Legal

Privacy Policy

Effective date: 22 May 2026 · Last updated: 22 May 2026

⚠ Owner: 2 things to fill in before publishing
Search for the yellow ⚠ FILL IN markers and replace them with your real contact email and your country. Everything else is accurate and ready as-is.
In plain language: We collect only what is needed to run your barbershop. We do not sell your data. You can delete everything at any time from inside the app. If you are in the EU, you have GDPR rights which we respect.

1. Who We Are (Data Controller)

The MyBarb platform is operated by:

Legal name: ⚠ FILL IN — Your Full Name or Registered Company Name
Country: ⚠ FILL IN — Country of registration/residence
Privacy contact: ⚠ FILL IN — your@email.com

For the purposes of data protection law, the operator above is the data controller for personal data of registered users (shop owners and barbers).

For personal data of end-clients entered by barbershops into the system, the barbershop owner is the data controller and MyBarb acts only as a data processor. A Data Processing Agreement (DPA) is available on request.

2. Data We Collect

We collect only what is strictly necessary to operate the Service:

CategoryDataPurpose
Account data Username, hashed password, account creation date Authentication and account management
Shop information Shop name, address, city, country, phone, logo, opening hours, profile slug, social media links Running your barbershop profile and public page
Staff profiles Barber names, usernames, hashed PINs, role, slot interval setting Multi-staff access management
Client records Client first name, phone number only CRM, appointment history, WhatsApp reminders
Appointment records Date, time, barber, service, price, status, duration Calendar management and analytics
Service catalogue Service names, prices, duration Booking and public profile
User preferences Language, theme, notification settings, WhatsApp message template Personalisation
Server access logs IP address, browser/OS type, access timestamp — deleted after 30 days Security and abuse prevention only

What We Do NOT Collect

3. How We Use Your Data

We do not use your data for advertising, profiling, or marketing. We do not sell, rent, or trade personal data to any third party.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), processing is based on the following GDPR Article 6 grounds:

PurposeLegal Basis
Delivering the Service (account, calendar, CRM)Performance of a contract — Art. 6(1)(b)
Security logs and abuse preventionLegitimate interests — Art. 6(1)(f)
Legal obligations and authority requestsLegal obligation — Art. 6(1)(c)
Anonymised product improvement analyticsLegitimate interests — Art. 6(1)(f)

5. Data Storage & Retention

Where your data is stored

MyBarb stores data in two places:

Retention periods

Data typeHow long we keep it
Active account and business dataFor the lifetime of the active account
After account deletionPermanently purged within 30 days
Server access logs30 days, then automatically deleted
BackupsRolling 7-day server backups (overwritten)

6. Third Parties & Data Sharing

We share personal data only in the following limited situations:

Hosting — Bluehost (USA)

Our database is hosted by Bluehost (Endurance International Group, United States). They act as a sub-processor under their own terms of service and privacy policies. We rely on Bluehost's security and data protection measures for server-side data storage. You can review Bluehost's privacy practices at bluehost.com/privacy.

WhatsApp / Meta (optional, user-initiated)

The app includes an optional button that opens the WhatsApp app pre-filled with a reminder message for a client. This action is initiated entirely by you (the shop owner). MyBarb does not send anything automatically; it only opens a link. When WhatsApp opens, Meta's own privacy policy governs that interaction. MyBarb does not transmit data to Meta.

Legal requests

We may disclose data if required by a court order, law enforcement agency, or regulatory authority with legal jurisdiction over us. We will notify you where legally permitted to do so.

We never sell, rent, exchange, or share your personal data with advertisers, data brokers, or any third party for commercial purposes.

7. International Data Transfers

Our servers are located in the United States. If you are based in the EEA or the UK, transferring personal data to the US requires safeguards under GDPR Chapter V.

We rely on Bluehost's applicable data transfer mechanisms and compliance framework for this transfer. By using the Service, you acknowledge that your data will be processed on servers located in the United States under these conditions.

If you require a formal Data Processing Agreement (DPA) including specific transfer clauses for your own GDPR compliance as a data controller, please contact us and we will provide one.

8. Cookies & Local Storage

MyBarb does not use tracking cookies, advertising cookies, or third-party analytics cookies.

The app uses the browser's localStorage API to store application data on your device. Unlike cookies, localStorage data is never sent to any server automatically — it stays entirely on your device. The data stored locally is:

localStorage KeyContains
berberia-shopShop name, address, hours, logo, social links
berberia-barbersStaff list and settings
berberia-sessionCurrent login session (username, role)
berberia-appointmentsAppointment records
berberia-clientsClient names and phone numbers
mybarb-servicesService catalogue
mybarb-subscriptionActive plan information
mybarb-tokenServer authentication token
mybarb_langDisplay language preference
berberia-themeDark/light theme preference

The Service Worker also caches the app's own code files (HTML, CSS, JS, images) for offline use. This cache contains no personal data — only application code.

9. Your GDPR Rights

If you are in the European Economic Area or the United Kingdom, you have the following rights:

👁
Right of Access
Request a copy of all personal data we hold about you.
✏️
Rectification
Correct inaccurate or incomplete data. Most data can be corrected directly in the app.
🗑️
Erasure
Delete your account and all data via Settings → "Delete Shop". Server data purged within 30 days.
📦
Data Portability
Request your data in a structured, machine-readable format.
🚫
Right to Object
Object to processing based on legitimate interests.
Restriction
Request that we restrict processing in certain circumstances.

To exercise any right, contact us at ⚠ FILL IN — your@email.com. We will respond within 30 days. Identity verification may be required before we action a request.

You may also lodge a complaint with your national data protection authority at any time. You do not need to contact us first, though we encourage you to do so.

10. Security Measures

We implement the following technical and organisational security measures:

No system is completely immune to security incidents. In the event of a data breach that creates a high risk to your rights and freedoms, we will notify you and the competent supervisory authority within 72 hours, as required by GDPR Article 33, where notification is feasible.

11. Children's Privacy

MyBarb is a professional business management tool for adults. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a minor has provided data to us, please contact us immediately and we will delete it.

12. Relationship to Terms of Service

This Privacy Policy forms part of our Terms of Service, which govern the overall legal relationship between you and MyBarb, including liability limitations, indemnification, dispute resolution, governing law, and the B2B nature of the Service. By using MyBarb, you agree to both documents.

13. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. We will notify you of material changes at least 14 days in advance via in-app notification. Minor clarifications may be made without notice.

The current version is always available at mybarb.app/privacy.html. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

For privacy questions, data subject requests, or to report a concern:

MyBarb Privacy
Operated by: ⚠ FILL IN — Your Name / Company
Email: ⚠ FILL IN — your@email.com
Response time: within 30 days
Website: mybarb.app

If you are unhappy with our response, you have the right to lodge a complaint with your national data protection supervisory authority.