Skip to main content
Book Now

Privacy Policy

Privacy Policy

Effective May 25, 2026

This Privacy Policy describes how Jones's Barbershop ("we," "us," "our") collects, uses, and shares information when you visit jonesbarbershopsd.com (the "Site"), book an appointment, or otherwise interact with our services. We do not sell your personal information, and we use it only to deliver what you have asked for.

1. Information we collect

When you book an appointment

  • Name (first and last)
  • Phone number
  • Email address
  • Optional comments for the barber
  • Your chosen reminder timing
  • Marketing-consent flags (whether you opted in to promotional messages)
  • Appointment details (service, barber, date, time)

Automatically when you visit the Site

  • IP address (held briefly for rate limiting and abuse prevention)
  • Browser and device information
  • Pages visited and actions taken (if analytics is enabled)
  • Cookies — see Section 4

From third parties

We do not buy customer data, except: when we migrated from our previous booking system (Schedulista) in May 2026, we imported the customer records you had already provided to that platform — name, phone, email, and prior appointment history. If you object to this, contact us and we will delete your record.

2. How we use information

  • Bookings. Manage your appointments, send confirmations and reminders, and coordinate with your barber.
  • Service messages. Send transactional SMS and email related to your booking — confirmation, reminder, cancellation, reschedule, post-appointment review request. These are operational; you cannot opt out of them while you have active bookings.
  • Marketing messages. If you opted in, send occasional promotions or come-back-soon nudges. Opt out anytime — reply STOP to any SMS, or use the unsubscribe link in any marketing email.
  • Fraud prevention. Block users from booking online after repeat no-shows. You'll see a friendly "call the shop" message rather than a confirmed booking.
  • Improving the Site. Aggregated, non-targeted analytics.

3. Service providers we share information with

Running this Site requires sharing information with the vendors below, each acting as our processor. They use your data only to provide their service to us. None of them resell your data.

We do not sell or rent your personal information to anyone.

4. Cookies

  • jbs_id (functional, 90 days, first-party) — remembers you on the device you booked from so the booking form pre-fills on return. Cleared if you clear cookies.
  • Supabase auth cookies — set only when admin staff sign in; never set for public visitors.
  • Cloudflare Turnstile cookies — set briefly during the bot-check on the booking and contact forms.
  • Google Analytics cookies (optional) — when analytics is enabled; controlled by your browser cookie settings.

5. SMS specifics

  • We send SMS only to phone numbers you provided to us via the booking form (or that you had already given to our prior booking system before migration).
  • Reply STOP to opt out of all SMS (you'll be moved to email-only). Reply HELP for assistance. Standard message and data rates apply per your carrier.
  • Message frequency varies — typically 2–4 messages per appointment (confirmation, reminders, post-appointment review request) plus the occasional marketing nudge if you opted in.

6. Email specifics

  • Every marketing email contains an unsubscribe link.
  • Transactional emails (booking confirmation, reminders, cancellation) cannot be opted out of while you have active bookings — they stop the moment your last appointment passes.

7. Your privacy rights (California residents — CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we hold about you and how we use it
  • Request a copy of your personal information
  • Delete your personal information, subject to limits (for example, we may need to keep some appointment history for tax records)
  • Correct inaccurate personal information
  • Opt out of any "sale" or "sharing" of your data — we do not sell or share for cross-context behavioral advertising, but the right exists
  • Non-discrimination — we will not refuse service, charge you more, or give you a worse experience for exercising any of these rights

To exercise any of these rights, email info@jonesbarbershopsd.com from the email address on file, or call (619) 500-9396. We will verify your identity and respond within 45 days.

8. Children's data

The Site and booking system are not directed to anyone under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, contact us and we will delete it.

9. Data retention

  • Active customer records — retained as long as you remain an active customer.
  • Appointment history — retained indefinitely (used for the "X visits with us" insight and for tax records).
  • Message logs — body text retained for up to 1 year; older messages may have their body pruned with metadata kept.
  • Rate-limit logs — held in memory only, no persistent storage.

If you ask us to delete your data (Section 7), we will, except for records we are legally required to keep.

10. Security

We use HTTPS everywhere, hashed tokens for booking links, encryption at rest in Supabase, signature-validated webhooks from Twilio, and rate limiting on public endpoints. No system is perfectly secure — if you suspect your account has been compromised, contact us immediately.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced at the top of this page with a new "Effective" date. Continued use of the Site after a change constitutes acceptance.

12. Contact us

This Privacy Policy was prepared as a good-faith starting point and has not been reviewed by legal counsel. We recommend consulting an attorney before relying on it for compliance.