Privacy Policy

Cutly is a trading name of F&F Ventures, operating in the United Kingdom. We are the data controller for personal data collected through the Cutly platform.

If you have any questions about this Privacy Policy or how we handle your personal data, contact us at: hello@cut-ly.life

This policy applies to:

• Shop owners and barbers who create Cutly accounts ("Users")
• Clients who book appointments through a Cutly-powered booking page ("Clients")
• Visitors to cut-ly.life ("Visitors")

From shop owners and barbers (Users):

• Name and email address (at signup)
• Shop name, address, phone number (during onboarding)
• Payment information (processed by Stripe — we do not store card details)
• Usage data: pages visited, features used, session duration
• Technical data: IP address, browser type, device type

From clients booking appointments:

• Full name
• Email address
• Phone number
• Appointment details (date, time, service, barber)
• Any notes provided during booking

From website visitors:

• Anonymous usage and analytics data
• IP address and general location (country/region)
• Browser and device information

For Users (shop owners and barbers):

• To create and manage your account
• To process your subscription payments via Stripe
• To provide customer support
• To send service-related emails (account confirmation, billing receipts, important updates)
• To improve the Cutly platform based on usage patterns
• To contact you about your account where necessary

For Clients (people booking appointments):

• To create and confirm your booking
• To send appointment reminders (where enabled by the shop)
• To allow the shop owner to manage their appointments

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use client booking data for any purpose other than providing the booking service.

We process personal data on the following legal bases:

• Contract: Processing necessary to provide the service you have signed up for (account management, booking creation, billing)
• Legitimate interests: Analytics and platform improvement, fraud prevention, and security monitoring — where these do not override your rights
• Legal obligation: Retaining billing records as required by HMRC and UK law
• Consent: Where we send optional marketing communications (you can withdraw consent at any time)

We share data with the following trusted third-party service providers:

• Stripe — payment processing. Stripe is PCI-DSS compliant. Stripe Privacy Policy
• Supabase — database and authentication hosting (EU region servers). Supabase Privacy Policy
• Cloudflare — infrastructure, CDN, and edge computing. Cloudflare Privacy Policy
• Resend / Twilio (where enabled) — email and SMS reminder delivery

All third-party processors are contractually required to handle data securely and only for the purposes we specify. We do not transfer personal data outside the UK/EEA without appropriate safeguards in place.

We may disclose personal data if required to do so by law, court order, or regulatory authority.

• Active accounts: Data is retained for as long as your account is active
• Cancelled accounts: Account and booking data is retained for 30 days after cancellation, then permanently deleted
• Billing records: Retained for 7 years as required by HMRC
• Client booking data: Retained for the duration of the shop's subscription, then deleted when the shop account is deleted
• Analytics data: Aggregated, anonymised data may be retained indefinitely

You have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you
• Right to rectification: Ask us to correct inaccurate data
• Right to erasure: Ask us to delete your data ("right to be forgotten")
• Right to restriction: Ask us to limit how we use your data
• Right to portability: Request your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email hello@cut-ly.life. We will respond within 30 days. We may ask you to verify your identity before processing your request.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Cutly uses essential cookies only — cookies required for the service to function, including authentication session cookies.

We do not currently use advertising, tracking, or third-party analytics cookies. If this changes, we will update this policy and, where required by law, seek your consent.

You can control cookies through your browser settings, but disabling essential cookies may prevent the service from working correctly.

We take the security of your data seriously. Our measures include:

• All data transmitted over HTTPS/TLS encryption
• Row-Level Security (RLS) on our database — each shop can only access their own data
• Passwords hashed using industry-standard algorithms (managed by Supabase Auth)
• Payment data handled entirely by Stripe — we never see or store card numbers
• Regular security reviews of our codebase and infrastructure

No system is 100% secure. In the unlikely event of a data breach that affects your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware, as required by UK GDPR.

Cutly is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 14 days before they take effect. The current version is always available at cut-ly.life/privacy.