Legal

Privacy Policy

Last updated: April 16, 2026 · Effective date: April 16, 2026

sheerME is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Portuguese and EU law.

Data Controller
What Data We Collect
Legal Basis for Processing
How We Use Your Data
Who We Share Your Data With
How Long We Keep Your Data
Your Rights Under GDPR
Cookies
International Data Transfers
Data Security
Children’s Privacy
Changes to This Policy
Contact Us

1. Data Controller

sheerME (“we”, “us”, “our”) is the data controller responsible for your personal data. Our contact details are:

Company: sheerME
Address: Rua de Santa Catarina 1234, 4000-447 Porto, Portugal
Email: [email protected]
Website: sheerme.org

2. What Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Account registration: name, email address, phone number, password (hashed).
Profile information: profile photo, location preferences, beauty preferences.
Payment information: bank account details or payment method tokens for cashback withdrawals (processed via secure third-party payment processors; we do not store full payment card numbers).
Communications: messages, support requests, feedback, survey responses.

2.2 Data We Collect Automatically

Usage data: pages visited, features used, booking history, cashback transactions.
Device data: IP address, browser type, operating system, device identifiers.
Location data: general location (city/region) based on IP address; precise location only if you grant permission in-app.
Cookies and tracking: see our Cookie Policy.

2.3 Data from Third Parties

If you log in via Google or Apple, we receive your name and email address from those providers.
Partner salons may share appointment confirmation data with us to verify completed bookings for cashback purposes.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under Article 6 GDPR:

Contract performance (Art. 6(1)(b)): to provide the sheerME platform, process bookings, and credit cashback to your account.
Legitimate interests (Art. 6(1)(f)): to improve our platform, prevent fraud, and send service-related communications.
Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)): to comply with applicable law, including tax and financial regulations.

4. How We Use Your Data

We use your personal data to:

Create and manage your sheerME account.
Process bookings and verify completed appointments.
Calculate, credit, and process cashback withdrawals.
Send booking confirmations, reminders, and account notifications.
Provide customer support.
Personalise your experience (e.g. recommended salons near you).
Send marketing emails or push notifications, where you have consented.
Detect, prevent, and investigate fraud or misuse.
Comply with legal obligations.
Analyse usage trends and improve our platform.

We do not sell your personal data. We may share it with:

Partner salons: your name and appointment details are shared with the salon you book with to facilitate your appointment.
Payment processors: to process cashback withdrawals and payments.
Cloud infrastructure providers: servers that host the sheerME platform (within the EU/EEA).
Analytics providers: anonymised or pseudonymised usage data to understand how the platform is used.
Legal authorities: where required by law or to protect the rights, property, or safety of sheerME, our users, or others.

All third-party processors are bound by data processing agreements that require them to handle your data in compliance with GDPR.

6. How Long We Keep Your Data

Account data: retained for the duration of your account plus 3 years after deletion, to comply with legal and financial obligations.
Transaction data: retained for 7 years in accordance with Portuguese tax law.
Support communications: retained for 2 years.
Marketing consent records: retained until you withdraw consent, plus 1 year.

When data is no longer needed, it is securely deleted or anonymised.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

Right of access (Art. 15): request a copy of the personal data we hold about you.
Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
Right to restriction (Art. 18): request that we limit processing of your data in certain circumstances.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
Right to lodge a complaint: you have the right to lodge a complaint with the Portuguese data protection authority, the Comissão Nacional de Proteção de Dados (CNPD) at cnpd.pt.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

We use cookies and similar tracking technologies. For full details, please see our Cookie Policy.

9. International Data Transfers

We store and process data primarily within the EU/EEA. If any data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include encryption in transit (TLS), encryption at rest, access controls, and regular security assessments. However, no system is 100% secure, and we cannot guarantee absolute security.

11. Children’s Privacy

sheerME is not intended for use by persons under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our platform before the changes take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: [email protected]
Post: sheerME, Rua de Santa Catarina 1234, 4000-447 Porto, Portugal