SnapChair
Log in

Privacy Policy

Last updated: April 23, 2026

This Privacy Policy explains what personal data SnapChair collects, why we collect it, how we use and share it, how long we keep it, and the rights you have. It is written to be compatible with the U.S. (including CCPA), the EU and UK (GDPR), and Brazil (LGPD).

1. Overview

SnapChair is a marketplace and software platform for barbers and beauty professionals. Different users (clients, professionals, shop owners) share different data with us. We only collect what we need to run the Platform, keep it safe, and meet legal obligations.

2. What we collect

We collect data in four broad categories.

Account data

  • Email address (required for login and transactional messages).
  • First and last name.
  • Phone number (required for booking reminders and SMS where enabled).
  • Date of birth (optional, used for birthday offers if the shop runs one).
  • Password (stored as a secure hash, never in plaintext).

Booking data

  • The service booked, the professional, and the shop.
  • Date and time of the appointment, and whether it was a marketplace, direct, recurring, or house call booking.
  • Service address (only for house calls).
  • Payment method used, amount charged, tips, and taxes.
  • Your booking history, so professionals can serve you better and so we can resolve disputes.

Photos and receipts

  • Portfolio photos uploaded by professionals.
  • Face analysis photos uploaded by clients. See the Photos and biometrics section below for how we handle these.
  • Receipts and invoices generated by the Platform.

Usage data

  • Device information (type, operating system, browser), IP address, and approximate location based on IP.
  • Pages visited, features used, search queries, clicks, and timestamps.
  • Error reports and diagnostic data to keep the Platform running.

3. How we use your data

We use your data to:

  • Provide and run the Platform (accounts, bookings, payments, communications).
  • Process bookings, tips, refunds, and resolve disputes.
  • Send transactional messages (confirmations, reminders, receipts) and, if you opt in, marketing messages.
  • Display professional profiles and portfolios on the marketplace.
  • Respond to your support questions and investigate issues.
  • Detect and prevent fraud, abuse, chargeback misuse, and violations of our Terms.
  • Meet legal and regulatory obligations (tax, accounting, law enforcement requests).
  • Improve the Platform based on aggregated usage patterns.

4. Legal basis for processing (EU / UK / Brazil)

Where GDPR or LGPD applies, we process data on these bases:

  • Performance of a contract: almost all data related to your account, bookings, and payments.
  • Consent: marketing emails, optional face analysis, optional analytics cookies.
  • Legitimate interest: fraud prevention, security, product improvement, with your rights balanced against ours.
  • Legal obligation: tax records, financial records, responses to lawful requests.

5. Third-party processors

We use trusted providers to run parts of the Platform. Each one receives only the data it needs:

  • Stripe: payments, Stripe Connect payouts, subscriptions, refunds.
  • Supabase: database, authentication, file storage.
  • Google Gemini: face analysis AI. Photos are processed and not stored permanently by SnapChair.
  • Google Calendar: two-way sync of appointments, when a professional connects their calendar.
  • Google Maps: geocoding and routing for house calls and shop search.
  • Telnyx: SMS delivery for booking reminders and alerts.
  • Resend: email delivery for transactional and marketing messages.
  • Sentry: error tracking and performance monitoring.
  • Upstash: rate limiting and caching.
  • Vercel: hosting and delivery of the Platform.
  • Meta Conversions API: if active, used to attribute ads and improve audience targeting (no raw PII is sent; data is hashed).

6. How data is shared

We share data only in the following cases:

  • Between users: booking details are shared between the client and the professional or shop they book with. Professional profiles and portfolios are visible on the marketplace.
  • With service providers: the processors listed above, under written contracts limiting how they use the data.
  • For legal reasons: if required by law, court order, or a valid legal request, or to protect rights, safety, and property.
  • In business transfers: if SnapChair is involved in a merger, acquisition, or sale of assets, user data may transfer as part of the deal, under the same privacy commitments.
  • We do not sell your personal data to third parties.

7. Photos and biometrics

Photos and face analysis deserve special attention because of the sensitivity involved.

  • Portfolio photos are published by the professional who uploaded them, on their public profile. Professionals are contractually required to obtain written client consent before publishing identifiable photos. See the Terms of Use for the consent and complaint process.
  • You can file a complaint about any photo of you published without your consent at /photo-complaint. Confirmed complaints result in the photo being hidden.
  • Face analysis photos are processed to generate hairstyle suggestions and are not stored permanently. Only face-shape metadata (derived attributes, not the photo) may be retained for up to 12 months to improve future sessions.
  • We do not use your photos to train general-purpose AI models.

