Privacy Policy
Last updated: 12 April 2026
This policy describes how personal data is processed when you use websites and services operated under the Kersivo brand for UK barbershops, including marketing pages, demo booking and shop flows, and (where applicable) the barbershop admin experience. It is written in plain language and does not replace legal advice.
Who is responsible for your data?
The data controller for this service is Bartosz Jasinski, operating as a freelancer in Bournemouth, United Kingdom.
References below to “we”, “us” and “our” mean that organisation. For data protection enquiries or to exercise your rights, contact: hello@kersivo.co.uk.
What data we process and why
Depending on how you interact with us, we may process:
- Contact and demo enquiries — name, email address and message content you submit through our contact form. Purpose: responding to your request. Legal basis (UK): legitimate interests.
- Booking data — service, barber, date/time, and your contact details (name and email; phone if you provide it). Purpose: managing appointments, confirmations, reschedule and cancel links, and related emails. Legal basis (UK): performance of a contract.
- Shop orders (buy-and-collect) — email address used at checkout, order contents, payment status as recorded after payment, and related confirmation emails to fulfill your purchase. Card payments are handled securely by Stripe on the barbershop’s own Stripe account; we do not store full card numbers on our servers.
- Admin access — session cookies / tokens for authenticated access to the barbershop admin panel, and operational logs needed for security.
- Content you upload — for example barber or product images where the product allows uploads. Stored so the site and shop can display them.
- Email delivery — we use service providers such as Resend to send transactional emails (for example booking confirmations, order confirmations, and contact form delivery to our inbox), using the addresses involved in each message.
- SMS (optional) — if you subscribe to a plan that includes SMS and we enable it for your shop, we may process mobile numbers and message metadata needed to send reminders or similar messages through a third-party processor, only where that feature is enabled.
Recipients and processors
We use professional service providers to run the business, including:
- Vercel — hosting and application;
- Supabase / PostgreSQL — database;
- Resend — email delivery;
- Stripe — payments (on the barber’s account where applicable);
- an additional SMS processor, only where SMS is enabled for a shop.
We do not sell your personal data. We may share data with processors strictly to provide the service, under appropriate agreements where required by law.
International transfers
Data may be processed by providers outside the UK (for example in the United States). Where that happens, we ensure these providers use approved safeguard mechanisms, such as Standard Contractual Clauses (SCCs), as required by UK data protection law.
How long we keep data
We keep personal data only as long as necessary to provide our services and to meet legal, accounting, tax and security requirements. Retention depends on the type of data and your relationship with us; financial and related records are typically kept for up to 6 years where required for tax or legal obligations.
Your rights (UK)
Under UK GDPR and the Data Protection Act 2018, you may have the right to:
- request access to your personal data;
- ask us to correct inaccurate data;
- ask us to erase data in certain circumstances;
- restrict or object to processing in certain circumstances;
- data portability where applicable;
- withdraw consent where processing is based on consent.
To exercise these rights, email hello@kersivo.co.uk. You may also complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk/.
Cookies and similar technologies
We do not use third-party tracking or advertising cookies. We only use essential session tokens for the admin panel and system functionality (for example login and secure requests).
Security
We apply appropriate technical and organisational measures appropriate to the nature of the service, including access controls for admin areas and encrypted connections (HTTPS) for site traffic. No online service can be guaranteed 100% secure.
Changes to this policy
We may update this policy from time to time. The “Last updated” date will change when we do. We will notify active clients of any material changes via email.