Pivot Parlor

Privacy Policy

Last updated: March 2026

Pivot Parlor
BytesFX Ltd · Moselle Avenue, London, UK, N22 6ET
dev@pivotparlor.com

1. Who We Are

Pivot Parlor (“we”, “us”, or “our”) is a booking platform for beauty parlours and barber shops, operated by BytesFX Ltd, registered in England and Wales. We act as data controller for personal data collected through this website (pivotparlor.com) and our platform. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Enquiry and contact data: your name, email address, phone number, shop name, and message when you submit a contact or onboarding enquiry.
  • Account data: email address and hashed password if you register as a shop admin or staff member, or your name and email if you sign in via a social provider (Google or LinkedIn).
  • Shop and business data: your shop name, type, address, services, pricing, and staff information provided during onboarding and platform use.
  • Customer booking data: customer names, email addresses, phone numbers, appointment details, and service records processed on behalf of shops using the platform.
  • Payment data: transaction amounts and booking IDs. Full payment card details are processed by Stripe and are never stored on our systems.
  • Technical data: IP address, browser type and version, device type, time zone, and operating system, collected automatically when you access our website.
  • Usage data: pages viewed, links clicked, and interactions with our platform, collected to improve our service.

We do not collect sensitive personal data unless you voluntarily provide it. We do not knowingly collect data from children under 16.

3. How We Use Your Personal Data

  • To respond to enquiries and onboard new shops — lawful basis: legitimate interests / performance of a contract.
  • To operate and deliver the platform, including processing bookings, managing staff schedules, and sending appointment reminders — lawful basis: performance of a contract.
  • To process payments and calculate commissions — lawful basis: performance of a contract.
  • To send service-related communications such as booking confirmations, platform updates, and account notifications — lawful basis: performance of a contract / legitimate interests.
  • To improve our website and platform through analytics — lawful basis: legitimate interests.
  • To comply with legal obligations — lawful basis: compliance with a legal obligation (Article 6(1)(c) UK GDPR).

4. Who We Share Your Data With

We do not sell your personal data. We may share it with the following third parties:

  • Cloudflare, Inc. — our infrastructure provider, which hosts our platform data on UK/EEA-region servers. Cloudflare processes data on our behalf under a Data Processing Agreement.
  • Stripe, Inc. — to process payments securely. Stripe is PCI DSS Level 1 certified. We do not store full card details on our systems.
  • Email and communication providers — used to deliver appointment confirmations and platform notifications.
  • Analytics providers — where you have consented to analytics cookies, anonymised usage data may be processed by analytics services.
  • Law enforcement or regulators — where required by law, or to protect our rights, property, or safety.

All third-party processors are required to handle your data securely and only for the purposes we specify.

5. Data Retention

  • Enquiry and contact records are retained for up to 2 years.
  • Account and shop data is retained for the duration of the shop’s active subscription plus 12 months after termination.
  • Booking and transaction records are retained for up to 7 years to satisfy accounting and legal obligations.
  • Technical and server logs are typically retained for up to 90 days.

6. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restrict processing — to request that we limit how we use your data.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at dev@pivotparlor.com or write to us at Moselle Avenue, London, UK, N22 6ET. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS/TLS encryption, hashed password storage, session token expiry, and access controls restricting data to authorised personnel only. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.

8. Cookies

Our website uses cookies and similar technologies. See our Cookie Policy for full details on what cookies we use, why, and how to manage your preferences.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

10. Contact Us

For any privacy questions or data rights requests, contact us at dev@pivotparlor.com or write to Pivot Parlor, Moselle Avenue, London, UK, N22 6ET.