Privacy Policy

At Konabia, we are committed to protecting your privacy and processing personal data transparently and securely. This Privacy Policy explains what data we process, for which purposes, on what legal bases, with whom we share it, and what rights you have.

This policy applies to website visitors, registered users (beauty centers and professionals), and—where applicable—individuals who book or manage appointments through Konabia.

We process the following categories of data, depending on how you use the platform:

1. Account data (centers and professionals)

• Identification and contact: name, email, phone number.
• Business information: business name, address, type of services/activity.
• Credentials: username and password (stored using secure hashing/encryption).
• Subscription and billing: subscription status, invoices, and administrative data.
• Center configuration: services, prices, schedules, staff/professionals, resources, internal rules, and booking settings.

2. Usage and technical data (automatically collected)

• Usage data: features used, in-app events, performance metrics.
• Device data: IP address, browser type, operating system, technical identifiers.
• Logs: access and activity logs for security and troubleshooting.

3. End-customer data (bookings)

When a beauty center uses Konabia to manage bookings, the platform may process end-customer data (as configured by the center), such as:

• Name and contact details (e.g., email/phone)
• Booking details (date/time, service, professional, preferences)
• Messages/communications related to the booking (e.g., reminders)

Important: the beauty center is responsible for informing its customers and ensuring a valid legal basis for processing their personal data.

We process personal data for the following purposes:

Providing the service

• Create and manage your account, provide access to the platform, and maintain the service.
• Manage bookings, calendars, professionals, services, and platform settings.
• Provide support and operational communications.

Legal basis: performance of a contract and pre-contractual measures.

Billing and legal compliance

• Process payments, issue invoices, and comply with applicable accounting/tax obligations.

Legal basis: legal obligation and performance of a contract.

Security

• Prevent fraud, unauthorized access, and misuse of the service.
• Monitoring and logs for security and diagnostics.

Legal basis: legitimate interest in ensuring platform security.

Marketing communications (if applicable)

• Send updates, product news, or promotional messages (you can opt out at any time).

Legal basis: consent or legitimate interest (depending on the context and prior relationship).

Analytics (cookies and measurement)

• Measure usage and improve performance and usability of the website/platform.

Legal basis: consent (through our cookie banner/settings).

We do not sell your personal data. We only share it when necessary to provide the service or comply with legal obligations.

Service providers (processors)

• Payments: Stripe and/or Paddle (payment processing, billing, and fraud prevention).
• Analytics: Google Analytics or equivalent tools (only with consent).
• Hosting and infrastructure: cloud providers used to run the platform and backups.

Payment Providers and Billing

Payments and billing for Konabia subscriptions are handled by third-party payment providers, including Stripe and/or Paddle (the “Payment Providers”).

Depending on the Payment Provider used for a specific transaction, the Payment Provider may act as an independent data controller for payment and billing data, or as a data processor acting on our behalf.

We do not store full credit or debit card details. Payment data is processed directly by the applicable Payment Provider in accordance with its own privacy policies and security standards.

Legal requirements

We may disclose data to public authorities and bodies when there is a legal obligation or a valid request.

Beauty centers (when you book)

If you book an appointment, the relevant beauty center will receive the data required to manage the booking.

Some providers may process data outside the European Economic Area. When this happens, we apply appropriate safeguards required by applicable data protection law (e.g., Standard Contractual Clauses or other recognized mechanisms).

You can request more information about providers and safeguards by emailing alejandro@codigoplus.es.

We keep personal data for as long as necessary to fulfill the purposes described above and, where applicable, for the periods required by law (e.g., accounting/tax rules) or to address potential liabilities.

When an account is canceled, we may delete or restrict operational data, while retaining data that must be kept due to legal obligations or for the establishment, exercise, or defense of legal claims.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.

• Encryption in transit (SSL/TLS)
• Access controls and authentication
• Backups and recovery procedures
• Secure password storage (hashing)

Note: no system is 100% secure, but we work continuously to maintain an appropriate level of security.

Depending on applicable law, you may exercise your rights of access, rectification, erasure, objection, restriction, and data portability, and you may withdraw your consent where processing is based on consent.

We use cookies and similar technologies. You can find more details in our Cookie Policy.

Konabia is not intended for children. In Spain, where processing is based on consent, valid consent generally applies from the age of 14. If we become aware that we have processed children’s data without an appropriate legal basis, we will take steps to delete or restrict that data.

We may update this Privacy Policy to reflect legal, technical, or operational changes. If changes are material, we will inform users through reasonable means (e.g., a website notice or email where appropriate).

If you have questions about this Privacy Policy or our processing of personal data, please contact us: