Privacy Policy

1. Who we are

Bella is a software platform operated by SBPM LLC, a Louisiana limited liability company. We provide a salon operating system used by salon operators to run their businesses — AI voice receptionist, SMS automation, payroll, marketing, color formulation, and analytics.

This policy explains what data we handle, how we handle it, and what rights you have over it. It applies to bella.salon, app.bella.salon, api.bella.salon, and any other service we operate under the Bella brand.

2. What we collect

We collect three categories of data:

a. Customer (salon operator) data

When a salon signs up for Bella, we collect business name, owner name, email, phone, billing address, the locations they operate, and the integrations they connect (Zenoti, QuickBooks, Google Ads, Google Business Profile). Payment details are handled by our payment processor (Stripe) and we never see or store full card numbers.

b. End-guest data (data the salon brings into Bella)

Salons import their own guest lists into Bella to operate marketing, booking, and review workflows. This includes guest name, phone number, email address, visit history, and stylist preferences. Bella does not own this data. The salon is the data controller; Bella is a data processor acting on the salon’s instructions under our Data Processing Agreement.

c. Operational telemetry

Standard web logs (IP, user agent, request paths, timestamps), product usage events, audit logs of user actions, and error/crash reports. This is used to keep the service running, detect abuse, and debug issues.

3. How we use your data

• To deliver the service. Reading your guest data and writing back to your POS to run the workflows you enabled.
• To bill you. Processing subscription charges through Stripe and emailing receipts.
• To support you. Reading your account when you contact support, only with your permission and only as needed to resolve your ticket.
• To improve the platform. Aggregated, de-identified usage analytics. We never train AI models on your data or your guests’ data.
• To detect abuse. Rate limiting, fraud detection, and incident response.

We do not sell your data. We do not share it with advertisers. We do not use it to train external AI models. Your guest list is yours.

4. Sub-processors

We use a small number of trusted vendors to deliver the service. Each is bound by data processing agreements and either SOC 2 Type II certified, ISO 27001 certified, or both.

5. Data ownership and deletion

Your data is yours. If you cancel, you can request a full export within 30 days at no charge. Exports include a CSV of every guest record, a JSON of every workflow configuration, and a PDF of every TCPA consent record we hold for your guests. After 30 days post-cancellation, your data is permanently deleted from primary storage; backups age out within 90 days.

You can also request deletion of any individual guest record at any time via your dashboard or by emailing [email protected] — we honor it within 30 days, with confirmation.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Multi-tenant isolation enforced at the database row level. Role-based access controls. Full audit logs. SOC 2 Type II in progress; report available under NDA when complete. See our Security Overview for details.

7. Your rights

Depending on where you live, you may have rights under GDPR, CCPA, or similar laws to access, correct, export, or delete your data. To exercise any of these, email [email protected] from the email address on your account. We respond within 30 days.

For end-guest data (data the salon brings to Bella), please contact the salon directly — they are the data controller. If they refer you to us, we will help facilitate.

8. How to reach us

SBPM LLC (operating Bella)
1597 Gause Blvd, Suite E
Slidell, LA 70458
Phone: (985) 542-1222
Privacy email: [email protected]
General contact: /contact