← Back to Home

Privacy Policy

Last updated: 15 January 2025

1. Introduction

Fill The Chair ("we", "us", or "our") is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our salon and barbershop booking software.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller

For the purposes of data protection law, Fill The Chair acts as a Data Processor on behalf of salons and barbershops (the Data Controllers) who use our software to manage client bookings.

Contact Details:
Email: privacy@fillthechair.com
Website: https://app.fillthechair.com

3. Information We Collect

Practice Information

  • Practice name, address, and contact details
  • User account information (name, email, password)
  • Billing and subscription information

Client Information

On behalf of salons and barbershops, we process:

  • Client names
  • Email addresses
  • Phone numbers
  • Appointment dates and times
  • Appointment notes (optional)
  • Waitlist preferences

Technical Information

  • IP addresses (for security purposes)
  • Browser type and version
  • Usage data and analytics

4. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: To provide our software services to salons and barbershops
  • Legitimate Interest: To manage bookings and send reminders on behalf of businesses
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

  • To provide and maintain our service
  • To send booking reminders via email and SMS
  • To notify waitlisted clients of available appointments
  • To process payments and manage subscriptions
  • To provide customer support
  • To detect and prevent fraud or abuse
  • To improve our services

6. Data Sharing and Third Parties

We share data with the following service providers (sub-processors):

Supabase (Database Hosting)

Location: European Union (Ireland)

Purpose: Secure data storage

Stripe (Payment Processing)

Location: United States (with EU data processing)

Purpose: Subscription billing

Data shared: Practice email, subscription details

Twilio (SMS Provider)

Location: United States

Purpose: Sending SMS booking reminders

Data shared: Client phone numbers, booking details

Resend (Email Provider)

Location: United States

Purpose: Sending email reminders and notifications

Data shared: Client email addresses, booking details

For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) and ensure our sub-processors maintain appropriate data protection measures.

7. Data Retention

  • Client data: Retained for 3 years after the last booking, or as required by the business
  • Account data: Retained for the duration of subscription plus 1 year
  • Communication logs: Retained for 1 year
  • Billing records: Retained for 7 years (legal requirement)

Businesses may request earlier deletion of client data at any time.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@fillthechair.com or use the data export and deletion features in your dashboard settings.

9. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Row-level security in our database
  • Regular security audits
  • Access controls and authentication
  • Secure password hashing

10. Cookies

We use essential cookies only for authentication and security purposes. We do not use tracking cookies or third-party analytics that track individual users.

11. Children's Privacy

Our service is intended for salons, barbershops, and their staff. We do not knowingly collect personal information from children under 16. Client records for minors are managed by the business as Data Controller.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our website. The "Last updated" date at the top indicates when changes were last made.

13. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@fillthechair.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

14. Contact Us

For any questions about this Privacy Policy or our data practices, contact us at:
privacy@fillthechair.com