Privacy Policy
Effective date: June 10, 2026
1. Who We Are
Scalp Boss is a booking, scheduling, and client management platform operated by Strykon LLC ("Strykon," "we," "us," or "our"). Scalp Boss is a product of Strykon LLC. This Privacy Policy explains how we collect, use, share, and protect information when you use the Scalp Boss platform.
2. What Data We Collect
Account information. When Tenants (business owners) sign up, we collect name, email address, business name, phone number, and business address.
Booking information. When End Users (customers) book an appointment, we collect name, email address, phone number (optional), and the details of the appointment.
Payment information. Payment card details are collected and processed by Stripe. We do not store credit card numbers on our servers. We may receive transaction metadata (amount, date, status) from Stripe for record-keeping.
Booking history. We maintain records of past and upcoming appointments for both Tenants and End Users.
Usage data. We collect standard web analytics data including pages visited, browser type, device type, IP address, and referring URLs.
Attribution data. We collect UTM parameters and referrer information from booking page URLs to help Tenants understand where their bookings come from.
3. How We Use Your Data
Service delivery. To process bookings, send confirmation emails, and provide the core Platform functionality.
Notifications. To send appointment confirmations, reminders, and important account updates.
Analytics. To help Tenants understand their booking patterns, client demographics, and marketing attribution.
Platform improvement. To understand how the Platform is used and improve our features and user experience.
4. How We Share Your Data
Stripe. Payment information is shared with Stripe for payment processing. Stripe's use of your data is governed by their own privacy policy.
Email providers. We use third-party email services to send transactional emails (confirmations, reminders). Only the information necessary to deliver the email is shared.
Text-messaging providers. When text messaging is enabled for a Tenant, we share the mobile number and message content needed to deliver the SMS with our telecommunications provider (Telnyx). We do not share mobile opt-in or consent information with any third party for its own marketing. See “Text Messaging (SMS)” below.
Tenant access. Tenants can view booking and contact information for End Users who book through their business. This is necessary for service delivery.
We do not sell your personal data. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. Cookies and Tracking
We use cookies and similar technologies in three categories:
Strictly necessary. Required to run the Platform — authentication, session management, security, and the booking and payment flow. These are always active and cannot be switched off.
Analytics. First-party measurement (such as Google Analytics) that helps us understand how the Platform is used. We keep analytics active by default to maintain accurate, aggregate usage data, except in regions where the law requires prior consent, where it is disabled until you opt in.
Marketing. Third-party advertising cookies used for cross-context behavioral advertising. These are governed by Google Consent Mode and are turned off whenever you opt out, decline non-essential cookies, or send a recognized opt-out signal such as Global Privacy Control (see Section 8).
You can change your choices at any time using the "Cookie preferences" link in our site footer, or the "Do Not Sell or Share My Personal Information" link described in Section 8. Your preference is stored on your device and honored on future visits.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Platform's services. Appointment and booking records are retained for the Tenant's business records. You may request deletion of your data at any time (see Your Rights below).
7. Your Rights
Access. You may request a copy of the personal data we hold about you.
Correction. You may request that we correct inaccurate or incomplete data.
Deletion. You may request that we delete your personal data, subject to legal retention requirements.
To exercise any of these rights, contact us at go@strykon.io.
8. California Privacy Rights
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the "sale" or "sharing" of your personal information. We do not sell your personal information for money. However, the third-party advertising cookies described in Section 5 may constitute "sharing" for cross-context behavioral advertising under the CPRA.
You can opt out of this sharing using either of two methods: (1) the "Do Not Sell or Share My Personal Information" link in our site footer, which immediately disables advertising cookies on your device; or (2) a browser-level opt-out preference signal such as the Global Privacy Control (GPC), which we detect automatically and honor as a valid opt-out request. Opting out does not affect strictly necessary or first-party analytics cookies.
9. International Users (GDPR)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and the right to object to processing. Our legal basis for processing is either your consent, the performance of a contract, or our legitimate business interests. Contact us to exercise these rights.
10. Children's Privacy
Scalp Boss is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.
11. Data Security
We use industry-standard security measures to protect your data, including encryption in transit (HTTPS), secure authentication, and row-level security on our database. No system is perfectly secure, and we cannot guarantee the absolute security of your data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify Tenants via email or through the Platform. The effective date at the top of this page indicates when it was last revised.
13. Text Messaging (SMS)
Scalp Boss lets each Tenant (the business you book with — for example, a head spa) send appointment-related and, where separately authorized, promotional text messages to its own clients. When you receive a text sent through Scalp Boss, it comes from the Tenant business you booked with; Strykon operates the messaging on that business's behalf as its technology provider.
How consent works. We send transactional texts (such as booking confirmations and appointment reminders) only to people who have given their mobile number and opted in to receive them. Promotional or marketing texts are sent only to people who have given separate, express written consent for marketing messages. Consent to receive text messages is never a condition of booking or purchasing any service. We keep timestamped records of opt-in.
Frequency and rates.Message frequency varies based on your appointments and the Tenant's program. Message and data rates may apply.
Opt out and help. You can opt out at any time by replying STOP to any message; you will receive one confirmation and no further messages from that program. Reply HELP for help, or contact the Tenant business directly. Opting out of marketing messages does not by itself stop transactional messages you have separately requested.
Your mobile information is not shared. We do not sell, rent, or share mobile phone numbers or text-messaging opt-in or consent information with third parties or affiliates for their own marketing purposes. We share this information only with the providers that help us deliver the messages you have requested (for example, our telecommunications provider, Telnyx), and only as needed to send those messages.
14. Contact
Questions about this Privacy Policy? Reach us at go@strykon.io.