Home About Services Gallery Loyalty Scheme Contact Support Make an Appointment
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: 7 May 2026

This Privacy Policy explains how Ntapers Brockley Limited ("Neck Tapers", "we", "us", "our") collects, uses, stores and protects your personal data when you use our mobile application (the "App") and our barbering services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy should be read alongside our Terms and Conditions.

1. Who We Are

We are the data controller responsible for your personal data.

  • Company name: Ntapers Brockley Limited
  • Company number: 14432393
  • Registered office: 214 Lower Addiscombe Road, Croydon, CR0 7AB, England
  • Trading name: Neck Tapers
  • Contact email: necktapers@gmail.com
  • ICO registration number: [TO BE ADDED ONCE REGISTERED]

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at necktapers@gmail.com.

2. Personal Data We Collect

2.1 Information You Provide When You Sign Up

When you first sign in to the App using your Apple ID or Google account, we ask you to provide the following:

  • First name and surname
  • Mobile phone number
  • Birth month and year (we do not collect your date of birth)

2.2 Information from Apple and Google

When you sign in with Apple or Google, we receive certain information from those providers, which may include:

  • Your name
  • Your email address (or a private relay email if you use Sign in with Apple)
  • A unique user identifier

We do not receive your Apple or Google password. The information we receive is governed by the privacy settings you have chosen with Apple or Google.

2.3 Booking and Service Information

  • The shop, barber, service and time you have booked
  • Booking history (past, upcoming, cancelled and rescheduled appointments)
  • Notes you add to a booking (for example, friend or family stamp notes)
  • Whether you attended, cancelled or no-showed an appointment

2.4 Loyalty Information

  • Stamps earned, redeemed and expired
  • Date and time stamps were issued
  • How a stamp was earned (in-app booking or NFC tap in-store)
  • Rewards you have unlocked or used

2.5 Payment Information

Payments and pre-authorisations are handled by Stripe, our payment processor. We do not collect or store your full card details. We receive limited information from Stripe such as:

  • The last four digits of your card
  • Card brand (Visa, Mastercard, etc.)
  • Whether a pre-authorisation, charge, refund or chargeback occurred
  • A Stripe customer or transaction reference

Stripe processes your payment information in accordance with its own privacy policy: https://stripe.com/gb/privacy.

2.6 Device and Technical Information

  • Device type, operating system and App version
  • Push notification token (if you opt in to notifications)
  • Basic technical logs needed to keep the App secure and working (such as login events and error logs)

We do not use third-party analytics tools, advertising SDKs or crash reporting services in the App.

2.7 Communications

  • Emails you send us, and our replies
  • In-store conversations and feedback (where relevant to your service)

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 To Provide Our Services

  • To create and manage your account
  • To take and manage your bookings
  • To pre-authorise and, where applicable, charge payments through Stripe
  • To track loyalty stamps and apply rewards
  • To verify your identity at the shop
  • To deal with cancellations, reschedules, no-shows and chargebacks

3.2 To Communicate With You About Your Bookings

We send transactional emails (via our email provider, Resend) for:

  • Booking confirmations
  • Booking reschedules
  • Booking cancellations
  • Receipts and checkout confirmations

These are service messages we need to send to operate your account and bookings — they are not marketing.

3.3 Push Notifications

If you opt in to push notifications, we will use them to:

  • Send you a reminder approximately 2 hours before your appointment
  • Notify you of operational matters such as shop closures, delays or unexpected changes
  • Occasionally let you know about same-day promotions or offers

You can turn push notifications on or off at any time from within your device settings or the App settings.

3.4 Internal Analytics

We use information from bookings, services and loyalty stamp activity to understand and improve our business. Examples include:

  • Identifying our busiest days and times
  • Identifying our most popular services and barbers
  • Forecasting demand and staffing
  • Reviewing performance of the loyalty programme

Where reasonably possible, we look at this information at an aggregated level. We do not share this analysis with third parties for advertising or marketing purposes.

3.5 To Prevent Fraud and Abuse

  • To detect and investigate suspicious bookings, no-show patterns or loyalty stamp abuse
  • To enforce our Terms and Conditions
  • To protect our customers, our staff and our business

3.6 To Comply With the Law

  • To keep accounting and tax records (HMRC requires us to retain certain records for 6 years)
  • To respond to valid legal requests from authorities
  • To meet our other legal and regulatory obligations

4. Our Legal Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

  • Contract: To provide the App and the services you book, manage your account, take payments and run the loyalty programme.
  • Legitimate interests: To run, secure and improve our business — including internal analytics, fraud and abuse prevention, enforcing our Terms, and sending operational push notifications. We will only rely on this basis where our interests are not overridden by your rights and freedoms.
  • Consent: Where you opt in to push notifications, and where required for any optional features.
  • Legal obligation: To keep tax and accounting records and respond to lawful requests.

