Privacy Policy

Last updated: Last updated: February 6, 2026

1. Introduction

mybeautymaster ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect your information when you use the mybeautymaster platform, including our website, mobile applications, and all related services (collectively, the "Platform").

This Privacy Policy applies to all Users of the Platform, including Customers, Service Providers (Beauty Professionals), and visitors. By accessing or using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Platform.

2. Information we collect

We collect the following categories of information in connection with your use of the Platform:

Account information

When you create an account, we collect your name, email address, phone number (in E.164 international format), and profile photo. This information is necessary to create and manage your account and to facilitate communication between Users.

Service provider information

If you register as a Service Provider, we may additionally collect your business name, professional licences and certifications, portfolio images, service descriptions, pricing information, availability schedules, spoken languages, and bank account details (processed through Stripe Connect for payouts).

Booking information

When you make or receive a Booking, we collect the service type, date and time, Service Location address, special instructions, and any notes exchanged between the Customer and Service Provider.

Location data

We collect Service Location addresses provided by Customers during the Booking process. These addresses are geocoded (converted to geographic coordinates) using our mapping service provider to enable location-based matching with nearby Service Providers. We store location data in GeoJSON format. We do not continuously track your real-time location.

Communication data

We collect and store messages exchanged between Customers and Service Providers through the Platform's messaging system. This includes pre-booking inquiries, booking coordination messages, and post-service communications.

Payment information

We collect transaction history and payment method information. All payment processing is handled by Stripe. mybeautymaster does not store, process, or have access to full credit card or debit card numbers. See Section 5 (Payment Data) for more details.

Device and usage information

We automatically collect certain technical information when you use the Platform, including your IP address, browser type and version, device type and operating system, pages visited, time spent on pages, referral URLs, and session identifiers.

Organization data

If you create or join a business organization on the Platform, we collect the organization name, profile information (banner, biography), team member details, roles, and organization settings such as default timezone and currency.

3. How we use your information

We use the information we collect for the following purposes:

  • Service delivery: To facilitate the discovery, booking, and delivery of beauty services between Customers and Service Providers.
  • Location matching: To match Customers with nearby Service Providers using geocoded address data.
  • Payment processing: To process payments, manage refunds, and facilitate payouts to Service Providers through Stripe.
  • Identity verification and fraud prevention: To verify User identities, prevent fraudulent transactions, and protect the safety of all Users.
  • Communications: To send Booking confirmations, reminders, updates, support messages, and other service-related communications.
  • Platform improvement: To analyze usage patterns, diagnose technical issues, and improve the functionality, features, and user experience of the Platform.
  • Marketing: To send promotional communications about mybeautymaster services and features. You may opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Dispute resolution: To investigate and resolve disputes between Users, enforce our Terms and Conditions, and protect the rights, property, and safety of mybeautymaster and its Users.

4. Information sharing

We share your information only in the following circumstances:

Between Customers and Service Providers

When a Booking is made, we share relevant information between the Customer and Service Provider necessary for service delivery. This includes the Customer's name, Service Location address, and Booking details shared with the Service Provider; and the Service Provider's name, business name, qualifications, and reviews shared with the Customer.

With third-party service providers

  • Stripe: Payment processing, including transaction data, payout information, and fraud detection.
  • Mapping services: Address data for geocoding and location-based features.
  • Analytics: Anonymized and aggregated usage data for platform analytics and performance monitoring.

Legal requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the safety, rights, or property of mybeautymaster, our Users, or the public.

We do not sell your personal information to third parties. We do not share your personal information with advertisers or ad networks.

5. Payment data

All payment processing on the Platform is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. This is the highest level of certification available in the payment card industry.

  • mybeautymaster does not store, process, or have access to your full credit card numbers, debit card numbers, or bank account details. This information is collected and processed directly by Stripe.
  • Service Provider payout information (bank account details for receiving payments) is stored and managed by Stripe Connect. mybeautymaster does not have access to these details.
  • We retain transaction records (amounts, dates, service descriptions) for accounting, tax reporting, and legal compliance purposes.
  • Stripe's collection, use, and disclosure of payment data is governed by Stripe's own Privacy Policy, which is available at stripe.com/privacy.

6. Authentication & security

We take the security of your personal information seriously and implement a range of technical and organizational measures to protect it:

  • Session-based authentication: User authentication is managed through secure session-based authentication. Sessions are stored securely and expire after a defined period of inactivity.
  • Passkey support: We support passkey (WebAuthn) authentication for passwordless login, providing an additional layer of security against phishing and credential theft.
  • Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
  • Access controls: We implement role-based access controls within organizations, ensuring that Users can only access information and perform actions appropriate to their role (owner, admin, member).
  • Security reviews: We conduct regular security reviews and updates to our systems and practices.
  • Breach notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected Users and relevant authorities as required by applicable law.

