Skip to main content
Hair Restoration Guide

Privacy Policy

Last updated: 20 March 2026

Hair Restoration Guide ("we", "our" or "us") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what data we collect, why we collect it, how we use it and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We collect the following types of information:

a) Information you provide directly

  • Enquiry form submissions: your name, email address, phone number (if provided) and message when you submit an enquiry to a clinic
  • Account registration: your name, email address and password when you create a clinic owner account

b) Information collected automatically

  • Usage data: pages visited, time spent on pages and interaction patterns, collected via anonymised analytics
  • Cookies: we use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies.

2. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

  • Consent: when you submit an enquiry form, you explicitly consent to your details being shared with the selected clinic. You can withdraw consent at any time by contacting us.
  • Contract performance: when you create a clinic owner account, we process your data to provide the services you have signed up for (listing management, enquiry delivery, dashboard access).
  • Legitimate interest: we process anonymised usage data to improve the Platform. We also display publicly available business information (e.g. Google reviews, business addresses) to help users find clinics.

3. How We Use Your Information

  • To deliver enquiries from prospective clients to clinics
  • To provide clinic owners with dashboard access and listing management tools
  • To send transactional emails (account verification, enquiry notifications)
  • To send marketing communications (only with your explicit consent; you can unsubscribe at any time)
  • To improve the Platform through anonymised analytics

4. Data Sharing

When you submit an enquiry, your name, email, phone number and message are shared with the clinic you contacted. If that clinic has claimed their listing, the enquiry appears directly in their dashboard. The clinic then becomes an independent data controller for the data they receive and is responsible for handling it in accordance with their own privacy policy and the UK GDPR.

We do not sell your personal data to third parties. We may share anonymised, aggregated data (e.g. total enquiry volumes, popular search locations) for internal reporting purposes.

5. Data Processors

We use the following third-party services to operate the Platform. These providers act as data processors on our behalf and process data in accordance with our instructions:

  • Supabase: database hosting and authentication (data stored in EU data centres)
  • Vercel: website hosting and content delivery
  • Resend: transactional email delivery (enquiry notifications, account verification)

Some of these providers may transfer data outside the UK. Where this happens, appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) to ensure your data remains protected.

6. Data Retention

  • Enquiry data: retained for up to 24 months from the date of submission, then permanently deleted
  • Account data: retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days.
  • Analytics data: anonymised and retained indefinitely as it does not constitute personal data

7. Data Security

We take data security seriously and use industry-standard measures to protect your information, including:

  • Encrypted connections (HTTPS) across the entire Platform
  • Secure database hosting with row-level security policies
  • Password hashing for all user accounts
  • Regular review of access controls and security practices

8. Children's Data

The Platform is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted data through the Platform, please contact us and we will delete it promptly.

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: ask us to correct inaccurate data
  • Right to erasure: ask us to delete your personal data
  • Right to restrict processing: ask us to limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest
  • Right to withdraw consent: withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@hairrestorationguide.com. We will respond within one month of receiving your request.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first if possible.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes, we will make reasonable efforts to notify account holders by email.

12. Contact

For any privacy-related questions, please contact us at privacy@hairrestorationguide.com.