Sign up

Draft for legal review

Terms of Service

Version 2026-05-11 · Effective 2026-05-11 · Material version

1. About these Terms

These Terms of Service ("Terms") govern your use of the Amarantic platform ("Amarantic", "we", "us", "our"): the operating system for modern beauty businesses — scheduling, client relationships, payments, marketing, and AI assistance — sold to professional service businesses such as salons, spas, clinics, and studios ("you", "your business", "Tenant").

Amarantic is operated from Copenhagen, Denmark. The legal entity behind the brand and the exact registered office are listed in the contact section below.

By creating an Amarantic account, accepting these Terms at sign-up, or otherwise using the platform, you confirm that you have read and agree to these Terms, the Privacy Policy (opens in new tab), and the Data Processing Agreement (opens in new tab), and that you acknowledge the current Sub-processors (opens in new tab) list. Acceptance is recorded as a controller-level contract acceptance and is distinct from any consent recorded for end-clients of your business.

If you do not agree to these Terms, do not use the platform.

2. Definitions

  • Service means the Amarantic platform and every feature, surface, page, API, integration, and AI capability that we operate from amarantic.com and app.amarantic.com, plus any sibling domain we operate.
  • Tenant means the business that subscribes to the Service. The Tenant is the GDPR Art. 4(7) controller of personal data of its end-clients that is captured through the Service.
  • End-client means a person who books with, registers with, or otherwise interacts with the Tenant through the Service.
  • Tenant Owner means the natural person who creates the Tenant account, accepts these Terms, and is the first user with owner role. Subsequent staff users are added by invitation.
  • Account means the credentials, configuration, and data scoped to one Tenant.
  • Layer 1 means the public legal pages we host: Terms (opens in new tab), Privacy (opens in new tab), DPA (opens in new tab), and Sub-processors (opens in new tab). Versions are tracked in MDX front-matter.
  • Layer 2 means the data-usage acknowledgement and optional marketing consent that the Tenant collects from end-clients at booking, captured on the Tenant's booking widget.
  • Layer 3 means the visitor-level cookie/privacy notice in the marketing-site footer.

3. How accounts are created

You create an Account in this sequence:

  1. Sign up at app.amarantic.com/signup. Sign-up alone produces only a Supabase authentication identity. It does not yet provision a Tenant.
  2. Complete subscription checkout at our payments provider (Stripe). The checkout step is required before any Tenant data is created.
  3. Once payment succeeds, our activation path provisions a Tenant Account with you as the first owner user. Activation is idempotent and atomic. Partial failures roll back and are recorded for diagnostics.
  4. Complete onboarding to publish your booking page.

Cockpit-assisted force-activation is reserved for documented recovery scenarios and is fully audit-logged.

4. The Service

The Service includes, depending on your plan:

  • Calendar and bookings — multi-staff scheduling, drag-reschedule, drag-resize, multi-service bookings, cancellation handling, auto-completion of past bookings.
  • Clients — client records, activity log, intake forms, encrypted clinical notes (treatment charts and visit notes) with GDPR Art. 9 safeguards.
  • Online booking — a public booking page at a Tenant-chosen slug and an embeddable widget with per-widget origin enforcement.
  • Payments and checkout — point-of-sale checkout, deposits, discounts, tips. Subscription billing runs through Stripe. Payment-related sub-processors are listed at Sub-processors (opens in new tab).
  • Marketing — templates, audience segments, send-once and scheduled campaigns, consent capture and suppression.
  • AI operator — a built-in AI assistant that helps with scheduling, drafting messages, navigation, and proactive opportunities. AI processing is disclosed at Sub-processors (opens in new tab) and is bound by our authority and autonomy contracts.
  • Integrations — outbound email, SMS, calendar sync where enabled, and a tenant-scoped public API surface.

Features are rolled out incrementally. We may add, change, or remove non-core features with reasonable notice. Material changes to the legal contracts in Layer 1 trigger re-acceptance per Section 13.

5. Plans, fees, and billing

Plans are listed at amarantic.com and configured in our billing catalog. As of the effective date above, the published plans are:

  • Solo — €29 per month, for an independent practitioner.
  • Studio — €79 per month, for salons and studios with a small team.
  • Group — custom pricing for multi-location operators; contact sales.

All plans include a 14-day free trial. Plans are billed monthly in advance through Stripe. You can cancel at any time. Prices are exclusive of VAT unless otherwise stated and may change with reasonable notice.

