Skip to main content
BeautyOps

Last updated: 12 February 2026

Privacy Policy

BeautyOps acts as the processor for the salons, studios, and clinics that use our platform. The following summary explains what we collect, why we collect it, and how you stay in control.

To request access, export, or deletion of your data, email privacy@beautyops.com or support@beautyops.com with your identity; we will respond within 30 days.

1. Information we collect

We only collect data needed to run AI receptionist, booking, and automation workflows on your behalf. That data falls into three buckets:

  • Operator data: account details, team members, service catalogues, policies, and payment settings.
  • Client data: contact information, preferences, appointment history, consents, and communication records that your team syncs into BeautyOps.
  • System data: device, browser, essential cookies (set by Clerk for authentication and security — no analytics or tracking cookies), and usage diagnostics that help us keep the platform stable and secure.

2. How we use information

BeautyOps processes data solely to deliver the services you configure. Typical uses include:

  • Responding to client messages, enforcing deposits, and booking appointments per your rules.
  • Sending confirmations, reminders, follow-ups, and compliance notifications you enable.
  • Improving product reliability (e.g., monitoring API health, preventing abuse, and training guardrails).

We never sell customer data. We only share information with subprocessors required to deliver the product (hosting, analytics, messaging providers), all of whom are bound by written agreements.

3. Data retention & deletion

Client and operator records stay in BeautyOps for as long as you are a customer or until you ask us to remove them. When an account closes, we delete or anonymise data within 60 days unless a longer retention period is required by law or adjudicated contracts.

4. Security & compliance

BeautyOps encrypts data in transit (TLS 1.2+) and at rest, enforces role-based access control, and keeps detailed audit trails for booking and messaging actions. Infrastructure is hosted on SOC 2 and ISO 27001 certified providers. We support HIPAA-aligned workflows for clinics handling PHI.

5. Your rights & controls

Operators can access, edit, export, or delete their data at any time from the dashboard or by contacting us. End clients can request access or deletion through the clinics that serve them, or by emailing data-protection@beautyops.com with relevant details so we can coordinate with the operator of record.

6. Subprocessors

We use the following subprocessors to deliver the service. Purpose and typical location are listed. We keep this list updated when we add or change vendors.

  • Clerk (authentication) — US.
  • Resend (transactional email) — US.
  • Vercel (hosting, serverless) — US.
  • Neon / PostgreSQL (database) — US/EU depending on project.
  • Stripe (payments, when deposits are enabled) — US.
  • OpenAI / Vercel AI (AI receptionist, when enabled) — US.
  • Square (payments, when integrated) — US.

7. Contact us

Questions about privacy, data processing agreements, or regional compliance requirements can be sent to privacy@beautyops.com. We aim to respond within one business day.