Camera and photo access
Source document: `marketing/CAMERA-PRIVACY-DRAFT-en.md` (audit 2026-05-15). Status: draft — pending legal review. The camera feature remains blocked until Nick gives legal approval.
Salonnare uses your device camera for two clearly scoped purposes: (a) scanning QR codes on physical gift cards at the point of sale (POS), and (b) capturing a single photo to attach to a client profile or treatment note. We only request permission at the moment you tap the "Scan QR" or "Take photo" button — never in the background or when a page loads.
What we do and do not do
We request video access only, never audio (the microphone is never accessed). We do not store the video stream or any live frames: for QR scanning we only use the decoded text string and discard the imagery immediately; for photo capture you consciously save a single still image. As soon as you close the scanner or photo dialog, Salonnare stops the camera stream and the device indicator light turns off. We do not perform face recognition, biometric identification, automated skin analysis, or AI/machine-learning training on your photos.
What happens to your photo
Before upload, two privacy steps run inside your browser: (1) if your photo is in HEIC format (the default on recent iPhones) we convert it locally to JPEG for universal readability; (2) we strip all EXIF metadata, including GPS coordinates, camera model and exact capture time. The image is then resized to a maximum width of 2048 pixels and compressed. Only then does your browser upload the photo to our servers in the Netherlands over an encrypted TLS connection. The original HEIC/EXIF version never leaves your device.
Storage routing
When you attach a photo to a regular client profile (e.g. a hairstyle result or product showcase), it is stored in our standard uploads volume, protected by TLS in transit and AES-256 disk encryption at rest. When you deliberately choose a health note (see section 12 of the privacy policy — Article 9 health-data vault) and attach a photo inside it — for example skin analysis, allergy reaction, or treatment progress with medical context — the photo lands in the encrypted vault with per-object AES-256-GCM envelope encryption and strict RBAC. The salon staff member chooses the correct context; Salonnare cannot infer this from the image content.
Libraries that run inside your browser
We use @zxing/browser (BSD-3 license) for QR decoding and heic2any for HEIC conversion. Both run entirely inside your browser and do not transmit imagery or metadata to any external party. No new sub-processor is introduced for the camera feature — all uploads follow the existing routes (see section 7 of the privacy policy).
Cookies and consent
Camera access falls outside the cookie consent banner (section 6 of the privacy policy). The browser itself asks at the operating-system level via a native permission popup the moment you tap "Scan QR" or "Take photo". No tracking cookies are set and no local storage is used for camera purposes beyond a short-lived session flag that remembers your permission choice during your work session.
Revoking permission
You can revoke camera access for salonnare.com at any time via your browser settings: tap the padlock icon in the address bar → Site settings → Camera → Block. On iOS Safari: Settings → Safari → Camera → "Ask" or "Deny". After revocation, previously captured photos remain in the client file until your salon deletes them; only future scans/captures become impossible.
No camera or denied permission
On a laptop without a webcam or after a denied permission prompt, Salonnare always offers a fallback: manually type the gift-card code, or pick an existing photo from your device library via the standard file picker.