Built like your bank. Without the paperwork.

Salons handle some of the most personal client data anywhere — visit photos, allergies, payment methods, contact preferences. Polooma was designed from day one to protect that data, comply with GDPR, and pass enterprise security reviews.

Infrastructure

All servers physically located in the European Union (Frankfurt + Warsaw, with failover to Madrid). No data ever leaves the EU. Multi-region replication for high availability, automated backups every 6 hours with 30-day retention.

Encryption

TLS 1.3 in transit, AES-256 at rest. Database-level encryption for sensitive fields (payment tokens, ID numbers, health info). Hardware Security Module (HSM) for key management. Argon2id for password hashing.

Access control

Role-based access control (RBAC) with granular permissions: per-resource, per-action. SSO via SAML 2.0 and OIDC for Network and Platform plans. Mandatory 2FA for admin roles. Session management with idle timeout.

Audit & compliance

Every change is logged with who, what, when and from which IP. Audit log is append-only, retained for 7 years, exportable on demand. SOC 2 Type II report available under NDA. Annual penetration tests by an independent firm.

Responsible disclosure

Found a vulnerability? Email security@polooma.com with a description, reproduction steps and your PGP key if you want a signed reply. We acknowledge within 24 hours and patch critical issues within 72 hours.

Need a custom security review?

For Network and Platform customers we can run a tailored security review, share our SOC 2 report, complete your security questionnaire, and meet with your CISO. Contact us to start.

Book a demo →

Want to see it for yourself?

Book a 20-minute demo or start in solo for €19/month.

Book a demo → See pricing