Privacy Policy

Last updated: 16 June 2026

ColourKey ("we", "us", "our") operates the ColourKey mobile application (iOS and Android) and website at colourkey.uk. This policy explains what personal data we collect, why we collect it, and how we protect it.

1. Who this policy applies to

This policy covers:

2. Data we collect

DataWho it's fromWhy we collect it
Name & salon name Stylist (at sign-up) Account identity; displayed on client-facing consultation pages
Email address Stylist (at sign-up) Account authentication, transactional emails, password reset
Password Stylist (at sign-up) Stored as a bcrypt hash by Supabase Auth — we never see plaintext passwords
Hair photos Stylist or client Sent to Google Gemini for AI vision analysis. May be stored in client records if the stylist chooses to save them
Client records Stylist Client name, email, colour formula, patch test result, before/after photos, consultation answers, notes
Consultation data Client (via consultation form) Hair history, allergies, desired result, maintenance preference — used to generate the stylist's formula
Subscription & purchase history Stylist Managed by Stripe. We store only a subscription status flag and Stripe customer ID — never card details
Square appointment data Stylist (via optional Square integration) Used to match upcoming appointments to client records and trigger consultation emails
Usage data All users Feature usage counts for subscription limit enforcement and product improvement

3. How we use your data

4. Third-party services

5. Client data and your responsibilities as a stylist

When you save a client's name, photos, or consultation answers, you are acting as a data controller for that client's personal data under UK GDPR. You are responsible for:

ColourKey acts as a data processor on your behalf. We do not use your clients' data for any purpose other than providing the ColourKey service to you.

6. Automated rebooking emails

If you save a client's email address in their record, ColourKey may send them an automated rebooking reminder when their colour is due for a refresh, using the maintenance preference they set in their consultation. These emails are sent from hello@colourkey.uk and include an unsubscribe option.

7. Data storage and security

8. Data retention

9. Your rights (UK GDPR)

You have the right to:

To exercise any of these rights, email us at hello@colourkey.uk. We will respond within 30 days.

10. Children

ColourKey is a professional tool intended for qualified hairdressers and beauty professionals. It is not directed at children under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy as the service evolves. We will notify you of material changes by email or in-app notification at least 14 days before they take effect. The latest version is always available at colourkey.uk/privacy-policy.

12. Contact

ColourKey
Email: hello@colourkey.uk
Website: colourkey.uk