Privacy Policy

1. Who we are

[TODO: legal entity name] (“Chairside,” “we,” “us”) operates the Chairside platform. Our registered address is [TODO: registered address]. For privacy questions, contact privacy@bookchairside.com.

2. Whose data this policy covers

• Barbershop owners and staff — people who sign up for Chairside to manage their shop.
• Barbershop customers — people who book an appointment at a shop running on Chairside, or who receive a text/email from one.
• Visitors to our marketing website.

3. What we collect

Information you give us directly

• Account info: business name, owner name, email, password (hashed), shop phone number.
• Payment info: a Stripe payment-method token. We never store full card numbers.
• Customer info entered by the shop: customer name, phone number, email, appointment notes.
• Messages exchanged through the platform (SMS and email content).

Information we collect automatically

• Usage data: which pages you visit, when, and what device/browser you used.
• Log data: IP address, request timestamps, error events.
• Cookies: an essential session cookie for sign-in, plus minimal first-party analytics. We do not use third-party advertising cookies.

Information from third parties

• Twilio delivers SMS on our behalf and tells us delivery status (delivered, failed, STOP-keyword received).
• Stripe processes payments and tells us payment status. We receive payment metadata, never raw card data.
• Anthropic processes SMS conversations to generate AI replies. Conversations are not used to train any third-party model.

4. How we use information

• To create accounts, authenticate users, and operate the platform.
• To deliver the SMS and email messages our customers explicitly configure (booking confirmations, reminders, follow-ups, no-show outreach, review requests).
• To process payments for completed appointments.
• To support customers when they contact us.
• To detect abuse, fraud, and security incidents.
• To comply with legal obligations.

5. SMS messaging and consent

Chairside is a registered sender under the A2P 10DLC framework operated by The Campaign Registry. We send SMS only to recipients whose phone numbers were collected at time of booking with explicit consent. See our SMS terms for full details on opt-in, opt-out (HELP/STOP), and message frequency.

6. Sharing

We share information only with vendors that help us run the platform: Twilio (SMS delivery), Stripe (payments), Anthropic (AI replies), Vercel (hosting), and Neon (database). We require each vendor to use data only for the services they provide to us. We do not sell personal information.

We may disclose information when legally required (subpoena, court order) or to protect rights, property, or safety.

7. Retention

We keep account data for as long as the account is active. Appointment records, message logs, and payment receipts are kept for at least seven years to satisfy tax and dispute-handling requirements. After deletion, backup copies are purged within 90 days.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict use of your information, and to object to certain processing. Email privacy@bookchairside.com and we'll respond within 30 days.

9. Children

Chairside is not directed to children under 13. We do not knowingly collect information from children. If you believe we have, contact us and we'll delete it.

10. Security

Passwords are hashed with bcrypt. Sessions are signed cookies over HTTPS. Payment tokens are stored by Stripe, not us. No system is perfectly secure — if we discover a material breach affecting your data, we will notify you as required by law.

11. Changes

If we change this policy materially, we'll update the “Last updated” date and notify active account holders by email.

12. Contact

privacy@bookchairside.com · [TODO: postal address]