PARLORHQ

Privacy Policy

Last updated: June 2026

1. Information We Collect

Account data: Email address, password (hashed), OAuth provider tokens.

Profile data: Name, handle, bio, Instagram handle, profile photos.

Client data (collected by shops): Name, address, date of birth, emergency contact, medical conditions, allergies, ID photos, signatures.

Usage data: IP addresses, device type, pages visited, feature usage.

Payment data: Transaction amounts and metadata (card numbers are processed by Square/Clover/Stripe and never stored by Parlor HQ).

2. How We Use Your Information

To provide the Platform services: scheduling, waivers, check-in, portfolio management, and payments. To send transactional notifications (appointment reminders, invitation emails). To improve the Platform through aggregated, anonymized analytics.

3. Data Ownership and Tenancy

Each shop (tenant) owns the client data collected through their workspace. Parlor HQ processes this data on behalf of shop owners. Client data is isolated per tenant — one shop cannot access another shop's client records.

4. Data Sharing

We do not sell personal data. We share data only with: payment processors (to complete transactions), email providers (to send notifications), and as required by law.

5. Data Storage and Security

Data is stored in encrypted PostgreSQL databases. Images are stored in S3-compatible object storage with access controls. Sessions use encrypted tokens with 24-hour expiry. Passwords are hashed with bcrypt.

6. Data Retention

Account data is retained while the account is active. Signed waivers are retained per shop policy and applicable health regulations (typically 3–7 years). You may request deletion of your account and associated data at any time.

7. Your Rights

You may: access your data (GET /me), update your information, delete your account, export your data, and withdraw consent for optional processing. Shop owners may export or delete client data from their tenant.

8. Cookies

We use essential cookies for session management and tenant theme caching. No third-party advertising cookies are used.

9. Children

The Platform is not intended for users under 18. Minors requiring tattoo/piercing services must have parental consent as managed by the shop's waiver process.

10. Changes to This Policy

We will notify registered users via email of material changes at least 30 days before they take effect.

11. Contact

Privacy inquiries: privacy@parlorhq.io