Your clients' trust is not negotiable.
Every booking, payment, and message that moves through Chairside carries real people's information. We treat that seriously — with encrypted infrastructure, zero data selling, and access controls that keep every shop's data exactly where it belongs.
Security fundamentals
Encrypted in transit and at rest
All data moving between your device and Chairside is protected by TLS 1.2+. Data stored in our database is encrypted at rest using AES-256. Your clients' information never travels unprotected.
We never store card numbers
Card payments are processed entirely by Stripe, a PCI DSS Level 1 certified provider. Chairside never sees, stores, or logs full card numbers. We hold a Stripe customer reference only — not the card itself.
Principle of least privilege
Barbers can only see clients and bookings at their own shop. Owners see their own shop's data only. No barber can access another shop's records, and no owner can access another shop's clients.
Infrastructure in the United States
All customer data is stored in Supabase (PostgreSQL) on infrastructure hosted in the United States, meeting SOC 2-adjacent standards. We don't route your data through jurisdictions with weaker data protection.
Trusted partners, limited exposure
Chairside is built on proven infrastructure providers. Each one receives only the data it needs to do its job — nothing more.
Supabase — database & auth
Customer and booking data lives in a managed PostgreSQL database via Supabase. Row-level security policies ensure no query can return data outside the authenticated shop's scope.
Stripe — payments
All card processing goes through Stripe, which holds PCI DSS Level 1 certification — the highest available. Chairside retains only a non-sensitive customer token.
Twilio — SMS messaging
Appointment reminders and account notifications are sent via Twilio. Phone numbers are used only to send messages you've opted into. We do not share phone numbers with any third party for marketing.
Resend — transactional email
Confirmation and account emails are sent through Resend. Email addresses are used only for transactional communication related to your account and bookings.
What we will and won't do with your data
No data selling — ever
Chairside does not sell, rent, or trade your data or your clients' data. We are a subscription software company — your data is not our product.
SMS opt-in data is never shared
Mobile phone numbers and SMS opt-in consent are not shared with third parties or affiliates for marketing or promotional purposes. Period.
Access is scoped by role
Shop owners, barbers, and superadmins each have tightly scoped permissions. No barber can view another shop's data, and no owner can access Chairside's internal admin tools.
Account deletion on request
Email support@haiwaytechnologies.com and we will delete your account and associated personal data within 7 days. Historical booking records at your shop are retained only as required by the barbershop.
Talk to us
If you have a security question, want to report a vulnerability, or want to know specifically how we handle a piece of data, email us at support@haiwaytechnologies.com. We take every report seriously and respond within one business day.
For a full account of what data we collect and why, read the Privacy Policy. For how SMS consent is handled, see the SMS & Text Messaging section.