Privacy Policy

Last updated: April 11, 2026

Introduction

Basha ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Information We Collect

Personal Information

  • Name and email address
  • Phone number (optional, for account verification only)
  • Profile photo (optional)
  • Your IP address (used to determine your country on first visit to the shop directory; the raw IP address is not stored)
  • GPS coordinates (only when you explicitly click "Use my exact location"; coordinates are not stored)

For Barbers

  • Professional experience and skills
  • CV/Resume documents
  • Work history

For Shop Owners

  • Business name and address
  • Business contact information
  • Service offerings and pricing

Location & Country Detection

IP-Based Country Detection

When you visit our shop directory (/shops), we use your IP address to automatically determine your country so we can show you relevant local shops without requiring you to do anything. This lookup is performed entirely on our own server using a locally-installed geolocation database (we do not send your IP address to any third-party service for this purpose).

Only the resulting country code (e.g. "EG" or "DK") is retained — your raw IP address is never stored in our database or logs as a result of this process. The country code is cached in your server-side session for the duration of your visit (up to 120 minutes of inactivity), after which it expires automatically.

Lawful basis: We rely on legitimate interests (Article 6(1)(f) GDPR) for this processing. Showing you shops that are relevant to your country is a core function of the service, the processing is minimal (country code only, short-lived session), and we do not use it for profiling or advertising.

GPS-Based Exact Location (Opt-In Only)

If you click "Use my exact location" on the shop directory, your browser will request your GPS coordinates. This is an explicit action — your location is never requested automatically. If you grant permission, your coordinates are used solely to identify which country you are in and to show you nearby shops. The GPS coordinates themselves are not stored; only the derived country code is saved in your session, exactly as described above for IP-based detection.

You can deny the location request at any time. Denying GPS access has no effect on the shop directory, which continues to function using the IP-based country or your last manually selected country.

Manual Country Selection

If you manually select a country or switch to global view using the country chips on the shop directory, your choice is saved in your session for the duration of your visit. Authenticated users may also save a preferred country in their account settings; this preference is stored in the database and linked to your account.

Phone Number

If you choose to provide your phone number, it is used solely for account verification and fraud prevention. We do not use your phone for marketing, SMS communications, or share it with other users.

Your phone number is encrypted and only a masked version is visible to you in your account settings. You may remove your phone number at any time.

How We Use Your Information

  • To provide and maintain our service
  • To verify your account and prevent fraud
  • To notify you about changes to our service
  • To provide customer support
  • To gather analysis to improve our service
  • To detect, prevent and address technical issues

Email Changes

When you request to change your email address, a verification link is sent to your new email. Your current email remains active until the new one is verified. You can cancel a pending email change at any time.

Data Security

We implement appropriate security measures to protect your personal information. Your data is encrypted in transit and at rest. We regularly review our security practices to ensure your information is protected.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

Account Deletion

When you request account deletion, your request enters a 72-hour cooling-off period during which you may cancel it at any time. After this period, your account is automatically anonymized — no manual review is required. This process complies with GDPR data erasure requirements.

When your account is deleted, your personal information (name, email, phone) is permanently removed or anonymized. Booking history may be retained for business records with your identity removed.

A non-reversible cryptographic identifier may be retained solely to prevent fraudulent re-registrations. This identifier cannot be used to recover your original information.

Cookies & Session Storage

We use a session cookie to maintain your visit state (login status, selected country, and similar preferences). The cookie contains only an opaque session token — no personal data is stored in the cookie itself. All session data (including your country preference) is held server-side and expires after 120 minutes of inactivity.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that share your data with external parties.

You can instruct your browser to refuse all cookies. If you do, some features (such as staying logged in) will not work, but browsing the shop directory will remain functional.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Cookie Notice

We use cookies to improve your experience. By continuing to use this site, you agree to our Privacy Policy.

Learn More