Legal
Effective date: 22 May 2026 · Last updated: 22 May 2026
The MyBarb platform is operated by:
For the purposes of data protection law, the operator above is the data controller for personal data of registered users (shop owners and barbers).
For personal data of end-clients entered by barbershops into the system, the barbershop owner is the data controller and MyBarb acts only as a data processor. A Data Processing Agreement (DPA) is available on request.
We collect only what is strictly necessary to operate the Service:
| Category | Data | Purpose |
|---|---|---|
| Account data | Username, hashed password, account creation date | Authentication and account management |
| Shop information | Shop name, address, city, country, phone, logo, opening hours, profile slug, social media links | Running your barbershop profile and public page |
| Staff profiles | Barber names, usernames, hashed PINs, role, slot interval setting | Multi-staff access management |
| Client records | Client first name, phone number only | CRM, appointment history, WhatsApp reminders |
| Appointment records | Date, time, barber, service, price, status, duration | Calendar management and analytics |
| Service catalogue | Service names, prices, duration | Booking and public profile |
| User preferences | Language, theme, notification settings, WhatsApp message template | Personalisation |
| Server access logs | IP address, browser/OS type, access timestamp — deleted after 30 days | Security and abuse prevention only |
We do not use your data for advertising, profiling, or marketing. We do not sell, rent, or trade personal data to any third party.
For users in the European Economic Area (EEA), processing is based on the following GDPR Article 6 grounds:
| Purpose | Legal Basis |
|---|---|
| Delivering the Service (account, calendar, CRM) | Performance of a contract — Art. 6(1)(b) |
| Security logs and abuse prevention | Legitimate interests — Art. 6(1)(f) |
| Legal obligations and authority requests | Legal obligation — Art. 6(1)(c) |
| Anonymised product improvement analytics | Legitimate interests — Art. 6(1)(f) |
MyBarb stores data in two places:
localStorage and Service Worker cache. This data never leaves your device automatically. It is under your full control. Clearing your browser storage removes it from your device (not from the server).| Data type | How long we keep it |
|---|---|
| Active account and business data | For the lifetime of the active account |
| After account deletion | Permanently purged within 30 days |
| Server access logs | 30 days, then automatically deleted |
| Backups | Rolling 7-day server backups (overwritten) |
We share personal data only in the following limited situations:
Our database is hosted by Bluehost (Endurance International Group, United States). They act as a sub-processor under their own terms of service and privacy policies. We rely on Bluehost's security and data protection measures for server-side data storage. You can review Bluehost's privacy practices at bluehost.com/privacy.
The app includes an optional button that opens the WhatsApp app pre-filled with a reminder message for a client. This action is initiated entirely by you (the shop owner). MyBarb does not send anything automatically; it only opens a link. When WhatsApp opens, Meta's own privacy policy governs that interaction. MyBarb does not transmit data to Meta.
We may disclose data if required by a court order, law enforcement agency, or regulatory authority with legal jurisdiction over us. We will notify you where legally permitted to do so.
Our servers are located in the United States. If you are based in the EEA or the UK, transferring personal data to the US requires safeguards under GDPR Chapter V.
We rely on Bluehost's applicable data transfer mechanisms and compliance framework for this transfer. By using the Service, you acknowledge that your data will be processed on servers located in the United States under these conditions.
If you require a formal Data Processing Agreement (DPA) including specific transfer clauses for your own GDPR compliance as a data controller, please contact us and we will provide one.
MyBarb does not use tracking cookies, advertising cookies, or third-party analytics cookies.
The app uses the browser's localStorage API to store application data on your device. Unlike cookies, localStorage data is never sent to any server automatically — it stays entirely on your device. The data stored locally is:
| localStorage Key | Contains |
|---|---|
| berberia-shop | Shop name, address, hours, logo, social links |
| berberia-barbers | Staff list and settings |
| berberia-session | Current login session (username, role) |
| berberia-appointments | Appointment records |
| berberia-clients | Client names and phone numbers |
| mybarb-services | Service catalogue |
| mybarb-subscription | Active plan information |
| mybarb-token | Server authentication token |
| mybarb_lang | Display language preference |
| berberia-theme | Dark/light theme preference |
The Service Worker also caches the app's own code files (HTML, CSS, JS, images) for offline use. This cache contains no personal data — only application code.
If you are in the European Economic Area or the United Kingdom, you have the following rights:
To exercise any right, contact us at ⚠ FILL IN — your@email.com. We will respond within 30 days. Identity verification may be required before we action a request.
You may also lodge a complaint with your national data protection authority at any time. You do not need to contact us first, though we encourage you to do so.
We implement the following technical and organisational security measures:
No system is completely immune to security incidents. In the event of a data breach that creates a high risk to your rights and freedoms, we will notify you and the competent supervisory authority within 72 hours, as required by GDPR Article 33, where notification is feasible.
MyBarb is a professional business management tool for adults. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a minor has provided data to us, please contact us immediately and we will delete it.
This Privacy Policy forms part of our Terms of Service, which govern the overall legal relationship between you and MyBarb, including liability limitations, indemnification, dispute resolution, governing law, and the B2B nature of the Service. By using MyBarb, you agree to both documents.
We may update this Privacy Policy to reflect changes in our practices or legal obligations. We will notify you of material changes at least 14 days in advance via in-app notification. Minor clarifications may be made without notice.
The current version is always available at mybarb.app/privacy.html. The "Last updated" date at the top of this page reflects the most recent revision.
For privacy questions, data subject requests, or to report a concern:
If you are unhappy with our response, you have the right to lodge a complaint with your national data protection supervisory authority.