Privacy Policy
Version 1 · Published 14 July 2026
Ist'ile Privacy Policy
Effective date: 19 March 2026 · Version 1
Ist'ile ("we", "us") operates the Ist'ile website and mobile applications — a booking platform connecting customers with beauty and grooming professionals across Mauritius. This policy explains what personal data we collect, why, and the choices you have. We process personal data in accordance with the Mauritius Data Protection Act 2017 (DPA).
1. Data we collect
Account data. When you create an account we collect your name, email address, password (stored only as a secure hash) and, optionally, your phone number and a profile photo.
Business data (professionals). Shop owners additionally provide their business name, category, address, map location, opening hours, services, prices and gallery photos. This information is published on the platform — that is its purpose.
Booking data. When you request an appointment we record the shop, service, date and time, price, booking status and any note you attach.
Messages. Chat messages between customers and shops are stored so both sides can see their conversation history.
Location. If you tap "Use my location", your device location is used on your device and in the current request only to sort nearby shops and centre the map. We do not store your location history and we never access location in the background.
Photos. A profile photo (optional) and, for professionals, gallery photos you choose to upload.
Usage events. First-party engagement events (shop views, searches, booking clicks) linked to your account where relevant. We use no third-party advertising or tracking SDKs.
Push tokens. If you enable notifications, we store the device token needed to deliver them.
2. Why we process it (legal bases)
- Performance of a contract: operating your account, processing bookings, delivering messages and notifications.
- Legitimate interests: platform analytics, fraud prevention, service improvement, audit logging of sensitive actions.
- Consent: optional features such as location, notifications and photos — each is requested in context and can be declined without losing core functionality.
- Legal obligations: retention of transactional records where required.
3. Sharing
We share your data with no third parties for marketing. Limited processors act on our instructions: our hosting provider (server infrastructure) and Resend (transactional email delivery). When you book, the shop sees your name, the booking details and any note you wrote — that is necessary to provide the service. We disclose data to authorities only where the law requires it.
4. Retention
Account data is kept while your account is active. Chat messages and notifications are kept until you delete your account. Completed booking records and reviews are retained in anonymised form after account deletion, because professionals need their business records; audit logs are kept for up to 24 months.
5. Your rights
Under the DPA you may request access, correction, erasure, or object to processing. Contact privacy@istile.mu. You also have the right to lodge a complaint with the Data Protection Office of Mauritius.
6. Account deletion
You can delete your account instantly in the app or website: Profile → Privacy & Security → Delete Account, or submit a request at /account-deletion. Deletion removes your personal identifiers immediately as described above.
7. Security
Passwords are hashed, secrets are encrypted at rest, traffic is encrypted in transit (TLS), and administrative actions are audit-logged. No system is perfectly secure; we notify affected users and the regulator of breaches as the DPA requires.
8. Children
Ist'ile is intended for users aged 18 and over.
9. Changes
We will ask you to review and accept material changes to this policy before continuing to use Ist'ile.
Contact: privacy@istile.mu · Ist'ile, Mauritius
Questions about these documents? Contact us · Want your data removed? Account deletion