Privacy notice

1. Who we are

"Glänzen", "we", "us", or "our" refers to Glänzen Detail Ltd, a company registered in Ghana under registration number CS-08841229, with its registered office at No. 12 Norla Street, Labone, Accra. We are the data controller for the personal data described in this notice.

If you'd like to reach our Data Protection contact, write to privacy@glanzen.studio or call +233 24 555 0001.

2. What we collect

We collect only what we need to deliver the service you've booked and to run our business responsibly. In practice, that falls into these categories:

• Contact details — your full name, phone number, and email address (if you provide one).
• Vehicle details — make, model, plate number, year, colour, and any notes you add to your booking. Plate number is required because it identifies the vehicle on the work-order tag and on your invoice.
• Booking details — the service you chose, any add-ons, the branch, the date and time, and any pickup or delivery instructions.
• Inspection and work-order media — photos taken on intake (documenting the condition of the vehicle on arrival), photos taken during work for QC, and photos taken on hand-over. These are stored with your job record.
• Payment details — for cash bookings, no card data passes through us. For MoMo, the relevant reference numbers and amounts. For card payments (processed by a third-party provider), we never see or store full card numbers.
• Account data — if you create a customer account on app.glanzen.studio, your sign-in identifiers and the bookings, vehicles, and history that account holds.
• Technical data — when you visit our websites (glanzen.studio and app.glanzen.studio), we keep standard server logs: IP address, user-agent, the URL visited, and the timestamp. These logs help us keep the sites secure and diagnose problems.
• Communications — when you message us by WhatsApp, email, or SMS, we keep a copy of the conversation against your customer record so the next manager you speak with has context.

3. Why we collect it

We use your personal data for these purposes:

• To deliver the service you booked — identify your vehicle on intake, run the work, hand the car back to the right person.
• To communicate with you about a booking — confirm the appointment, propose alternate slots, text when the car is ready, send the invoice and receipt.
• To handle payment — and to settle any disputes about what was charged.
• To maintain a service history — so you (and our branch staff) can see what's been done to your vehicle, and so you don't have to re-explain anything on your next visit.
• To improve our service — aggregate patterns (peak hours, most-booked services, where visitors come from). We never single you out.
• To meet our legal obligations — tax records, accounting records, GRA E-VAT records, anti- money-laundering checks (only if relevant).
• To protect our business and our customers — fraud prevention, security incident response, vehicle damage claims.

4. Lawful basis

Under Act 843 we must have a lawful basis to process your personal data. We rely on the following bases, depending on what we're doing:

• Contract — to deliver the service you booked, we have to process your contact and vehicle details. Without these, we can't honour the booking.
• Legal obligation — invoicing and tax records are kept for as long as the law requires (typically 6 years for tax purposes).
• Legitimate interest — security logging, fraud prevention, and aggregate analytics on our own websites. Where we rely on legitimate interest, we've considered your privacy and use the minimum data needed.
• Consent — for any optional marketing communications. You can withdraw consent at any time.

5. Who we share it with

We don't sell your data, ever. We share it only with the third parties we genuinely need to deliver the service:

• Supabase (Supabase Inc., USA) — the database and authentication infrastructure that runs app.glanzen.studio. Customer records, bookings, work orders, invoices, and photos are stored here. Their servers used by our project are in the EU region.
• Resend (Resend Inc., USA) — the email delivery provider that sends booking confirmations, receipts, and account magic-links from notify@glanzen.studio. Resend sees your email address and the email body.
• Vercel (Vercel Inc., USA) — hosts the marketing site and the operational app. Server logs (IP, user-agent) pass through Vercel's edge.
• Payment providers — when you pay by MoMo or card, the relevant provider (the MoMo network or our card processor) handles your payment. We see the amount, the reference, and the success/failure status; we never see card numbers in full.
• Professional advisors — our accountants and lawyers, only when needed and only for specific matters.
• Regulators — including the Ghana Revenue Authority for tax records and the Data Protection Commission if a lawful request is made.

We require every processor to have appropriate security and confidentiality in place, and only to use your data on our instructions.