5. Who We Share Your Personal Data With

We do not sell your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

5.1 Service Providers (Processors)

We use the following trusted third-party service providers to operate the App. They process your personal data on our behalf and only on our instructions:

  • Supabase: Hosts our database and back-end services (account information, bookings, loyalty data). Our Supabase project is hosted in Ireland (EU).
  • Stripe: Processes card payments and pre-authorisations.
  • Resend: Sends transactional emails such as booking confirmations and receipts.
  • Apple and Google: Provide sign-in services and (in Apple's case) the push notification system.

5.2 Other Recipients

  • Our staff and barbers, who need to see your name, contact details and booking information to serve you in the shop
  • Our professional advisers (such as accountants, auditors and lawyers) where reasonably necessary
  • Authorities, regulators and courts where we are legally required to do so
  • A buyer or successor in the event of a sale, merger or restructuring of our business

6. International Data Transfers

Your personal data is primarily stored within the UK and European Economic Area (EEA):

  • Our database is hosted by Supabase in Ireland (EU).
  • Resend, Stripe, Apple and Google may process limited data outside the UK/EEA — for example, in the United States.

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards as required by UK GDPR, such as:

  • The UK's adequacy decisions for certain countries;
  • The UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses;
  • The UK-US Data Bridge, where applicable.

If you would like more information about a specific transfer, please contact us.

7. How Long We Keep Your Personal Data

We keep your personal data only for as long as we need it for the purposes set out in this Privacy Policy.

7.1 While Your Account Is Active

We keep your account information and booking history for as long as your account remains active. Loyalty stamps may expire after 12 months of account inactivity, as set out in our Terms and Conditions.

7.2 If You Delete Your Account

You can delete your account at any time from within the App or by emailing necktapers@gmail.com. When you delete your account:

  • Your loyalty stamps and rewards are permanently lost.
  • Your profile information (name, phone number, birth month/year) is deleted from our active systems within a reasonable time.
  • We retain limited transaction and accounting records (such as booking dates, services, amounts charged and Stripe references) for 6 years from the end of the relevant tax year, as required by HMRC.
  • We may also retain limited information where it is necessary for fraud prevention, dispute resolution or to comply with our legal obligations.

7.3 Backups

Personal data may continue to exist in encrypted backups for a short time after deletion, until those backups are routinely overwritten.

8. Your Rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Ask us to delete your data, subject to legal limits (such as our 6-year HMRC retention obligation).
  • Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
  • Right to object: Object to processing based on our legitimate interests.
  • Right to data portability: Receive certain data in a portable, machine-readable format.
  • Right to withdraw consent: Where we rely on consent (for example, push notifications), you can withdraw it at any time.

To exercise any of these rights, email us at necktapers@gmail.com. We may need to verify your identity before responding. We will respond within one month.

You also have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO):

9. How We Keep Your Data Secure

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it. These include:

  • Encrypting data in transit using HTTPS/TLS;
  • Storing data in secure, access-controlled databases hosted by Supabase in the EU;
  • Restricting access to personal data to staff who need it to do their job;
  • Using trusted third-party providers (Stripe, Apple, Google, Resend) for sensitive operations such as payments and authentication;
  • Reviewing our security practices regularly.

No system is 100% secure. If you believe your account or data has been compromised, please contact us immediately at necktapers@gmail.com.

10. Children

The App is not intended for use by children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at necktapers@gmail.com and we will take steps to delete the information.

Bookings for children's haircuts (for example, our "Kids" service for under 10s) should be made by a parent or guardian using their own account.

11. Marketing

We do not currently send marketing emails. The emails we send are transactional only — booking confirmations, reschedules, cancellations and receipts.

If you have opted in to push notifications, we may occasionally send notifications about same-day promotions or offers, alongside booking reminders and operational messages. You can turn push notifications off at any time from your device settings or the App settings.

If we decide to start sending separate marketing communications in future, we will only do so where you have opted in, and you will always be able to opt out.

12. Cookies and Tracking Technologies

The App does not use cookies, third-party advertising identifiers or cross-app tracking. We do not track your activity across other companies' apps and websites for advertising purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document tells you when. If we make material changes, we will give you reasonable notice through the App or by email. Your continued use of the App after the changes take effect means you accept the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy, would like to exercise any of your rights, or have a complaint, please contact us:

  • Email: necktapers@gmail.com
  • Brockley shop: 24–26 Brockley Cross, London SE4 2AA
  • New Cross shop: 262 New Cross Road, London SE14 5PL
  • Registered office: 214 Lower Addiscombe Road, Croydon, CR0 7AB, England

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at https://ico.org.uk.