Privacy Policy
Effective date: April 12, 2026
1. Who We Are
Scalp Boss is a booking, scheduling, and client management platform operated by Strykon ("we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect information when you use the Scalp Boss platform.
2. What Data We Collect
Account information. When Tenants (business owners) sign up, we collect name, email address, business name, phone number, and business address.
Booking information. When End Users (customers) book an appointment, we collect name, email address, phone number (optional), and the details of the appointment.
Payment information. Payment card details are collected and processed by Stripe. We do not store credit card numbers on our servers. We may receive transaction metadata (amount, date, status) from Stripe for record-keeping.
Booking history. We maintain records of past and upcoming appointments for both Tenants and End Users.
Usage data. We collect standard web analytics data including pages visited, browser type, device type, IP address, and referring URLs.
Attribution data. We collect UTM parameters and referrer information from booking page URLs to help Tenants understand where their bookings come from.
3. How We Use Your Data
Service delivery. To process bookings, send confirmation emails, and provide the core Platform functionality.
Notifications. To send appointment confirmations, reminders, and important account updates.
Analytics. To help Tenants understand their booking patterns, client demographics, and marketing attribution.
Platform improvement. To understand how the Platform is used and improve our features and user experience.
4. How We Share Your Data
Stripe. Payment information is shared with Stripe for payment processing. Stripe's use of your data is governed by their own privacy policy.
Email providers. We use third-party email services to send transactional emails (confirmations, reminders). Only the information necessary to deliver the email is shared.
Tenant access. Tenants can view booking and contact information for End Users who book through their business. This is necessary for service delivery.
We do not sell your personal data. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. Cookies and Tracking
The Platform uses essential cookies for authentication and session management. We may use analytics tools to understand Platform usage. We do not use third-party advertising cookies.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Platform's services. Appointment and booking records are retained for the Tenant's business records. You may request deletion of your data at any time (see Your Rights below).
7. Your Rights
Access. You may request a copy of the personal data we hold about you.
Correction. You may request that we correct inaccurate or incomplete data.
Deletion. You may request that we delete your personal data, subject to legal retention requirements.
To exercise any of these rights, contact us at go@strykon.io.
8. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. As stated above, we do not sell personal information.
9. International Users (GDPR)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and the right to object to processing. Our legal basis for processing is either your consent, the performance of a contract, or our legitimate business interests. Contact us to exercise these rights.
10. Children's Privacy
Scalp Boss is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.
11. Data Security
We use industry-standard security measures to protect your data, including encryption in transit (HTTPS), secure authentication, and row-level security on our database. No system is perfectly secure, and we cannot guarantee the absolute security of your data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify Tenants via email or through the Platform. The effective date at the top of this page indicates when it was last revised.
13. Contact
Questions about this Privacy Policy? Reach us at go@strykon.io.