MosheeClaim your stage →

Legal

Privacy Policy

Effective date: 28 May 2026 · Version 1.0

The Short Version

  • We collect the minimum we need to run the service.
  • We never sell your data to anyone, ever.
  • Your clients' data is yours — we store it on your behalf.
  • You can export or delete everything at any time.
  • We use a small number of trusted third-party services (Firebase, Stripe) — that's it.

The full policy below explains the legal detail. If something isn't clear, email us at hello@moshee.net and we'll explain it in plain English.

Contents

  1. 1. Our Approach
  2. 2. Who We Are
  3. 3. What We Collect
  4. 4. Why We Collect It
  5. 5. Your Clients' Data
  6. 6. Who We Share With
  7. 7. How Long We Keep It
  8. 8. Your Rights
  9. 9. Cookies
  10. 10. Children
  11. 11. Changes to This Policy
  12. 12. Contact & Complaints

1. Our Approach

Moshee is built for stylists who are done handing over their business to platforms that profit from them. We apply the same principle to data. Your data and your clients' data are not a product. We collect what we need, protect it properly, and give you full control over it.

This policy explains what we collect, why, who we share it with, and what your rights are under UK GDPR and the Data Protection Act 2018.

2. Who We Are

Moshee Ltd is the data controller for personal data collected when you use Moshee. We are registered in England and Wales. Our ICO registration number will be published here upon confirmation.

You can contact us at hello@moshee.net.

3. What We Collect

Account & Business Information

When you create an account, we collect:

Your nameSo clients and your team know who they're dealing with
Salon / business nameTo personalise your booking page and dashboard
Email addressFor authentication (we use magic links — no passwords)
Phone numberOptional — used for account recovery and team communication

Booking & Calendar Data

To run your calendar and booking system, we store appointments, working hours, service lists, and team member schedules. This is the core of the product — without it, Moshee doesn't work.

Usage Data

We collect basic analytics about how Moshee is used — page views, feature interactions, error events. This data is aggregated and used to improve the product. It is not linked to individual clients.

Payment Information

Moshee does not store card numbers or sensitive payment credentials. Payments are processed by our third-party payment provider (Stripe). When you or your clients pay through Moshee Pay, Stripe's own Privacy Policy applies to that transaction. We receive only a confirmation and a transaction reference.

Communications

If you contact us by email, we keep a record of that communication in order to respond and resolve any issues. We don't add you to any marketing list without your explicit consent.

4. Why We Collect It

Under UK GDPR, we must have a lawful basis for processing personal data. Here is ours:

Providing the servicePerformance of contract — we cannot run your booking system without this data
Processing paymentsPerformance of contract — necessary to collect payment on your behalf
Improving the productLegitimate interests — we analyse usage patterns to make Moshee better
Legal complianceLegal obligation — financial records must be retained for 7 years (HMRC)
Security & fraud preventionLegitimate interests — we monitor for unusual account activity

5. Your Clients' Data

When your clients book or pay through Moshee, their personal data — name, phone number, appointment history, patch test records, notes — is stored on Moshee's systems.

In data protection terms, you are the data controller and Moshee is the data processor. That means you are responsible for:

  • Having a lawful basis to collect and store your clients' data
  • Informing your clients that their data is held in Moshee on your behalf
  • Responding to any client requests to access, correct, or delete their data

In practice, most salons rely on the “legitimate interests” or “performance of contract” lawful basis for retaining client records. A Data Processing Agreement (DPA) is available on request.

We will never use your clients' data for any purpose other than running your account. We do not contact your clients directly, profile them, or share their data with anyone else.

6. Who We Share With

We use a small number of trusted third parties to operate Moshee:

Firebase / GoogleAuthentication, database (Firestore), and file storage. Data may be processed in the EU or US under Google's Standard Contractual Clauses.
StripePayment processing for Moshee Pay V1. Card data never touches our servers. Stripe is PCI-DSS certified.
Open Banking providerUsed only for Moshee Pay V2, if you opt in. Provider and data flows disclosed before activation.

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models. Beyond the services listed above, we do not share your data with any third party except when required by law (for example, in response to a valid court order).

International Transfers

Google (Firebase) may process your data outside the UK. Where this happens, it is covered by Google's Standard Contractual Clauses, which provide an equivalent level of protection to UK GDPR. You can find details in Google's Cloud Data Processing Addendum.

Business Sale or Transfer

If Moshee is acquired by or merged with another business, your data may be transferred to that business. We will notify you at least 30 days before any such transfer and you will have the option to delete your account and data before it takes place.

7. How Long We Keep It

Account & business dataRetained while your account is active, plus 30 days after closure
Client recordsRetained while your account is active, deleted 30 days after account closure
Appointment historyRetained while your account is active, deleted 30 days after account closure
Payment records7 years, as required by HMRC
Email correspondence3 years, then deleted
Usage analyticsAggregated data retained indefinitely; individual event data deleted after 12 months

You can request deletion of your account and data at any time. See Section 8 for your rights.

8. Your Rights

Under UK GDPR, you have the following rights:

Access
You can request a copy of all personal data we hold about you.
Rectification
You can ask us to correct inaccurate or incomplete data.
Erasure
You can ask us to delete your personal data. We will do so within 30 days, except where we are legally required to retain it (e.g. payment records).
Portability
You can request your data in a machine-readable format. Client records and appointment history can also be exported directly from the Moshee dashboard.
Restriction
You can ask us to pause processing your data while a dispute is resolved.
Objection
You can object to processing based on legitimate interests. We will stop unless we have compelling grounds.
Automated decisions
We do not make any automated decisions that significantly affect you.

To exercise any of these rights, email hello@moshee.net. We will respond within one calendar month. There is no charge for reasonable requests.

9. Cookies

Moshee uses a minimal set of cookies, strictly for the operation of the service:

Authentication tokenKeeps you signed in between sessions. Expires when you sign out.
Session preferenceRemembers your last-used device for magic link sign-in.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You cannot opt out of the authentication cookie — it is required for the service to function.

10. Children

Moshee is intended for use by businesses and is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has created an account, please contact us at hello@moshee.net and we will delete the account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes to how we collect or use your data, we will notify you by email and display a prominent notice in the app at least 30 days before the changes take effect.

For minor changes (corrections, clarifications), we will update the effective date at the top of this page. We recommend reviewing this policy periodically.

12. Contact & Complaints

For any privacy question, data request, or concern, please contact us:

Moshee Ltd — Privacy

Email: hello@moshee.net

Response time: within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

ico.org.uk · 0303 123 1113