Privacy Policy

We may collect the following types of personal information:

• Contact information: name, email address, phone number, and date of birth provided during booking.
• Health and intake data: skin conditions, allergies, medications, recent procedures, and skincare goals submitted through our intake forms.
• Consent records: digital signatures on liability waivers and photo release consent.
• Emergency contact: name and phone number of your emergency contact, if provided.
• Payment information: deposit payments are processed securely through Stripe. We do not store your full credit card numbers on our servers.
• Communication records: SMS confirmations, appointment reminders, and email correspondence.
• Wellness interactions: first name and focus area selections when using our affirmation wellness portal.

We use the information we collect to:

• Schedule, confirm, and manage your appointments.
• Send automated appointment reminders via email (24-hour reminders) and SMS (2-hour reminders).
• Process deposit payments securely through Stripe.
• Generate personalized post-service affirmation cards sent via email as part of our wellness follow-up program.
• Provide tailored pre-care and post-care instructions based on your booked service.
• Respond to contact form inquiries and customer service requests.
• Improve our services and website experience.

We take the security of your data seriously and implement appropriate technical and organizational measures:

• Encryption: all data is transmitted over TLS/SSL encrypted connections (HTTPS).
• Database security: client records are stored in Supabase with Row-Level Security (RLS) policies that restrict data access to authorized personnel only.
• Payment security: all payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We never store, process, or transmit raw credit card data.
• Access control: administrative access to client data is limited to the studio owner through password-protected authentication.

We use the following third-party services to operate our business:

• Stripe — secure payment processing for appointment deposits.
• Twilio — SMS appointment reminders and two-way confirmation messaging.
• Resend — transactional email delivery for booking confirmations, reminders, and follow-ups.
• Google Calendar — appointment scheduling synchronization.
• Anthropic (Claude AI) — generation of personalized wellness affirmation text. Only your first name and service type are used; no health data is sent to AI services.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, including maintaining appointment history and providing continuity of care. You may request deletion of your data at any time by contacting us at hello@beautyandbeyond.salon.

You have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your personal data.
• Opt out of marketing communications at any time.
• Withdraw consent for SMS reminders by replying STOP to any text message.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: