Browzhaus
Book Now

Privacy Policy

Last updated: 19 April 2026

This Privacy Policy explains how Browzhaus(“we”, “us”, “our”), a brow and lip studio operating from Jumeirah Lake Towers, Dubai, United Arab Emirates, collects, uses, stores, and shares your personal data when you visit our website, enquire about services, or book an appointment with us. It is written to reflect our obligations under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and applicable Dubai regulations.

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood it.

1. Who we are

The data controller is Browzhaus, based in Jumeirah Lake Towers, Dubai, UAE. For any privacy questions or requests, you can reach us at hello@browzhaus.ae or +971 50 951 2603.

2. Personal data we collect

Depending on how you interact with us, we may collect:

  • Contact & enquiry data — name, email address, phone number, and any message you send us through our contact form, WhatsApp, email, or phone.
  • Booking data — appointment date and time, service selected, deposit and payment references, and any notes you share (for example, sensitivities or prior treatments) that are relevant to your appointment.
  • Health-related information you choose to share — for example, whether you are pregnant or nursing, taking blood thinners, or have a skin condition. You provide this voluntarily so we can treat you safely. We treat this as sensitive personal data under the PDPL.
  • Transaction data — limited payment details (such as the last four digits of your card and the transaction reference) passed to us by our payment processor. We do not store full card numbers or CVV codes on our systems.
  • Technical & analytics data — IP address, device type, browser, referring URL, and pages viewed, collected through cookies and similar technologies (see Section 7).
  • Before & after photos — only if you specifically consent in writing at the appointment.

3. How we use your personal data

We use your personal data to:

  • Respond to enquiries and provide quotes.
  • Schedule, confirm, reschedule, and cancel appointments and issue receipts.
  • Assess suitability for treatment and provide appropriate aftercare guidance.
  • Process deposits and payments.
  • Send appointment reminders and service-related messages.
  • Improve our website, services, and the content we display to visitors.
  • Comply with legal, tax, health, and safety obligations in the UAE.
  • Where you have explicitly opted in, share before & after imagery on our portfolio and social channels.

4. Legal basis for processing

Under the PDPL, we rely on one or more of the following lawful bases:

  • Your consent — for example, when you submit a contact form, opt in to marketing, or agree to the use of non-essential cookies. You can withdraw consent at any time.
  • Performance of a contract — where processing is necessary to provide the service you have booked with us.
  • Legal obligation — where UAE law requires us to keep certain records (for example, invoices and tax documents).
  • Legitimate interests — for example, keeping our website secure, preventing fraud, and understanding how our site is used, provided those interests are not overridden by your rights.
  • Vital interests — in the rare case we need to act to protect your health or safety during or after a treatment.

5. Retention

We keep personal data only as long as necessary for the purposes set out above, or as required by UAE law:

  • Enquiry-only contacts that do not become clients: up to 12 months from your last message, then deleted.
  • Client booking and treatment records: at least 5 years from your last appointment, to support aftercare and comply with health and safety and tax record-keeping obligations in the UAE.
  • Payment and accounting records: for the period required by UAE tax legislation (currently 5 years).
  • Analytics data: in aggregated or pseudonymised form for up to 26 months.

6. Third parties and international transfers

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf under written agreements and appropriate safeguards. These providers may process data outside the UAE (for example in the European Union or the United States):

  • Supabase — hosts our booking database and contact submissions.
  • Stripe — processes deposits and card payments.
  • Resend — sends transactional email (confirmations, reminders, receipts).
  • Google Calendar — syncs our appointment schedule so we can manage availability.
  • Vercel — hosts and serves this website and may process server logs.

Where personal data is transferred outside the UAE, we rely on mechanisms permitted by the PDPL, such as adequate-jurisdiction determinations, standard contractual clauses, or your explicit consent.

7. Cookies and similar technologies

Our site uses a small number of cookies and similar technologies:

  • Strictly necessary cookies that keep the site working (for example, session and security tokens).
  • Analytics cookies that help us count visits and understand which pages are useful. These are only set where the law requires consent once you agree via our cookie banner.

You can control cookies through your browser settings. Blocking strictly necessary cookies may affect how the site functions.

8. How we protect your data

We use reasonable technical and organisational measures to keep your data safe — including encryption in transit (HTTPS), access controls, hosted infrastructure with security certifications, and limiting access to personal data to the artist and authorised staff who need it.

9. Your rights

Subject to the conditions and exceptions in the PDPL, you have the right to:

  • Request access to the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete your personal data where it is no longer needed or where you withdraw consent.
  • Restrict or object to certain processing.
  • Request a copy of data you provided to us in a portable format.
  • Withdraw your consent where processing is based on consent.
  • Lodge a complaint with the UAE Data Office or the competent Dubai authority if you believe your rights have been infringed.

10. Children

Our services are intended for clients aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our services or in UAE law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you directly.

12. Contact us

To exercise any of your rights, or for any question about this policy, contact us at hello@browzhaus.ae or +971 50 951 2603. You can also review our Terms of Service and Cancellation Policy.