Privacy Policy

Wynkie (“Wynkie,” “we,” “our,” or “us”) operates wynkie.com and any associated mobile applications — an all-in-one business platform for independent beauty professionals. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

This policy covers two groups of people:

• Beauty professionals (“Stylists”) — individuals who create a Wynkie account to manage their business.
• Clients — individuals who book appointments through a stylist’s Wynkie booking page. Clients do not create Wynkie accounts.

By using Wynkie, you agree to this Privacy Policy. If you do not agree, please do not use our services.

We do not sell your personal information. We do not share it with advertisers or data brokers. We share data only with the service providers necessary to operate Wynkie:

Legal requirements: We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Wynkie, our users, or the public.

Business transfers: If Wynkie is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Referral Program participants:If you sign up for Wynkie through another stylist’s referral link, your first name, last initial, and current Wynkie subscription tier (Essentials, Plus, or Pro) will be visible to that stylist on their referrals dashboard for the purpose of calculating their referral commission. No other personal information, client data, business details, payment information, or contact information is shared with your referrer. Full Program terms are at Terms of Service Section 3f.

Wynkie includes an optional AI feature that extracts appointment details from text messages. Here is exactly how it works:

1. A stylist copies and pastes a client’s text message into the New Appointment form.
2. The text is sent to Google Gemini (an AI model operated by Google) with a prompt asking it to identify the client’s name, phone number, requested service, preferred date, and time.
3. Google Gemini returns the extracted information, which auto-fills the appointment form.
4. The stylist reviews and confirms the extracted information before saving.

What this means for privacy:The text message you paste — which may contain a client’s personal information — is transmitted to Google’s servers for processing. This feature is completely optional. Stylists who prefer not to use it can fill out the appointment form manually at any time. We recommend not pasting messages that contain sensitive health information, financial details, or any content beyond basic booking requests.

Wynkie also uses Google Gemini for the AI service menu import feature. When a stylist pastes or uploads their service menu text, it is sent to Google Gemini to extract service names, descriptions, durations, and prices. The same privacy considerations apply — this feature is optional and stylists can enter their menu manually at any time.

Wynkie uses Stripe to process all online card payments. This means:

• Card numbers, expiration dates, and CVV codes are entered directly into Stripe’s secure form — they never pass through Wynkie’s servers.
• Wynkie stores only: payment amounts, tips, transaction status, and a Stripe transaction reference ID.
• Stripe is PCI DSS Level 1 certified, meaning it meets the strictest payment security standards.
• Apple Pay and Google Pay transactions are processed through the same Stripe infrastructure.

Stylist earnings data (appointment revenue, tips, payment methods, and transaction history) is stored in Wynkie’s database and displayed in your Earnings dashboard. This data is private — only you can see your own earnings. Wynkie does not share individual stylist earnings data with third parties except as required by law.

When you book an appointment through a stylist’s Wynkie page, you may optionally consent to receive automated appointment, payment, and occasional marketing text messages from Wynkie. Consent is not a condition of booking — checking the SMS opt-in box is entirely optional.

If you opt in, you will receive automated text messages from Wynkie, including 24-hour appointment reminders, cancellation notices, reschedule confirmations, and occasional marketing messages from Wynkie on behalf of your provider (Pro accounts only). Booking confirmations, payment receipts, refund notices, and rebooking prompts are sent by email only — not by text. Message frequency varies (typically 1–2 messages per appointment for transactional messages; marketing messages are capped at 3 per month per client). Standard message and data rates may apply.

SMS messages are sent by Wynkie and delivered through Twilio over a Wynkie-operated toll-free number. We do not sell or share your mobile number with third parties for marketing purposes.

To opt out at any time, reply STOP to any message. To get help, reply HELP. You may also contact us at privacy@wynkie.com.

Wynkie uses a minimal number of cookies and browser storage mechanisms:

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking cookies. We do not use Google Analytics, Meta Pixel, or any similar cross-site tracking services. We do use Vercel Analytics and Speed Insights to measure aggregate, anonymous usage and page-load performance — these are cookieless, never track you across other websites, and do not collect personally identifiable information.

We take security seriously. The measures we have in place include:

• HTTPS everywhere — All connections to wynkie.com are encrypted using TLS/SSL.
• Row Level Security (RLS) — Our database enforces at the database level that each stylist can only access their own data. No code-level mistake can expose one stylist’s data to another.
• Encrypted passwords — Passwords are hashed using industry-standard algorithms by Supabase Auth. We never store or see plain-text passwords.
• PCI-compliant payments — Card data is handled entirely by Stripe (PCI DSS Level 1). It never touches Wynkie’s servers.
• Webhook signature verification — All Stripe webhook events are verified using HMAC-SHA256 signatures before being processed.
• Secure cancel/payment tokens — Client-facing links (cancel, reschedule, payment) use cryptographically random tokens — they cannot be guessed or enumerated.
• No PII in public booking conflict checks — The public booking page checks for appointment conflicts using a server function that returns only time ranges, never client names or personal data.

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@wynkie.com.

Wynkie is designed for independent beauty professionals and their clients. Creating a Wynkie stylist account requires you to be at least 18 years old. We do not knowingly collect personal information from children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). If we become aware that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, contact us at privacy@wynkie.com.

Wynkie is operated in the United States. If you access Wynkie from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using Wynkie, you consent to this transfer.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify active stylist accounts by email at least 14 days before the changes take effect. Your continued use of Wynkie after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

We will respond to all privacy requests within 30 days (45 days for California CCPA requests).