A subscription invoice ledger is retained for 5 years from invoice issue date as required by the Danish Bookkeeping Act (bogføringsloven). These records are not subject to GDPR Art. 17 erasure during the retention window.

Failed payments may pause your Account. We do not auto-refund mid-month cancellations as a default; refund decisions are made case by case.

6. Your responsibilities as a Tenant (controller)

You are the GDPR Art. 4(7) controller for personal data of your end-clients that is captured through the Service. We are the GDPR Art. 4(8) processor for that data. The role split is spelled out in the Privacy Policy (opens in new tab) and the Data Processing Agreement (opens in new tab).

As controller, you are responsible for:

  • choosing which fields your booking, registration, intake, treatment, and marketing flows require;
  • having a lawful basis (GDPR Art. 6, and Art. 9 for special-category data) for the personal data you collect and use;
  • obtaining valid consent from end-clients where required, including marketing consent under GDPR Art. 6(1)(a) and ePrivacy / the Danish implementation;
  • responding to end-client data subject requests in a way the law requires of a controller; we will assist within the limits of our processor role;
  • keeping your team's credentials secure and managing staff invitations and roles inside the Account;
  • using the Service for lawful purposes only.

You acknowledge that appointment reminders (booking confirmations, reschedule notifications, day-of reminders) are sent under GDPR Art. 6(1)(b) contractual necessity — they fulfil the booking contract your end-client has with you — and do not require a separate consent record. Promotional marketing is different and requires the optional Marketing consent captured at the booking widget under the simplified two-checkbox model.

7. Acceptable use

You agree not to use the Service to:

  • send unsolicited bulk communications, spam, or messages prohibited under the Danish Marketing Practices Act, the ePrivacy Directive, or other applicable law;
  • store, process, or transmit personal data without a lawful basis;
  • impersonate another person or business, or upload content that infringes third-party rights;
  • attempt to bypass authentication, authorization, rate limits, RLS isolation, or any other technical control;
  • probe, scan, or load-test the Service without prior written agreement;
  • reverse engineer the Service, except as expressly permitted by mandatory law;
  • collect, infer, or process special-category data (GDPR Art. 9) outside the encrypted, consent-gated surfaces we provide;
  • send Service data — including end-client personal data — to AI systems that are not listed as sub-processors at Sub-processors (opens in new tab), or to systems whose use would breach this acceptable-use clause.

We may suspend, throttle, or terminate Accounts that breach this clause, with a preference for proportionate response and notice where practicable.

8. AI and built-in product processing

The Service includes AI features. We describe the LLM inference function and its current named vendors at Sub-processors (opens in new tab). The disclosure pattern is function-not-vendor: we list the function and the current named providers with role labels rather than locking the contract to a specific vendor. Today the function is served primarily by Anthropic (United States) with OpenAI configured as a fallback.

A small set of guarantees that we treat as load-bearing:

  • AI features run on tenant-scoped context; we never batch personal data across Tenants in one prompt.
  • Special-category data (Art. 9) is sent to an LLM sub-processor only via a named egress surface that is gated by the end-client's health_data_processing consent in the canonical writer-side check. No such egress surface is enabled today.
  • The Amarantic Authority Contract sets a closed taxonomy of AI action classes; restricted zones (Art. 9 writes, consent writes, payments, destructive lifecycle, staff invites, agent-permission changes, cockpit overrides) remain human-only regardless of AI autonomy state.
  • AI autonomy toggles default to OFF at Account creation. AI can prepare drafts when you turn autonomy on for a class of action, but it never sends customer-affecting communication on your behalf without your explicit click.

Adding a new AI sub-processor triggers re-acknowledgement of the updated Sub-processors page (opens in new tab). Removing one is a disclosure-only event. A test-only path through Google Gemini exists in the codebase for benchmarking; Gemini is not a sub-processor of Tenant personal data and we will not enable it for real customer data without a separate, documented change.

9. Confidentiality and security

We apply technical and organizational measures appropriate to the risk under GDPR Art. 32, including:

  • Tenant isolation — PostgreSQL Row-Level Security on every tenant-scoped table.
  • Field-level encryption — AES-256-GCM at rest for Art. 9 special-category fields (clinical notes, treatment charts, visit notes) and for per-mutation change-logs of those fields.
  • Immutable audit ledgers — append-only ledgers for booking events, agent audit, consent records, and platform-terms acceptance.
  • Authentication — Supabase Auth with httpOnly session cookies. Leaked-password protection is plan-gated; see the Privacy Policy (opens in new tab).
  • Rate limiting — Upstash Redis-backed sliding-window limits on public, authenticated, auth, GDPR, agent, and MCP tiers.
  • Secrets — server-only in environment variables; never exposed to the client.
  • Audit logging — every meaningful action is attributable.

