SmenaFon
RU EN
Sign up

Security

SmenaFon is a salon-grade software product that moves customer data between phones locally — content is transferred within the Wi-Fi network of the premises and is not sent to the SmenaFon server. This document describes how privacy-by-design principles are implemented in the product.

1. What "stays out of the cloud" means

Customer content (photos, videos, contacts, files) is processed strictly on the salon’s local network:

  • The old phone connects to the salon’s Wi-Fi and uploads to the salon agent PC over a local HTTPS socket.
  • The new phone downloads from the same PC — also over the local network.
  • Customer-content traffic stays within the salon’s L2 segment. The agent PC opens no outbound TCP connections that carry customer content.

The SmenaFon backend receives only: per-type counters (photos / videos / contacts / etc.), session UUID, duration and agent version. No filenames, thumbnails, contact records or EXIF.

2. Data lifecycle in the agent

  • The operator starts a session with a one-time PIN. Upload and pickup endpoints require that PIN.
  • Session files live in %LOCALAPPDATA%\SmenaFon\sessions\<id>, accessible only to the local Windows user.
  • On "End session", session files are immediately wiped (overwrite + delete) and the local session history is reduced to counters.
  • The agent’s server only binds to local-network interfaces and refuses connections from public addresses.

3. Network model

  • Client ↔ agent transport: HTTP/1.1 (default) or HTTPS with a self-signed certificate generated once per host.
  • Authorization is the per-session PIN encoded into the QR code; PIN lifetime is the session lifetime.
  • Agent ↔ backend: outbound HTTPS only, to smenafon.ru. The agent PC does not accept inbound connections from the public Internet.

4. Authentication and identity

  • The agent registers with a one-time license code and a stable workstation fingerprint (SHA-256 of computer name, OS and MAC). The fingerprint is not PII and cannot identify a person.
  • The backend issues a JWT to the agent and verifies it periodically (heartbeat); on license revocation the agent refuses to start new sessions.
  • The salon dashboard uses a separate cookie-based JWT, unrelated to agent tokens.

5. What the backend stores

  • User account: email, password hash (Argon2id), salon name or "Home" (for individuals), country, plan.
  • Salon Agents: workstation fingerprint, label, version, last seen.
  • Mobile-app tokens: SHA-256 hash of the bearer token, device label, platform, APK version, last-used and revoked timestamps. The token itself is never stored on the server — issued to the client once and can be revoked by the user at any time.
  • Sessions: id, kind (AGENT — Salon Agent, MOBILE — Android app), time, duration, per-type counters, success flag.
  • Billing: plan, validity, invoices from the payment provider.

The backend never stores and never receives: photos, videos, files, contacts, filenames, thumbnails or EXIF.

6. Hosting and jurisdiction

The backend (API, dashboard) is hosted on infrastructure physically located in the Russian Federation. The billing provider is YuKassa (JSC NCO YooMoney).

7. Compliance with 152-FZ (RF) and GDPR

Because customer content never leaves the salon premises and is not transferred to SmenaFon, no third-party processing of end-customer personal data takes place on the SmenaFon side. The salon (the Customer) remains the sole data controller during a transfer; SmenaFon is solely the software vendor and has no access to the transferred content.

For individual Home users performing transfers between their own devices, no third-party personal-data processing takes place — the user operates only on their own data.

Metadata sent to the backend (counters, tokens, licenses) does not constitute personal data under 152-FZ or GDPR.

8. Incident response

  • An agent token can be revoked from the dashboard instantly — the agent stops accepting new sessions.
  • Session logs are available for audit in the dashboard.
  • Security contact: support@smenafon.ru.

This document describes the SmenaFon architecture at publication time. The current version is at smenafon.ru/whitepaper.