Privacy Policy

Laavo is a cloud-based dry cleaning shop management platform. We help dry cleaning shop owners manage orders, customers, invoicing, team members, and more through our web application.

This policy covers all data we collect when you visit laavo.net (our marketing website) and when you use app.laavo.net (our application). By using either service, you agree to the practices described in this policy.

If you have any questions, please contact us at [email protected].

Account Information

When you create a Laavo account, we collect: your name, email address, phone number, business name, and business address.

Customer Data

When you use Laavo to manage your shop, you store your customers' data in our platform. This may include their names, phone numbers, email addresses, and order history. You are the controller of this data; we process it on your behalf to provide the service.

Payment Information

We process payments through Stripe. When you subscribe to Laavo, your billing details (card number, expiry, CVC) are sent directly to Stripe and never stored on our servers. We retain only a record of your subscription status and billing history.

Usage Data

We collect information about how you use the platform: pages visited, features used, time spent in the application, and actions taken (such as creating orders or adding customers). This helps us understand how the product is used and how to improve it.

Device and Browser Information

We automatically collect: your IP address, browser type and version, operating system, device type, and referring URLs. This data is used for security purposes and to improve compatibility.

Cookies and Tracking

We use cookies for authentication and session management. We also use Google Analytics (property ID: G-WLSQNLCG9Y) to understand how visitors use our website. See Section 10 for more detail on cookies.

Communication Data

When we send you emails (welcome messages, password resets, trial reminders, order notifications), those emails are delivered via Resend. We retain a record of the communications we send to you.

We use the information we collect to:

• Provide, operate, and maintain the Laavo platform
• Create and manage your account
• Process payments and manage your subscription
• Send transactional emails (welcome, password reset, order notifications, trial reminders)
• Improve the platform based on usage patterns and feedback
• Provide customer support when you contact us
• Monitor for security threats and prevent fraud
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your personal data for advertising purposes.

If you are located in the European Union or United Kingdom, we process your personal data under the following legal bases:

• Contract performance: Processing your account data, subscription data, and delivering the service you signed up for.
• Legitimate interest: Analytics to improve the platform, security monitoring to protect our users, and fraud prevention.
• Legal obligation: Retaining payment and tax records as required by law.
• Consent: Any future marketing communications will be sent only with your explicit consent, which you can withdraw at any time.

We do not sell or rent your personal data. We share data only with the third-party service providers required to operate the platform:

• Stripe — payment processing and subscription management
• Resend — transactional email delivery
• Railway — application hosting and data storage
• Cloudflare — website hosting, DNS, and CDN
• Google Analytics — anonymous usage tracking (website only)

All third-party processors we use are bound by data processing agreements and maintain appropriate security standards. We do not share your data with advertisers or data brokers.

We may also disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.

• Account data: Retained while your account is active. Deleted upon your written request.
• Customer data (your shop's customers): Retained while your account is active. You can delete individual records at any time within the application.
• Payment records: Retained for as long as required by applicable tax law (typically 7 years).
• Usage analytics: Anonymized and aggregated data may be retained indefinitely. Data that could identify you is not retained beyond your account lifetime.
• After account deletion: Personal data is removed within 30 days of your deletion request. Data in encrypted backups is purged within 90 days.

EU and UK Users (GDPR / UK GDPR)

You have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data (“right to be forgotten”)
• Data portability — receive your data in a structured, machine-readable format
• Restriction — request that we limit how we process your data
• Object — object to processing based on legitimate interest
• Withdraw consent — withdraw consent at any time where processing is based on consent

California Users (CCPA/CPRA)

You have the right to:

• Know — what personal data we collect and how we use it
• Delete — request deletion of your personal data
• Opt-out of sale — we do not sell personal data, so this right is not applicable
• Non-discrimination — we will not discriminate against you for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are an EU or UK resident and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We take reasonable technical and organizational measures to protect your data. These include:

• Encryption of data in transit using HTTPS/TLS
• Encrypted database connections
• JWT-based authentication with secure token handling
• PIN-based quick user switching with hashed PINs
• Role-based access control (owner, manager, employee) to limit data access within your team
• Regular security reviews of our infrastructure and code

No system is completely secure. If you believe your account has been compromised, please contact us immediately at [email protected].

Your data may be processed and stored in the United States and the European Union, depending on the infrastructure and service providers we use.

When we transfer personal data from the EU or UK to countries that are not deemed to have adequate data protection laws, we rely on appropriate safeguards such as standard contractual clauses approved by the European Commission, or equivalent mechanisms permitted under applicable law.

We use the following types of cookies:

• Essential cookies: Required for authentication and session management. Without these, the application cannot function. These cannot be opted out of while using the platform.
• Analytics cookies: Google Analytics (G-WLSQNLCG9Y) places cookies to help us understand how visitors use our website. This data is anonymous and aggregated.

We do not use advertising cookies or third-party tracking cookies.

Managing Cookies

You can control or delete cookies through your browser settings. Blocking essential cookies will prevent you from logging in to the application. To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-out Browser Add-on.

Laavo is a business management tool and is not directed at individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected data from someone under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

We may update this Privacy Policy from time to time as our practices change or as required by law. When we make significant changes, we will notify you by email or via an in-app notification. The “Last updated” date at the top of this page reflects when the policy was last revised.

Your continued use of Laavo after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]

For GDPR-related inquiries (including data subject requests), you can also reach our data protection point of contact at the same email address.