Privacy Policy
Last updated: 18 June 2026
This Privacy Policy explains how Tryst (“we”, “us”, “our”) collects, uses, and protects your personal data when you use trystplatform.com. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Tryst is the data controller for personal data collected through the Platform. You can contact us at: hello@trystplatform.com.
Where Tryst processes personal data on behalf of a Salon Owner (for example, a client’s booking details held within a salon’s account), the Salon Owner is the data controller and Tryst acts as a data processor. For queries about how a specific salon handles your data, please contact that salon directly.
2. Data We Collect
Salon Owners and Staff
- Name and email address (account registration)
- Business name, address, phone number, and website
- Payment information (processed by Stripe — we do not store card details)
- Subscription and billing history
- Uploaded content such as logos and branding assets
- Usage data: pages visited, features used, login times
Clients (people making bookings)
- Name, email address, and phone number
- Appointment history and service preferences
- Payment information for deposits and no-show fees (processed by Stripe)
- Marketing consent preferences
- Communications sent via the Platform (booking confirmations, reminders)
All visitors
- IP address and browser/device information
- Pages visited and referring URLs
3. Why We Process Your Data and Our Legal Basis
| Purpose | Legal basis |
|---|---|
| Providing the booking and salon management service | Contract performance |
| Processing payments and deposits | Contract performance |
| Sending booking confirmations, reminders, and receipts | Contract performance |
| Preventing fraud and ensuring platform security | Legitimate interest |
| Improving the Platform and fixing bugs | Legitimate interest |
| Sending marketing emails to Salon Owners | Legitimate interest (opt-out available) |
| Sending marketing emails to Clients | Consent (explicit opt-in at booking) |
| Complying with legal obligations (e.g. VAT records) | Legal obligation |
4. Client Data and Salon Owners
When a Client makes a booking through a salon’s page on Tryst, their personal data is collected by both Tryst (as platform operator) and by the Salon Owner (as the business providing the service). The Salon Owner is an independent data controller for that data.
Client contact data imported by Salon Owners from other booking platforms is processed under the Salon Owner’s data controller responsibility. Clients imported from another system are not contacted for marketing purposes by Tryst without their explicit consent.
5. How We Share Your Data
We share personal data only where necessary:
- Stripe — payment processing. Stripe is an independent data controller for payments; see stripe.com/privacy.
- Resend — transactional email delivery (booking confirmations, reminders). Resend processes email addresses as a data processor on our behalf.
- Vercel — Platform hosting and infrastructure. Vercel processes data as a data processor on our behalf.
- Neon — database hosting. Data is encrypted at rest and in transit.
We do not sell personal data. We do not share personal data with third parties for advertising purposes.
6. Data Retention
- Salon Owner account data
- Retained for the duration of your subscription, plus 30 days after account closure to allow data export, then deleted unless we are required by law to retain it (e.g. financial records — 7 years under UK HMRC requirements).
- Client booking records
- Retained for as long as the Salon Owner account is active, then deleted with the account. Clients may request deletion of their own data separately (see Section 7).
- Payment records
- Retained for 7 years to comply with financial regulations.
- Marketing consent records
- Retained for 3 years from the date of last interaction, or until consent is withdrawn.
7. Your Rights
Under UK GDPR you have the following rights regarding your personal data:
- Right of access
- Request a copy of the personal data we hold about you.
- Right to rectification
- Ask us to correct inaccurate or incomplete data.
- Right to erasure
- Ask us to delete your data where we no longer have a lawful basis to hold it. Note that some data (e.g. payment records) must be retained to comply with legal obligations.
- Right to data portability
- Receive your data in a structured, machine-readable format (CSV) where processing is based on consent or contract.
- Right to object
- Object to processing based on legitimate interest, including marketing. You can unsubscribe from marketing emails at any time using the unsubscribe link in any email.
- Right to restrict processing
- Ask us to pause processing while a dispute about accuracy or lawfulness is resolved.
To exercise any of these rights, email hello@trystplatform.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
8. Cookies
The Platform uses the following cookies:
- Session cookies
- Used to keep you signed in. These are essential for the Platform to function and expire when you close your browser or after 30 days of inactivity.
- Analytics
- We may use privacy-respecting analytics to understand how the Platform is used. Where analytics involves tracking, we will request your consent.
The marketing site at trystplatform.com may use cookies for analytics. You can manage cookie preferences through your browser settings.
9. Security
We use industry-standard security measures including TLS encryption in transit, encrypted database storage, access controls, and regular backups. Payment card data is never stored by Tryst — it is handled exclusively by Stripe.
No system is completely secure. If you become aware of a security issue, please contact us immediately at hello@trystplatform.com.
10. International Transfers
Tryst is based in the UK. Some of our third-party providers (including Stripe, Vercel, and Resend) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) to protect your data to the same standard as required under UK GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The “Last updated” date at the top of this page reflects the most recent revision.
12. Contact Us
For any privacy-related questions, data subject requests, or to request a Data Processing Agreement, please contact: hello@trystplatform.com