Privacy Policy

Last update: May 18, 2026

This Privacy Policy describes how Prime Nodes (hereinafter "we", "the Controller") collects, uses, and processes personal data in connection with the La Garzona service (hereinafter "the Service"), an AI-powered conversational assistant offered to hair salons via WhatsApp and integrated with the salon's Google services.

1. Data Controller

The data controller is Prime Nodes, contactable at alan.magno@gmail.com.

2. Types of data processed

2.1 Salon data (the Service customer)

• Contact details of the salon owner (name, email, phone number)
• Salon configuration data (opening hours, staff members, service catalogue)
• The salon's Google OAuth credentials (access and refresh tokens, stored encrypted in Google Cloud Secret Manager)
• Identifiers of the salon's Google resources (calendar IDs, contact directory IDs)

2.2 End-user data of the salon's clients (WhatsApp users)

• WhatsApp phone number
• First and last name (if provided by the client or present in the salon's Google Contacts)
• Content of conversations with the bot
• Appointment history and preferences (services, preferred staff member, notes)

3. Access to the salon's Google data

3.1 Google scopes requested and purpose

• https://www.googleapis.com/auth/calendar — full management of the salon's calendars: creating, reading, updating, and deleting events (appointments) and calendars (one per staff member).
• https://www.googleapis.com/auth/contacts — management of the salon's client address book: creating and reading contacts containing client information.

3.2 Compliance with Google API Services User Data Policy

La Garzona's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• Google data is used exclusively to provide the features of the Service disclosed to the salon (appointment and client management).
• Google data is not transferred to third parties except as strictly necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger/acquisition/sale of assets with user consent.
• Google data is not used for advertising, advertising profiling, sale to third parties, or to train generalist AI models.
• Google data is not read by humans, except with the salon's explicit consent, for debugging or legal purposes, or when data is aggregated/anonymized for internal security purposes.

4. Use of artificial intelligence and third-party AI providers

4.1 AI providers used

La Garzona uses the following third-party AI services to process user messages and data sourced from Google Workspace APIs (Calendar, Contacts):

• Google Gemini API (Google LLC) — model gemini-3-flash-preview, used for natural language understanding and conversational response generation. Operated by Google on its cloud infrastructure. Endpoint generativelanguage.googleapis.com.
• OpenAI Whisper API (OpenAI, L.L.C.) — model whisper-1, used for transcription of WhatsApp voice messages into text. Used exclusively when a user sends a voice message instead of text. Endpoint api.openai.com.

4.2 Data sent to AI providers

Only the following data may be transmitted to the AI providers listed above, exclusively for the time strictly necessary to generate the response:

• To Google Gemini API: the user's text message, the current conversation history, and minimal operational data needed to generate a response (e.g., the user's name if already known to the salon, available appointment slots, the salon's service catalogue). This may include data sourced from the salon's Google Workspace APIs (e.g., staff calendar names, note fields of an existing appointment, a Google Contact name).
• To OpenAI Whisper API: exclusively the audio file of the voice message received from the WhatsApp user. No Google Workspace data is ever sent to OpenAI.

4.3 Contractual and non-training safeguards

Data transmitted to AI providers is not used to train the providers' AI models, pursuant to the commercial agreements (paid tier) Prime Nodes has with both providers:

• Google Gemini API (paid tier): per the Gemini API Additional Terms of Service, Google does not use prompts and responses sent through the paid API to train its generative models.
• OpenAI API (default policy): per the OpenAI API Data Usage Policy, data submitted through OpenAI's APIs is not used to train OpenAI's models, unless explicit opt-in is granted by Prime Nodes (which has not been granted).

Data sourced from Google Workspace APIs (Calendar, Contacts) is never used to train generalist AI models, neither by Google nor by OpenAI nor by any other provider, in compliance with the Google API Services User Data Policy ("Limited Use of User Data" section).

