Privacy Policy

Last updated: 15 January 2026

1. Introduction

Welcome to Hair SOS ("we", "our", "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform.

Hair SOS is operated in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are the data controller responsible for your personal data.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, phone number, and profile photo when you register
  • Profile Information: Hair type, hair concerns, and preferences for clients; qualifications, specialities, and portfolio for stylists
  • Consultation Data: Photos, descriptions, and messages related to your hair consultations
  • Payment Information: Billing address and payment details (processed securely by Stripe)
  • Communications: Messages between clients and stylists, and any correspondence with our support team

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Cookies: Information collected through cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide our consultation platform, connect clients with stylists, and process payments
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support
  • Communication: To send service notifications, updates, and respond to your enquiries
  • Improvement: To analyse usage patterns and improve our platform's functionality and user experience
  • Safety & Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Marketing: With your consent, to send promotional communications about our services

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services and preventing fraud
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Consent: Where you have given explicit consent for specific processing activities

5. Data Sharing

We may share your personal data with:

  • Stylists/Clients: Relevant information is shared between parties to facilitate consultations
  • Platform Administrators: Our authorised staff may access consultation content (including messages and photos) for the following purposes:
    • Quality assurance and service improvement
    • Dispute resolution between clients and stylists
    • Safety and moderation (detecting inappropriate content or behaviour)
    • Compliance with legal obligations
    • Preventing fraud and protecting platform integrity
    All administrator access is logged and audited for accountability.
  • Payment Processors: Stripe processes payments on our behalf under their own privacy policy
  • Service Providers: Trusted third parties who assist with hosting, analytics, and email services
  • Legal Authorities: When required by law or to protect our rights and safety

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (e.g., tax records for 7 years)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at hello@hairsos.co.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication
  • Secure data centres

9. International Transfers

Your data may be transferred to and processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Hair SOS

Email: hello@hairsos.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Back to Home