Security is a shared responsibility. You are responsible for the strength of your staff's passwords, your operating-system hygiene, and the lawful use of integrations you enable.

10. Data, intellectual property, and feedback

You retain all rights in your Tenant data. We process it as your processor under the DPA (opens in new tab). You grant us a limited licence to process the data only as needed to operate and improve the Service for you, and to comply with law.

We retain all rights in the Service itself, including its software, design, brand, AI prompts, AI evaluation suite, and documentation. You receive a non-exclusive, non-transferable, revocable right to use the Service while your subscription is active.

If you send us feedback, we may use it to improve the Service without obligation to you.

11. Term, suspension, and termination

These Terms apply for as long as you have an Account. Either party may end the relationship as follows:

  • You may cancel your subscription at any time from your Account. Your access continues to the end of the current billing period.
  • We may suspend or terminate your Account for material breach of these Terms, for non-payment, for legal compulsion, or where required to prevent harm to other Tenants or end-clients. Where practicable we give notice and an opportunity to cure.
  • Trial — Either side may end the 14-day free trial at any time. If you do not subscribe before the trial ends, the Account becomes inactive and is subject to the deletion timeline below.

On termination we delete or return personal data within 90 days unless we are required by law to retain specific records (for example financial records under bogføringsloven). The detailed timetable is in the DPA (opens in new tab) and the retention table in the Privacy Policy (opens in new tab).

12. Availability, warranties, and limitation of liability

Amarantic is currently in a private alpha posture and is delivered without an externally committed Service Level Agreement. We aim for high availability and continuous improvement, and we operate the platform with care, but you accept that:

  • the Service is provided on an "as is" and "as available" basis to the extent permitted by mandatory law;
  • the Service may be updated, modified, or temporarily unavailable for maintenance or due to events outside our reasonable control;
  • AI outputs are suggestions, not authoritative statements; you remain responsible for decisions you take based on them.

To the extent permitted by Danish law:

  • our aggregate liability to you in any twelve-month period is capped at the fees you paid us for the Service in that period;
  • we are not liable for indirect, consequential, or punitive loss, including lost profits, lost goodwill, or lost data not caused by our negligence;
  • nothing in this clause limits liability that cannot be limited under mandatory Danish law (including liability under GDPR Art. 82, gross negligence, or wilful misconduct).

A more detailed liability allocation is reserved for our lawyer's review before production rollout. Until then, the principle above governs.

13. Changes to these Terms

We may update these Terms. We use the same versioning mechanism as the rest of Layer 1: each version carries a version and effectiveAt field and a material flag.

  • Material updates (material: true) — we will require a fresh acceptance click on your next privileged action inside the Account before continued use.
  • Non-material updates (material: false) — typos, clarifications, formatting — surface as a passive in-product notice.

We will not require you to accept a change retroactively for past use. Previous versions are kept for evidentiary purposes.

14. Sub-processors

We use the sub-processors listed at Sub-processors (opens in new tab) to operate the Service. Adding a sub-processor that processes Tenant personal data is a material event under Section 13. Removing one is a passive event. Provider swaps within the same documented function do not change the contract — the function row is the unit of disclosure, the named list is the unit of versioning.

15. Governing law and venue

These Terms are governed by the laws of Denmark, excluding rules of conflict of laws and excluding rules of international private law to the extent permitted. The exclusive venue for disputes is the competent courts of Copenhagen, Denmark, without prejudice to mandatory consumer-protection venues where applicable.

16. Notices and contact

Operational notices to you go to the email address registered on your Account or appear inside the Service.

Legal and privacy notices to us should be addressed to:

  • Privacy contactprivacy@amarantic.com
  • General contactsupport@amarantic.com

The registered legal entity, address, and CVR number that should appear in this section are pending confirmation by our lawyer and will be inserted before production rollout.

17. Sequencing with the Privacy Policy and DPA

These Terms incorporate the Privacy Policy (opens in new tab) (which explains what personal data we process and why) and the Data Processing Agreement (opens in new tab) (which is the Art. 28 contract we sign with you as our processor). If there is a direct conflict between these three documents on a personal-data point, the DPA prevails on processor obligations, the Privacy Policy prevails on data-subject disclosures, and these Terms prevail on commercial and acceptable-use points.