8. Email and SMS communications

We use two kinds of messages:

  • Transactional: confirmations, reminders, receipts, security alerts. These are required for the service and cannot be disabled while your account is active.
  • Marketing: promotions, win-back, birthday, newsletter. Marketing emails are limited to 2 per week per shop you have booked with.
  • You can unsubscribe from marketing at any time via the one-click link in every marketing email or from your account settings. Unsubscribing from one shop does not affect other shops.
  • SMS is used for bookings and emergency alerts. Standard message and data rates may apply. Reply STOP to opt out of non-essential SMS.

9. Cookies and similar technologies

We use cookies to keep you logged in, remember preferences, and understand how the Platform is used.

  • Essential cookies: session, authentication, security, load balancing. The Platform does not work without these.
  • Preference cookies: language, theme, last-used shop.
  • Analytics cookies: aggregated usage data to improve the Platform. In jurisdictions that require it, we ask for consent before using these.
  • You can control cookies through your browser settings. Blocking essential cookies will break parts of the Platform.

10. Your rights

Depending on where you live, you have rights over your personal data. We honor the strongest applicable standard for each user.

  • Access: see what data we hold about you. For most categories, you can use /dashboard/settings/data-export and download CSV or ZIP files.
  • Rectification: correct inaccurate data directly in your profile settings, or ask us to do it.
  • Erasure: ask us to delete your account and associated personal data. We will complete erasure within 30 days, except for data we must keep by law (for example, financial records).
  • Portability: receive your data in a structured, machine-readable format (CSV).
  • Objection: object to processing based on legitimate interest.
  • Withdrawal of consent: withdraw consent for marketing or face analysis at any time. This does not affect processing done before you withdrew.
  • Complaint: lodge a complaint with your local data protection authority (for example, the ICO in the UK, your data protection authority in the EU, or ANPD in Brazil).

11. How to exercise your rights

Email privacy@snapchair.com from the address on your account, or use the tools in /dashboard/settings. We may ask for additional verification to protect your account. We aim to respond within 30 days. If we need more time, we will tell you why.

12. How long we keep your data

We keep data only as long as we need it. The main retention rules are:

  • Active account: data is kept while the account is active.
  • Closed account: 30-day grace period (so you can undo accidental deletion), then permanent deletion, except for the categories below.
  • Bookings and financial records: retained for up to 7 years to meet tax and accounting obligations.
  • Face analysis photos: not stored permanently. Face-shape metadata may be retained for up to 12 months.
  • Marketing preferences and unsubscribe records: retained so we can honor them.
  • Aggregated and anonymized analytics (which cannot identify you) may be kept indefinitely.

13. Security

We use industry-standard measures to protect your data, including:

  • Encryption in transit (TLS) and at rest where supported by our providers.
  • Role-based access controls and the principle of least privilege for our team.
  • Error tracking and monitoring to detect anomalies quickly.
  • Row-level security in the database so users only see their own data.

14. Data breach notification

If a breach affects your personal data in a way that poses a risk to your rights, we will notify you within 72 hours of confirming the breach, following applicable law. The notification will describe what happened, what data was affected, what we are doing about it, and what you can do.

15. International data transfers

SnapChair primarily processes data in the United States (our hosting and database providers are U.S.-based). If you use the Platform from the EU, UK, or another country with data transfer restrictions, we rely on Standard Contractual Clauses and equivalent safeguards to protect your data during the transfer.

16. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

  • The right to know what personal information we collect, use, and share.
  • The right to request deletion of your personal information.
  • The right to opt out of the 'sale' or 'sharing' of your personal information. SnapChair does not sell personal information and only shares it as described in this Policy.
  • The right to not be discriminated against for exercising your rights.

17. Brazilian users (LGPD)

If you use the Platform from Brazil, you have the rights set out in LGPD, including confirmation of processing, access, correction, anonymization, portability, deletion, information about shared parties, and revocation of consent. You can exercise these at privacy@snapchair.com. Our data protection contact is the same address.

18. Children

The Platform is not intended for children under 16 without verifiable parental consent. Shops that serve minors are responsible for verifying age and collecting parental consent in person where required. If we learn that we have collected data from a child without the required consent, we delete it.

19. Changes to this Policy

We may update this Policy as the Platform evolves. Material changes will be announced by email or in-app at least 30 days before they take effect. The 'Last updated' date at the top always reflects the current version.

20. Contact

For privacy questions, email privacy@snapchair.com. For general support, use the in-app help center.

Contact our privacy team

Email: privacy@snapchair.com

We aim to respond within 30 days.