WynkiePrivacy Policy

Privacy Policy

Effective date: April 15, 2026

1. Introduction

Wynkie (“Wynkie,” “we,” “our,” or “us”) operates wynkie.com and any associated mobile applications — an all-in-one business platform for independent beauty professionals. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

This policy covers two groups of people:

  • Beauty professionals (“Stylists”) — individuals who create a Wynkie account to manage their business.
  • Clients — individuals who book appointments through a stylist’s Wynkie booking page. Clients do not create Wynkie accounts.

By using Wynkie, you agree to this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

2a. From Stylists (Account Holders)

When you create and use a Wynkie account, we collect:

Account informationFull name, email address, password (encrypted — never stored in plain text), phone number (optional), and a public booking URL slug you choose.
Business settingsYour services (name, description, price, duration), weekly availability hours, deposit policy settings, timezone, and client notification preferences.
Profile informationA short bio you optionally add to your public booking page.
Payment processingClient payments made through Wynkie are processed by Stripe. Wynkie stores only payment amounts, tips, transaction status, and a Stripe transaction reference. We never see or store your clients' bank account numbers or full card details — Stripe handles all card data directly.
Appointment and payment recordsEvery appointment you create or that clients book: client name, service, date, time, price, payment method, tip, add-ons, discounts, and payment status.
Client recordsNames, phone numbers, and email addresses of clients you add or who book through your page.
Stylist notesPrivate notes you write on individual appointments — only visible to you.
FeedbackIf you submit a bug report, feature request, or feedback via the in-app widget, we receive your message, email address, name, and the page you were on.
Device and usage dataBrowser type, device type, IP address, and pages visited — collected automatically by our hosting provider, Vercel.

2b. From Clients (Booking Page Visitors)

When a client books an appointment through a stylist’s Wynkie booking page (wynkie.com/[slug]), we collect:

Booking informationFull name (required), phone number (required), email address (optional), appointment notes (optional), and the service, date, and time selected.
Payment informationWhen paying a deposit or balance online, payment card details are submitted directly to Stripe via a secure, encrypted form. Wynkie never sees, stores, or transmits raw card numbers, CVV codes, or full card data. We receive only a payment confirmation and a transaction reference from Stripe.
Tip amountIf a client chooses to add a tip, the tip amount is stored separately in our database and linked to the appointment.

Important:Client data is owned and managed by the individual stylist. Wynkie processes this data as a service provider on the stylist’s behalf. If you are a client and have questions about your data, please contact the stylist who took your booking, or contact us at privacy@wynkie.com.

2c. Automatically Collected Information

Log dataIP address, browser type, operating system, referring URL, pages visited, and timestamps. Collected by Vercel (our hosting provider) as part of normal web server operation.
Local storageYour selected app theme (color scheme) and notification read timestamps are stored locally on your device — this data never leaves your device and is not sent to our servers.
Session cookiesA secure, encrypted session cookie is used to keep you logged in. This cookie does not track you across other websites and is deleted when you log out or it expires.

3. How We Use Your Information

Provide and operate the serviceRunning your booking page, managing appointments, processing payments, sending automated emails, and displaying your earnings and client data.
Authentication and securityVerifying your identity when you log in, protecting your account from unauthorized access, and detecting fraud.
Automated client communicationsSending appointment confirmation emails, 24-hour and 48-hour reminders, rebooking prompts, re-engagement check-ins, payment receipts, and cancellation notices — on your behalf, to your clients.
AI-powered appointment extractionWhen you use the AI paste-to-fill feature, the text you paste is sent to Google Gemini to extract appointment details (name, phone, service, date, time). See Section 5 for details.
Tax and earnings reportingCalculating gross earnings, tax estimates, and period-over-period comparisons shown in your Earnings dashboard. We do not file taxes on your behalf.
Product improvementAggregate, anonymized usage data helps us understand how stylists use Wynkie and which features to prioritize. We do not sell this data.
Customer supportResponding to feedback, bug reports, and support requests you submit.
Legal complianceMeeting our legal obligations, resolving disputes, and enforcing our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We do not share it with advertisers or data brokers. We share data only with the service providers necessary to operate Wynkie:

Supabase

Database and authentication

Privacy policy →

All data you store in Wynkie — appointments, clients, payments, services, availability, and account settings — is stored in Supabase’s managed PostgreSQL database. Supabase also handles login sessions. Data is stored in the United States on Amazon Web Services infrastructure.