6. Where your data lives

Most of our infrastructure runs in the European Union (Supabase Frankfurt, Vercel Frankfurt). Some operational services (Resend for email, Vercel's content delivery edge) are based in the United States. Where personal data is transferred outside Ghana, we ensure the recipient is bound by terms equivalent to those required by Act 843 — typically by way of standard contractual clauses with the processor.

7. How long we keep it

We keep data only as long as we have a reason to. In practice:

• Active customer records — for as long as you remain a customer.
• Booking and work-order history — 6 years from the date of service, to meet tax and accounting obligations.
• Inspection photos — 2 years from the date of service, then automatically deleted.
• Server logs — 90 days, then rotated out.
• Marketing consent records — for as long as the consent is active, plus 1 year so we can prove consent was given.

If you ask us to delete your account, we delete what we can. Records we must keep for tax compliance are flagged as deleted in our systems and not used for any other purpose.

8. Your rights

Under Act 843 you have the right to:

• Access — ask us what personal data we hold on you, and get a copy.
• Correction — ask us to fix inaccurate data.
• Deletion — ask us to delete data we no longer have a lawful reason to keep.
• Object — to particular uses of your data, especially direct marketing.
• Restrict processing — ask us to pause using your data in specific ways while a complaint is being resolved.
• Portability — get your data in a machine-readable format so you can take it elsewhere.
• Withdraw consent — for any processing we do on the basis of consent.

To exercise any of these, email privacy@glanzen.studio from the email address on your account, or call us and we can verify your identity on the phone. We respond within 14 working days; complex requests may take up to 30 days, in which case we'll tell you.

9. Cookies and similar technologies

The marketing site (glanzen.studio) sets these cookies:

• mk-theme — remembers whether you've chosen the light or dark theme. Functional, no tracking. Lives in your browser's local storage, not as a cookie technically; deleting your browser data clears it.

The operational app (app.glanzen.studio) sets the following:

• sb-* cookies — Supabase's authentication session cookies that keep you signed in after logging on. Strictly necessary. They expire when you sign out or when the session times out.

We don't run advertising pixels, third-party trackers, or cross-site cookies. We don't fingerprint browsers.

10. Photos and inspection imagery

Every vehicle is photographed on intake and during work. These photos serve three purposes:

• Pre-existing damage record (protects both us and you in case of a dispute).
• Quality control — supervisors review them before sign-off.
• Service history — you can see them on your account.

We never use these photos for marketing, social media, or advertising without your explicit, written permission. If we ask permission to use one (e.g. for a before/after feature on our blog), you can decline without affecting your service in any way.

11. Marketing and communications

We send three kinds of messages:

• Transactional (booking confirmations, receipts, account magic-links) — always sent, you can't opt out without closing your account.
• Service reminders (your full detail is six months out, MOT due, etc.) — on by default; you can turn these off in your account settings.
• Promotions and newsletters — off by default; only sent if you've explicitly opted in.

Every promotional message we send includes a one-click unsubscribe link.

12. Security

We take reasonable steps to keep your data safe: encryption in transit (HTTPS), encryption at rest (Supabase's standard column encryption), role-based access (only the staff who need to see a record can), and regular security reviews. Branch supervisors must sign in with two-factor authentication. We log every access to a customer record.

No system is perfectly safe. If something does go wrong, we'll notify you and the Data Protection Commission within 72 hours of becoming aware of a breach that affects your personal data.

13. Children

We don't knowingly collect data from children under 18. Our services are bought by adults, and our website is designed for adults. If you believe a child has provided us data without parental consent, email us and we'll delete it.

14. Complaints

If you're unhappy with how we've handled your personal data, please email privacy@glanzen.studio first — we want to fix it. If you remain unsatisfied, you have the right to lodge a complaint with Ghana's Data Protection Commission:

15. Changes to this notice

We update this notice from time to time. The "Effective" date at the top tells you when the current version started applying. If we make a material change (one that affects what we collect or how we use it), we'll email everyone with an active account at least 30 days before the new version takes effect.

16. Contact

For any privacy question, request, or concern:

See also: Terms of service.