Data security

Your clients' trust is not negotiable.

Every booking, payment, and message that moves through Chairside carries real people's information. We treat that seriously — with encrypted infrastructure, zero data selling, and access controls that keep every shop's data exactly where it belongs.

Read the Privacy PolicyTerms of Service
How we protect data

Security fundamentals

Encrypted in transit and at rest

All data moving between your device and Chairside is protected by TLS 1.2+. Data stored in our database is encrypted at rest using AES-256. Your clients' information never travels unprotected.

We never store card numbers

Card payments are processed entirely by Stripe, a PCI DSS Level 1 certified provider. Chairside never sees, stores, or logs full card numbers. We hold a Stripe customer reference only — not the card itself.

Principle of least privilege

Barbers can only see clients and bookings at their own shop. Owners see their own shop's data only. No barber can access another shop's records, and no owner can access another shop's clients.

Infrastructure in the United States

All customer data is stored in Supabase (PostgreSQL) on infrastructure hosted in the United States, meeting SOC 2-adjacent standards. We don't route your data through jurisdictions with weaker data protection.

Infrastructure

Trusted partners, limited exposure

Chairside is built on proven infrastructure providers. Each one receives only the data it needs to do its job — nothing more.

Supabase — database & auth

Customer and booking data lives in a managed PostgreSQL database via Supabase. Row-level security policies ensure no query can return data outside the authenticated shop's scope.

Stripe — payments

All card processing goes through Stripe, which holds PCI DSS Level 1 certification — the highest available. Chairside retains only a non-sensitive customer token.

Twilio — SMS messaging

Appointment reminders and account notifications are sent via Twilio. Phone numbers are used only to send messages you've opted into. We do not share phone numbers with any third party for marketing.

Resend — transactional email

Confirmation and account emails are sent through Resend. Email addresses are used only for transactional communication related to your account and bookings.

Our commitments

What we will and won't do with your data

No data selling — ever

Chairside does not sell, rent, or trade your data or your clients' data. We are a subscription software company — your data is not our product.

SMS opt-in data is never shared

Mobile phone numbers and SMS opt-in consent are not shared with third parties or affiliates for marketing or promotional purposes. Period.

Access is scoped by role

Shop owners, barbers, and superadmins each have tightly scoped permissions. No barber can view another shop's data, and no owner can access Chairside's internal admin tools.

Account deletion on request

Email support@haiwaytechnologies.com and we will delete your account and associated personal data within 7 days. Historical booking records at your shop are retained only as required by the barbershop.

Questions or concerns?

Talk to us

If you have a security question, want to report a vulnerability, or want to know specifically how we handle a piece of data, email us at support@haiwaytechnologies.com. We take every report seriously and respond within one business day.

For a full account of what data we collect and why, read the Privacy Policy. For how SMS consent is handled, see the SMS & Text Messaging section.

Ready to bring your shop onto Chairside?

Start free — 30 daysAsk us anything