Stripe

Payment processing

Privacy policy →

When a client pays online, their card details go directly to Stripe via an encrypted, PCI-compliant form. Stripe receives the payment amount, a transaction description, and metadata we provide (appointment ID, stylist ID). Wynkie receives only a payment confirmation. Stripe is PCI DSS Level 1 certified — the highest level of payment security certification.

Resend

Email delivery

Privacy policy →

All automated emails (booking confirmations, reminders, payment receipts, cancellations, rebooking prompts, re-engagement emails) are sent through Resend. Resend receives the recipient’s email address, name, and the content of each email. Emails are sent from noreply@wynkie.com. Resend does not use email content for advertising.

Google (Gemini AI)

AI appointment extraction

Privacy policy →

When a stylist uses the AI paste-to-fill feature in the New Appointment form, the text they paste is sent to Google’s Gemini API. This text may contain a client’s name, phone number, and appointment details. Google processes this text to extract structured data and returns the result. Google’s API data handling is governed by Google’s API Terms of Service. This feature is optional — stylists can book appointments manually without using it.

Google (OAuth)

Sign in with Google

Privacy policy →

If you choose to sign in with Google, Google shares your name and email address with Wynkie to create or authenticate your account. We do not receive your Google password or access to any other Google services.

Vercel

Web hosting and infrastructure

Privacy policy →

Wynkie is hosted on Vercel. Vercel processes all web requests to wynkie.com and receives standard server log data including IP addresses, request URLs, and browser information. Vercel’s infrastructure is located in the United States.

Legal requirements: We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Wynkie, our users, or the public.

Business transfers: If Wynkie is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. AI Features

Wynkie includes an optional AI feature that extracts appointment details from text messages. Here is exactly how it works:

  1. A stylist copies and pastes a client’s text message into the New Appointment form.
  2. The text is sent to Google Gemini (an AI model operated by Google) with a prompt asking it to identify the client’s name, phone number, requested service, preferred date, and time.
  3. Google Gemini returns the extracted information, which auto-fills the appointment form.
  4. The stylist reviews and confirms the extracted information before saving.

What this means for privacy:The text message you paste — which may contain a client’s personal information — is transmitted to Google’s servers for processing. This feature is completely optional. Stylists who prefer not to use it can fill out the appointment form manually at any time. We recommend not pasting messages that contain sensitive health information, financial details, or any content beyond basic booking requests.

6. Payment Processing and Financial Data

Wynkie uses Stripe to process all online card payments. This means:

  • Card numbers, expiration dates, and CVV codes are entered directly into Stripe’s secure form — they never pass through Wynkie’s servers.
  • Wynkie stores only: payment amounts, tips, transaction status, and a Stripe transaction reference ID.
  • Stripe is PCI DSS Level 1 certified, meaning it meets the strictest payment security standards.
  • Apple Pay and Google Pay transactions are processed through the same Stripe infrastructure.

Stylist earnings data (appointment revenue, tips, payment methods, and transaction history) is stored in Wynkie’s database and displayed in your Earnings dashboard. This data is private — only you can see your own earnings. Wynkie does not share individual stylist earnings data with third parties except as required by law.

Tax information: Wynkie provides quarterly tax estimates based on your earnings as a convenience. This is not tax advice. Wynkie does not report your income to the IRS or any tax authority. You are responsible for your own tax filings.

7. Email Communications

Emails sent to clients on a stylist’s behalf

When a client books through a stylist’s Wynkie page, we send automated emails to that client. These emails are sent on the stylist’s behalf and include:

  • Booking confirmation (with cancel/reschedule link)
  • 24-hour and 48-hour appointment reminders (if enabled by the stylist)
  • Payment receipts after online card payments
  • Cancellation notifications
  • Reschedule confirmations (when an appointment is rescheduled)
  • Rebooking prompts after appointments (if enabled by the stylist)
  • Re-engagement check-ins for clients who haven’t visited recently (if enabled by the stylist)

Clients who do not wish to receive automated emails from a stylist’s Wynkie account should contact that stylist directly. Stylists can disable automated emails in their Settings → Client Notifications.

Emails sent to stylists

We send stylists:

  • New booking notifications
  • Payment received notifications (when a client pays via payment link)
  • Cancellation alerts (including refund details when applicable)
  • Reschedule notifications
  • Transactional emails related to your account

We do not send marketing or promotional emails unless you opt in. Transactional emails related to your bookings and account cannot be fully disabled, as they are essential to the service.