While we strive to use commercially acceptable means to protect your personal information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Location data

  • We collect Service Location addresses provided by Customers when they make a Booking. These addresses are used to coordinate the delivery of at-home and mobile beauty services.
  • Addresses are geocoded (converted to geographic coordinates) using our mapping service provider to enable features such as matching Customers with nearby Service Providers and calculating service areas.
  • Location data is stored in GeoJSON format in our database and is used for geospatial queries (e.g., finding Service Providers within a certain radius of a Customer's location).
  • Service Providers may set their service area or delivery radius, which is used to determine whether they can serve a particular Customer location.
  • We do not continuously or passively track your real-time location. Location data is only collected when you actively provide an address during the Booking process or when updating your Service Provider profile.
  • Location data is retained as part of your Booking history for the duration specified in the Data Retention section below.

8. Cookies & tracking

We use the following types of cookies and similar technologies:

  • Authentication cookies (essential): These cookies are necessary for session management and authentication. They enable you to remain logged in and access protected features. These cookies cannot be disabled as they are essential to the Platform's functionality.
  • Preference cookies: These cookies remember your preferences, such as language settings, theme selection, and recent search history, to provide a personalized experience.
  • Search session cookies: We store search session data in cookies for up to 30 days to provide a seamless search experience across visits, including recently searched locations and service types.
  • Analytics: We use analytics tools to collect anonymized and aggregated usage metrics, such as page views, feature usage, and error rates. This data is used to improve Platform performance and user experience.

We do not use third-party advertising cookies or tracking pixels. We do not serve targeted advertisements or share cookie data with advertising networks. You can manage cookie preferences through your browser settings, although disabling essential cookies may affect the functionality of the Platform.

9. Data retention

We retain your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our specific retention practices are as follows:

  • Account data: Retained for as long as your account is active. Upon account deletion, your personal data is soft-deleted (marked as inactive) within our systems. Soft-deleted data is not accessible through the Platform but may be retained in our databases for a limited period to comply with legal obligations and to resolve any outstanding disputes.
  • Booking history: Retained for seven (7) years from the date of the Booking for tax, accounting, and legal compliance purposes.
  • Payment records: Retained in accordance with Stripe's data retention policies and applicable tax and financial regulations.
  • Communication logs: Retained for two (2) years from the date of the last message in a conversation thread.
  • Audit and security logs: Retained indefinitely for security monitoring, fraud prevention, and compliance purposes. These logs contain technical event data and do not include the content of communications.
  • Analytics data: Anonymized and aggregated analytics data is retained indefinitely as it cannot be used to identify individual Users.

Upon receiving a valid account deletion request, we will process the deletion of your personal data within thirty (30) days, subject to the retention periods described above for specific categories of data.

10. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of access: You may request a copy of the personal information we hold about you.
  • Right to correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right to deletion: You may request that we delete your personal information, subject to certain legal exceptions and retention requirements described in Section 9 above.
  • Right to data portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: You may withdraw your consent to marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.
  • Right to complain: You have the right to lodge a complaint with a data protection authority in your jurisdiction if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the information provided in the Contact Information section below. We will respond to your request within thirty (30) days of receipt.

11. Children's privacy

The mybeautymaster Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect, solicit, or store personal information from anyone under 18 years of age.

If we become aware that we have collected personal information from a person under 18, we will take prompt steps to delete such information from our systems. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately using the information in the Contact Information section below.

12. International data transfers

mybeautymaster is based in Canada. Your personal information may be processed, stored, and transferred in Canada and in other jurisdictions where our service providers operate, including the United States.

Our cloud infrastructure providers may store and process data in multiple geographic regions. When your data is transferred to a jurisdiction outside of Canada, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy legislation.

13. Third-party services

The Platform integrates with the following third-party services. Each service has its own privacy policy governing their collection and use of data:

  • Stripe — Payment processing, subscription management, and Service Provider payouts. Stripe is PCI-DSS Level 1 certified.
  • Mapbox — Geocoding addresses to geographic coordinates and mapping features for location-based services.
  • Cloudflare — Content delivery, DDoS protection, and object storage (R2) for user-uploaded files such as portfolio images and profile photos.
  • Vercel — Web application hosting, deployment, and anonymized analytics.
  • MongoDB Atlas — Cloud database hosting and management for application data.

We carefully select third-party service providers that maintain appropriate security standards and data protection practices. However, mybeautymaster is not responsible for the privacy practices of these third-party services. We encourage you to review their respective privacy policies.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes to this Privacy Policy, we will notify Users by email, in-app notification, or by prominently posting a notice on the Platform.

The "Last updated" date at the top of this page indicates when this Privacy Policy was most recently revised. Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us at:

  • Email: privacy@mybeautymaster.com
  • Subject line: Privacy Policy Inquiry

We will make reasonable efforts to respond to all privacy-related inquiries within thirty (30) business days.

Ready to book your next beauty appointment?

Join thousands of customers who book trusted beauty professionals every day. Create your free account and get started in minutes.

Book now