Privacy Policy

Last updated: February 2026

1. Introduction

SHOWOFF Salon Management ("we", "us", "our") operates a salon booking and management platform. This Privacy Policy explains how we collect, use, and protect your personal information.

2. Data We Collect

Account Information

• Name
• Email address
• Phone number
• Business name (for salon owners)
• Profile photo (optional)

Booking Information

• Appointment dates and times
• Services booked
• Staff member assignments
• Payment details (processed securely via Stripe)
• Notes and preferences
• Booking status and history

Gift Voucher Data

• Purchaser details (name, email, phone)
• Recipient details (name, email)
• Personal messages included with gift vouchers
• Voucher codes and balances
• Purchase and redemption history
• Scheduled delivery dates

Discount Code Data

• Codes created and their usage
• Redemption history linked to bookings

Loyalty Program Data (where enabled)

• Points balance and transaction history
• Rewards earned and redeemed
• Redemption dates and associated bookings
• Manual point adjustments and reasons

Client Portal Data

• Saved payment methods (tokenised via Stripe)
• Booking preferences
• Gift cards received
• Login and authentication history

Technical Information

• IP address
• Browser type and version
• Device information
• Usage patterns and logs

Booking Links Analytics

• Click counts on shared booking links
• Timestamp of link clicks

Calendar Integration Data (Optional)

When you connect your Google Calendar or Microsoft Outlook:

• Calendar access tokens (stored encrypted)
• Calendar ID for syncing
• Email address associated with the calendar account

Marketing Preferences (where opted in)

• Newsletter subscription status
• Marketing consent timestamp
• Email preferences per salon

Commission and Staff Data

• Commission rates and earnings
• Staff availability schedules
• Service assignments

3. Why We Collect Data

We use your information to:

• Provide and improve our services
• Process bookings and payments
• Send booking confirmations, reminders, and notifications
• Deliver gift vouchers to recipients
• Apply discount codes and promotions
• Sync bookings to your calendar (if connected)
• Track and manage loyalty points and rewards (where enabled)
• Send marketing communications (only with your consent)
• Generate reports for salon owners
• Calculate staff commission
• Comply with legal obligations
• Prevent fraud and abuse

4. Data Storage

Your data is stored securely using:

• Supabase: Primary database and authentication
• Stripe: Payment processing (we never store full card details)

All data is encrypted in transit and at rest.

5. Third-Party Services

We use the following third-party services:

Payment Processing

• Stripe: Processes all payments including booking payments, deposits, gift voucher purchases, and saved cards. See Stripe's Privacy Policy

Email Communications

• Mailgun: Sends transactional emails including booking confirmations, reminders, gift voucher deliveries, and account notifications. See Mailgun's Privacy Policy

Marketing Emails (Optional)

• Mailchimp: When you opt in to receive marketing communications from a salon, your data is shared with Mailchimp to manage email subscriptions. See Mailchimp's Privacy Policy

Calendar Integration (Optional)

When you choose to connect your calendar:

• Google Calendar API: Syncs bookings to Google Calendar. See Google's Privacy Policy
• Microsoft Graph API: Syncs bookings to Microsoft Outlook. See Microsoft's Privacy Policy

We only access calendar data to create, update, and delete booking events. We do not read your existing calendar events.

6. Data Retention

• Account data: Retained while your account is active
• Booking history: Retained for 7 years for legal compliance
• Gift voucher data: Retained for 7 years for accounting purposes
• Audit logs: Retained for 2 years
• Calendar tokens: Deleted when you disconnect your calendar
• Loyalty data: Retained while your account is active; preserved if salon disables loyalty program (in case it's re-enabled)
• Saved payment methods: Retained until you remove them or close your account
• Marketing preferences: Retained while subscribed; removed from Mailchimp when you unsubscribe

7. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Export: Receive your data in a portable format

To exercise these rights, contact us at [email protected]

8. Cookies

We use essential cookies for:

• Authentication sessions
• Security (CSRF protection)

We do not use tracking or advertising cookies.

9. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy periodically. Significant changes will be notified via email or in-app notification.

11. Contact Us

For privacy questions or concerns:

• Email: [email protected]
• Address: [Your registered business address]

12. Calendar Sync Specific Information

What We Access

When you connect your calendar, we access only the minimum required permissions:

• Create calendar events (for new bookings)
• Update calendar events (when bookings change)
• Delete calendar events (when bookings are cancelled)
• Read your email address (to display which account is connected)

What We Don't Access

• Your existing calendar events
• Your contacts
• Other calendar data

Disconnecting

You can disconnect your calendar at any time from Settings > Integrations. This immediately revokes our access. Existing calendar events created by us will remain in your calendar.

Data Security

• Calendar access tokens are encrypted at rest
• Tokens are automatically refreshed and rotated
• We use OAuth 2.0 industry-standard authentication

13. Gift Voucher Specific Information

Purchaser Data

When you purchase a gift voucher, we collect your name, email, and payment details to process the transaction and send confirmation.

Recipient Data

We collect the recipient's name and email to deliver the gift voucher. The recipient's email is only used to deliver the gift voucher and optional booking reminders.

Personal Messages

Any personal message you include with a gift voucher is stored and displayed to the recipient. It is not used for any other purpose.

14. Client Portal

Saved Payment Methods

When you save a payment method in the Client Portal, the card details are tokenised and stored securely by Stripe. We only store a reference token and the last 4 digits for display purposes.

Cross-Salon Data

The Client Portal allows you to view bookings across multiple salons. Each salon only has access to their own booking data - we do not share your data between salons without your explicit consent.

15. Marketing Communications (Newsletter)

Some salons offer the option to subscribe to their marketing emails (newsletters, offers, promotions) during the booking process.### What Data is Shared

When you opt in to marketing communications, the following data is shared with Mailchimp (the salon's email marketing provider):- Email address

• First name
• Last name

Consent and Double Opt-In

• Marketing communications are entirely optional - you must actively opt in
• We use double opt-in: after opting in, you will receive a confirmation email from Mailchimp to verify your subscription
• Your subscription is only active after you confirm via this email

Per-Salon Subscriptions

Each salon manages their own marketing list. Opting in with one salon does not subscribe you to other salons' marketing emails.

How to Unsubscribe

You can unsubscribe from marketing emails at any time by:

• Clicking the "Unsubscribe" link in any marketing email you receive
• Contacting the salon directly

Unsubscribing from marketing emails does not affect your ability to receive transactional emails (booking confirmations, reminders, etc.).