8. Data Retention

Active account dataRetained for as long as your Wynkie account is active.
Appointment and payment recordsRetained indefinitely to support your earnings history, tax estimates, and client relationship history. You may request deletion at any time (see Section 9).
Client dataClient records are associated with your account and deleted when your account is deleted, or upon your specific request.
Deleted accountsWhen you delete your Wynkie account, all your data — including appointments, payments, clients, services, and settings — is permanently deleted from our database. This action is irreversible.
BackupsDeleted data may remain in encrypted database backups for up to 30 days, after which it is permanently purged.
Stripe dataPayment transaction records held by Stripe are subject to Stripe’s own retention policy and may be retained for fraud prevention and legal compliance purposes.
Server logsVercel infrastructure logs (IP addresses, request data) are retained for up to 30 days.

9. Your Rights and Choices

For Stylists (account holders)

You have the right to:

  • Access your data — All your appointments, clients, payments, and settings are visible in your Wynkie dashboard at any time.
  • Correct your data — Update your name, email, phone, bio, and settings in Dashboard → Settings → Profile.
  • Delete your account — Contact us at privacy@wynkie.com to permanently delete your account and all associated data.
  • Export your data — Contact us to request a copy of your data in a portable format.
  • Opt out of non-essential communications — You can disable automated client emails (rebooking prompts, re-engagement) in Settings → Client Notifications.

For Clients (booking page visitors)

If you have booked an appointment through a stylist’s Wynkie page and would like to:

  • Access or correct your booking data — Contact the stylist who took your booking.
  • Request deletion of your data — Contact us at privacy@wynkie.com with your name and the stylist’s booking URL. We will remove your records from our system and notify the stylist.
  • Opt out of reminder emails — Contact the stylist directly, or reply to any Wynkie email and request to be removed.

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know — You may request a full disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and any third parties with whom we share it.
  • Right to Delete — You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct — You may request correction of inaccurate personal information we hold about you.
  • Right to Opt Out of Sale or Sharing — Wynkie does not sell or share personal information for advertising purposes. There is nothing to opt out of, but you have this right.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at privacy@wynkie.com. We will respond within 45 days as required by law.

10. Cookies and Local Storage

Wynkie uses a minimal number of cookies and browser storage mechanisms:

Authentication cookieA secure, HttpOnly, encrypted cookie that keeps you logged in to your Wynkie account. Required for the service to function. Deleted on logout or expiration.
Theme preference (localStorage)Your selected app color theme (Neutral, Blush, Lavender, or Azure) is saved locally on your device. This is not sent to our servers and does not track you.
Notification timestamp (localStorage)The last time you viewed your appointments page is stored locally to calculate unread booking counts. Not sent to our servers.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that track you across other websites. We do not use Google Analytics, Meta Pixel, or any similar tracking services.

11. Security

We take security seriously. The measures we have in place include:

  • HTTPS everywhere — All connections to wynkie.com are encrypted using TLS/SSL.
  • Row Level Security (RLS) — Our database enforces at the database level that each stylist can only access their own data. No code-level mistake can expose one stylist’s data to another.
  • Encrypted passwords — Passwords are hashed using industry-standard algorithms by Supabase Auth. We never store or see plain-text passwords.
  • PCI-compliant payments — Card data is handled entirely by Stripe (PCI DSS Level 1). It never touches Wynkie’s servers.
  • Webhook signature verification — All Stripe webhook events are verified using HMAC-SHA256 signatures before being processed.
  • Secure cancel/payment tokens — Client-facing links (cancel, reschedule, payment) use cryptographically random tokens — they cannot be guessed or enumerated.
  • No PII in public booking conflict checks — The public booking page checks for appointment conflicts using a server function that returns only time ranges, never client names or personal data.

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@wynkie.com.

12. Children’s Privacy

Wynkie is designed for independent beauty professionals and their clients. Creating a Wynkie stylist account requires you to be at least 18 years old. We do not knowingly collect personal information from children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). If we become aware that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, contact us at privacy@wynkie.com.

13. International Users

Wynkie is operated in the United States. If you access Wynkie from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using Wynkie, you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify active stylist accounts by email at least 14 days before the changes take effect. Your continued use of Wynkie after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

Wynkie

Email: privacy@wynkie.com

Website: wynkie.com

We will respond to all privacy requests within 30 days (45 days for California CCPA requests).

← Back to Wynkie