Skip to content

Privacy Policy

Last updated: March 11, 2026

1. Information We Collect

When you use ParlourDesk, we may collect the following information:

  • Account information: Name, email address, studio name, and phone number when you create an account.
  • Waitlist information: Email address when you join our waitlist.
  • Usage data: How you interact with our platform, including pages visited, features used, and session data. This data is collected through our analytics provider (see Section 7).
  • Client data: Information you input about your clients (appointments, consent forms, deposits, contact details, skin notes). This data belongs to you.
  • Device and browser information: IP address, browser type, operating system, and device identifiers collected automatically when you access the platform.

2. How We Use Your Information

We use collected information to:

  • Provide and improve the ParlourDesk platform
  • Send you product updates and launch notifications (only with your explicit opt-in consent)
  • Process appointments, consent forms, and deposit tracking
  • Send automated SMS reminders to your clients on your behalf
  • Send transactional emails (account confirmation, password resets, billing receipts)
  • Generate commission and financial reports for your studio
  • Analyze usage patterns to improve features and user experience
  • Detect and prevent fraud, abuse, or security incidents

3. Data Storage & Security

Your data is stored securely using industry-standard encryption in transit (TLS 1.2+) and at rest (AES-256). Client consent forms are rendered as tamper-proof PDFs with timestamps and IP logs. We use Supabase for our database infrastructure, which provides row-level security, encryption at rest, and regular automated backups. All data is hosted in the United States.

4. Data Sharing & Third-Party Services

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with the following service providers who are necessary to operate the platform:

  • Supabase — Database hosting, authentication, and file storage
  • Twilio — SMS reminder delivery to your clients on your behalf
  • Resend — Transactional email delivery (account notifications, consent form receipts)
  • Dodo Payments — Subscription billing and payment processing for your ParlourDesk subscription
  • Vercel — Application hosting and content delivery
  • PostHog — Product analytics (see Section 7)

Each of these providers is contractually obligated to protect your data and use it only for the purposes of providing their services. We may also disclose information when required by law, regulation, or valid legal process.

5. Your Rights

You have the right to:

  • Access, update, or correct your personal information at any time through your account settings
  • Export your data (clients, appointments, consent forms) at any time
  • Unsubscribe from marketing communications at any time
  • Request deletion of your account and all associated data
  • Withdraw consent for data processing where consent is the legal basis
  • Lodge a complaint with a supervisory authority if you believe your rights have been violated

To exercise any of these rights, contact us at privacy@parlourdesk.com. We will respond to all requests within 30 days.

6. Cookies

We use essential cookies to maintain your session and authentication state. These cookies are strictly necessary for the platform to function and cannot be disabled. We do not use third-party advertising cookies or cross-site tracking cookies.

7. Analytics

We use PostHog, a product analytics platform, to understand how users interact with ParlourDesk. PostHog collects anonymized usage data including pages visited, features used, and session duration. This data helps us improve the platform. PostHog does not sell your data or use it for advertising purposes. You can opt out of analytics tracking by contacting us at privacy@parlourdesk.com.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain records for legal or regulatory purposes (e.g., billing records may be retained for up to 7 years for tax compliance). Consent form PDFs and associated records are retained for the duration of your account and for 30 days following account deletion to allow for data export.

9. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities as required by applicable law. The notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommendations for you to protect yourself.

10. Children's Privacy

ParlourDesk is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@parlourdesk.com.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out: We do not sell personal information. If this changes, we will provide a clear opt-out mechanism.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@parlourdesk.com with the subject line “CCPA Request.”

12. European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the following applies:

  • Lawful basis: We process your data based on (a) your consent, (b) the performance of our contract with you, (c) our legitimate interests in operating and improving the platform, and (d) compliance with legal obligations.
  • Data transfers: Your data is stored in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards for international data transfers.
  • Right to portability: You may request a machine-readable copy of your personal data.
  • Right to restriction: You may request that we limit the processing of your data in certain circumstances.
  • Right to object: You may object to processing based on legitimate interests.

For GDPR-related inquiries, contact us at privacy@parlourdesk.com.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect. Your continued use of ParlourDesk after the effective date constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions or to exercise your data rights, contact us at: