appointment booking and deliver the requested services.

5. Data retention

We retain your personal data for the duration of our business relationship and for 7 years after your last appointment to comply with Estonian accounting and tax requirements. You may request deletion of your data at any time, subject to these legal retention obligations.

6. Data security

Your personal data, including your name, phone number, and email address, is encrypted at rest in our database. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

7. Your rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured format
• Object to processing of your data

To exercise any of these rights, please contact us by email at sawatdi@sawatdi.com.

8. Cookies

Our website uses only essential cookies required for the booking system to function. We do not use tracking or advertising cookies.

If you enable the "Remember" option during booking, your contact details are stored in encrypted cookies on your device so they can be pre-filled for future bookings. This cookie is stored locally and is not used for any other purpose. You can disable this at any time by turning off the "Remember" toggle.

We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and does not track you across websites. Analytics data is hosted on our own servers within the European Union.

9. Third parties

Our application is hosted and your data is stored within the European Union.

We may share your data with third-party service providers strictly for the purposes of delivering our services (e.g., Resend for email delivery, Twilio for SMS delivery, Stebby OÜ for voucher processing, Stripe for payment processing). These providers process data on our behalf and are bound by data processing agreements in accordance with GDPR.

When you purchase a gift card, your payment is processed by Stripe, Inc. Stripe collects your payment card details and email address directly — we do not store your card information. Stripe's handling of your data is governed by Stripe's Privacy Policy.

10. Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at info@aki.ee.