Lion's Mane Haircut Lounge runs this site and the booking app together with our software provider, Hassan El Koush. We're the people who decide what data is collected and why; the provider runs the technology and follows our instructions. This page tells you plainly what data is collected, what it's used for, and the choices you have.
1. What we collect
When you book, sign up, or use the app, we collect:
- Your name, email, and phone number.
- Your appointment history, service preferences, and any notes you or our staff add about your visits.
- Your role on the platform (customer, barber, receptionist, owner) and the sign-in identifier our authentication provider uses to recognize you.
- An audit log of security-relevant actions: when you sign in, when a booking is cancelled, when staff roles change.
- Product analytics events. Page views and key actions you take in the app — “Book Now”, signup, cancelling a booking, saving settings, editing your profile — stored with your user identifier, IP address, browser user-agent string, a session identifier, and the page URL where the action happened. We use this to understand which parts of the app are useful and where customers run into friction. You can turn this off any time in your profile settings (see section 6).
We don't collect health information, payment-card numbers, government IDs, biometric data, or information about children under 13. The platform isn't designed for those categories.
2. How we use it
- To run your bookings and keep your appointment history.
- To let our barbers and receptionists do their jobs (see your schedule, contact you about an appointment, mark you a no-show or cancellation when applicable).
- To keep the platform secure (rate limits, fraud protection, audit logging of role changes and authentication events).
- To improve the product (the analytics events described in section 1, in aggregate).
3. What we won't do
These are explicit commitments, not aspirations:
- We don't sell your personal data. Ever, to anyone, for any reason.
- We don't use your data for advertising or marketing outside of Lion's Mane communications you have a relationship with.
- We don't use your data to train artificial- intelligence or machine-learning models, our own or anyone else's. This applies to all data described in section 1, including the analytics events. (Per Section 3.4 of our Data Processing Agreement.)
- We don't share your data with anyone outside the providers listed in section 5. No data brokers, no advertising networks, no third-party analytics services beyond our own first-party analytics described above.
4. Where your data lives
Your records are stored on a managed PostgreSQL database (Neon, United States). The booking app is hosted on Fly.io. Sign-in is handled by Auth0. The website is served through Cloudflare. Errors are sent to Sentry for debugging. SMS and email notifications, when we add them, will go through Twilio and Resend respectively. The full list with each provider's role is in Annex A of our Data Processing Agreement.
The analytics events from section 1 live only on our PostgreSQL database. They are not sent to any third-party analytics service.
5. Sub-processors
The current sub-processor list is maintained in Annex A of our Data Processing Agreement. As of April 28, 2026 the list is: Fly.io (hosting), Neon (database), Auth0 (authentication), Twilio (SMS), Resend (email), Sentry (error monitoring), and Cloudflare (web application firewall, edge rate limiting, DNS, and domain registrar). We give Lion's Mane 30 days' notice before adding or replacing any sub-processor that handles your personal data.
6. Your choices
Turning off product analytics
If you don't want your interaction events recorded, sign in, go to your profile, and turn off the “Allow product analytics” toggle. Once you've opted out:
- The app stops sending events from your browser immediately.
- Our server-side ingest endpoint refuses any further events associated with your account.
- Your existing event history stays in our database for the retention period below; you can request deletion at any time (see “Access, correction, deletion”).
You don't need to opt out to use the app. Bookings and account management work the same either way.
Access, correction, deletion, and export
Email support@lionsmane.app to ask for a copy of your data, correct something that's wrong, or delete your account. We'll respond within 30 days.
7. How long we keep it
We keep your booking and contact records for as long as you have an active account, plus a short period after for billing and dispute resolution. Audit logs and analytics events are retained for operational purposes (typically up to 12 months) and then aged out. You can ask for early deletion of your records by emailing the address above.
8. Cookies
We use a small number of essential cookies (sign-in session, security). These can't be turned off without breaking the app. We don't use advertising cookies or third-party tracking cookies. The product-analytics events from section 1 are sent through a first-party request, not a cookie.
9. Children
The platform isn't intended for children under 13, and we don't knowingly collect personal data from them. If you believe a child has provided us with their information, contact us and we'll remove it.
10. Changes to this notice
When we materially change what data is collected, what it's used for, or who has access, we'll update this page and the date at the top, and we'll let active users know via email or an in-app notice when the change is significant.
11. Contact
For privacy questions, data-subject requests, or to opt out: support@lionsmane.app. For everything else about visiting Lion's Mane, see the contact details at the bottom of any page.