KnipCloud
Get the app

Data Processing Addendum

Last updated May 1, 2026 · 4 min read

This Data Processing Addendum ("DPA") applies between KnipCloud BV ("Processor") and any salon ("Controller") that lists on the KnipCloud platform.

1. Scope

This DPA forms part of the salon's agreement with KnipCloud. It governs the processing of personal data by KnipCloud on behalf of the salon, in the course of operating the booking platform.

2. Subject matter

The salon shares its customer data with KnipCloud (or, more commonly, KnipCloud shares customer data with the salon upon a booking). KnipCloud processes that data only as instructed by the salon and only for the purpose of facilitating the booking.

3. Data categories

  • Customer name, email, phone.
  • Booking history at the salon.
  • Notes, photos, preferences the customer has shared with that salon.

4. Salon obligations

The salon agrees to:

  • Use customer data shared by KnipCloud only for fulfilling the booking and direct follow-up.
  • Apply appropriate technical and organisational security measures.
  • Not share customer data with third parties without that customer's explicit consent.
  • Not contact customers for marketing without an opt-in collected through the salon's own (lawful) channel — KnipCloud bookings are not a marketing opt-in.
  • Honour customer rights requests within 30 days.
  • Notify KnipCloud within 48 hours of any personal-data breach.

5. KnipCloud obligations

KnipCloud agrees to:

  • Process customer data only as instructed by the salon and as required to operate the platform.
  • Maintain appropriate technical and organisational security (encryption in transit and at rest, regular security audits).
  • Use sub-processors only under equivalent data-protection terms.
  • Notify the salon within 48 hours of any personal-data breach affecting that salon's customers.
  • Cooperate with rights requests from the salon's customers.

6. Sub-processors

KnipCloud uses the following sub-processors:

  • Stripe — payment processing.
  • AWS Frankfurt — primary infrastructure.
  • Postmark — transactional email.
  • Twilio — SMS notifications.

A list of current sub-processors is maintained at /legal/sub-processors. We'll update salons 30 days before adding any new sub-processor.

7. International transfers

Where personal data is transferred outside the EEA, we rely on EU Commission–approved Standard Contractual Clauses.

8. Term and termination

This DPA remains in effect for as long as the salon is active on KnipCloud. On termination, the salon's customer data is exported on request and deleted within 90 days, subject to legal retention requirements.

9. Contact

DPO: privacy@knipcloud.com.