Allstylist Back to home

Legal

Privacy Policy

This policy explains what personal data Allstylist collects, why we collect it, and how we keep it safe. We comply with the UK GDPR, the Data Protection Act 2018, and equivalent legislation in the United States and Canada where we operate.

Last updated: April 2026

1. Who we are

Allstylist (we, us, our) operates the website allstylist.co.uk and the related booking platform that connects clients with mobile and salon-based hairstylists across the United Kingdom, the United States, and Canada. For the purposes of UK GDPR we are the data controller for the personal data described below.

Contact: privacy@allstylist.co.uk

2. The information we collect

Information you give us

  • Account details — name, email address, phone number, gender, password (stored hashed using bcrypt), and account type (client or hairstylist).
  • Profile content — for stylists: bio, services and pricing, specialisations, salon/area details, postcode, photos and short videos of your work.
  • Booking & messaging data — appointment dates, times, services chosen, addresses (for mobile bookings), notes, and messages exchanged with the other party.
  • Reviews & ratings — feedback you leave after a completed booking.

Information we collect automatically

  • Technical data — IP address, browser type, device type, language, and the pages you visit on Allstylist.
  • Cookies and similar technologies — strictly necessary cookies to keep you signed in (a JWT token stored in your browser's localStorage) and to remember your preferences.

Information we receive from third parties

  • Stripe — payment confirmations and the last four digits of the card used (we never see or store full card numbers).
  • Resend — delivery and bounce status for emails we send to you.

3. How we use your information

We use your data for the following purposes, with the legal basis listed for each:

  • To provide the service — creating accounts, processing bookings, taking payment, sending notifications. Legal basis: contract.
  • To keep the platform safe — fraud prevention, brute-force protection, content moderation. Legal basis: legitimate interests.
  • To improve Allstylist — analysing usage, fixing bugs, planning new features. Legal basis: legitimate interests.
  • To send service emails — booking confirmations, reminders, review requests, security notices. Legal basis: contract / legitimate interests.
  • To comply with the law — tax records, responding to lawful requests. Legal basis: legal obligation.

4. Sharing your information

We share data only where necessary, and only with parties who are bound to protect it:

  • Other Allstylist users — your name, profile photo, public reviews, and the relevant booking details are shared between you and the other party in a booking.
  • Stripe — to process card payments. Stripe's privacy policy.
  • Resend — to deliver transactional emails. Resend's privacy policy.
  • MongoDB Atlas — our database hosting provider, located in the EU/UK region.
  • Law enforcement or regulators — only when legally required.

We do not sell your personal data to anyone, ever.

5. International transfers

Some of our service providers (e.g. Stripe) are located in the United States. Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses or equivalent safeguards approved by the UK Information Commissioner's Office (ICO).

6. How long we keep data

  • Account data — for as long as your account is active, plus 30 days after deletion.
  • Booking & payment records — 7 years (UK tax and accounting requirements).
  • Reviews — retained as long as the stylist's profile is live, then anonymised.
  • Server logs — typically 30 days, longer if needed for security investigations.

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Ask us to correct inaccurate data.
  • Ask us to delete your data ("right to erasure"), subject to legal retention rules.
  • Restrict or object to certain types of processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email privacy@allstylist.co.uk. We respond within 30 days. You also have the right to lodge a complaint with the UK ICO at ico.org.uk.

8. Security

We protect your data with HTTPS encryption in transit, bcrypt-hashed passwords, JWT-based authentication, role-based access controls, regular backups, and monitoring of suspicious activity. No system is perfectly secure — if you suspect your account has been compromised, contact us immediately at security@allstylist.co.uk.

9. Children

Allstylist is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email and posted on this page with a new "last updated" date. Continued use of Allstylist after the change means you accept the revised policy.

11. Contact

Questions? Email privacy@allstylist.co.uk.