4.4 Retention by AI providers

Data transmitted to AI providers is subject to the retention and processing policies published by the respective providers (Google and OpenAI), which may include limited retention periods for abuse monitoring and technical debugging. Prime Nodes has selected providers that publish transparent and GDPR-compliant retention policies, but does not have direct control over their internal infrastructure.

5. Purposes of processing

• To provide the conversational assistant service to the salon's end users
• To manage the salon's appointments on Google Calendar (create, read, update, delete events)
• To manage the salon's end-user address book on Google Contacts
• To send operational communications to the salon and to end users via WhatsApp
• To comply with legal and tax obligations

6. Legal basis for processing

The processing is based on:

• Performance of the contract between Prime Nodes and the salon (GDPR Art. 6.1.b)
• Explicit consent of the salon, given through the Google OAuth flow (GDPR Art. 6.1.a)
• Legitimate interest in providing the salon's end users with an effective conversational service (GDPR Art. 6.1.f)

7. Data retention

• Salon configuration data and OAuth tokens are retained for the duration of the contract.
• Conversations and operational data are retained for 24 months from the date of interaction, unless early deletion is requested.
• Google OAuth tokens are revoked and deleted within 30 days from the termination of the Service.

8. Parties that can access the data

• Authorized technical personnel of Prime Nodes, bound by confidentiality
• Cloud infrastructure providers (Google Cloud Platform), acting as data processors
• Messaging service providers (Meta WhatsApp Business Platform), acting as data processors
• AI service providers (Google Gemini API, OpenAI Whisper API), acting as data processors — see §4

9. Extra-EU data transfers

Some providers (Google, Meta, OpenAI) process data also outside the European Union. Such transfers are carried out in compliance with the Standard Contractual Clauses approved by the European Commission and/or on the basis of applicable adequacy decisions.

10. Data subjects' rights

Salons and end users may at any time exercise the rights granted by GDPR (Articles 15–22): access, rectification, erasure, restriction, portability, and objection. Requests must be sent to alan.magno@gmail.com.

In addition, salons may revoke La Garzona's access to their Google data at any time, directly from their Google account settings: https://myaccount.google.com/permissions.

11. Data deletion upon request

To request the complete deletion of data associated with your account, write to alan.magno@gmail.com with the subject "La Garzona data deletion request". We will proceed within 30 days from receipt of the verified request.

12. Data protection mechanisms

12.1 Data encryption

• Data at rest: all persistent data — OAuth credentials, tenant configurations, conversations, and appointment history — is encrypted with AES-256 via the native mechanisms of Google Cloud Secret Manager (for credentials and secrets) and Google Cloud Firestore (for operational data).
• Data in transit: all communications with and from external providers (Google APIs, OpenAI APIs, Meta WhatsApp Cloud API) occur exclusively over TLS (version 1.2 or higher).

12.2 Access control

• Principle of least privilege: each component of the Service operates with a dedicated Google Cloud service account that has only the IAM permissions strictly necessary.
• Multi-tenant isolation: each salon's data is separated at the Firestore path level (tenants/{tenantId}/*) and at the secret naming level ({tenantId}_*), in order to prevent cross-tenant access.
• Administrative access: human access to the Google Cloud Console of the project is restricted to the Prime Nodes owner and protected by multi-factor authentication (MFA).
• Webhook validation: incoming webhooks from messaging providers are validated via per-tenant HMAC signature before any application-level processing.

12.3 Logging and audit

• Structured logging of operations on personal data, without ever recording credentials, tokens, or message contents in plaintext.
• Google Cloud Audit Logs are active (Google Cloud default) to track administrative access to cloud resources.

12.4 Data breach notification

In the event of a personal data breach that poses a risk to the rights and freedoms of natural persons, Prime Nodes will notify the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) within 72 hours of becoming aware of the incident (GDPR Article 33) and, where required, will directly inform the affected data subjects (GDPR Article 34).

13. Changes to this Privacy Policy

This Privacy Policy may be updated periodically. The date of the most recent update is shown at the top. Material changes will be communicated to client salons via email.