Aunty Curl CouncilAunty Curl Council← Back to home

Legal

Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains what information we collect, how we use it, and the choices you have. We keep this short and in plain language on purpose.

The short version

  • We collect your email and hair information only to give you personalized recommendations.
  • We don’t sell your data. Ever.
  • We use trusted third parties (Stripe, Supabase) to run the business — they only see what they need.
  • You can delete your data any time by emailing us.

1. What we collect

Information you give us

  • Email address — when you join the waitlist, become a Founding Member, or contact us.
  • Hair information — curl pattern, density, concerns, and goals you share in the consultation.
  • Payment information — processed and stored by Stripe. We never see or store your full card number.

Information collected automatically

  • Basic usage data (pages viewed, clicks) via privacy-friendly analytics.
  • Device and browser information for security and debugging.

2. How we use it

  • To provide the Service — personalized hair care guidance and routines.
  • To send important messages (launch notifications, receipts, service updates).
  • To improve the product based on aggregate, anonymized patterns.
  • To comply with legal obligations (tax, fraud prevention, court orders).

3. Who we share it with

We share data only with service providers that help us run the business:

  • Stripe — payment processing. See Stripe’s Privacy Policy.
  • Supabase — database hosting for your account and email list.
  • Vercel — website hosting and delivery.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Your rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correct — fix anything that’s wrong.
  • Delete — ask us to remove your data. We’ll do this unless we’re legally required to keep it.
  • Opt out — unsubscribe from emails anytime using the link in each email.

To exercise any of these, email hello@auntycurlcouncil.com. We’ll respond within 30 days.

5. Data retention

We keep your data only as long as needed to provide the Service or comply with legal obligations. If you delete your account, we erase your personal data within 30 days (though we may retain anonymized aggregate data and transaction records required by law).

6. Security

We use industry-standard encryption in transit (TLS) and at rest. We limit access to your data to team members who need it to do their job. No system is 100% secure, but we take this seriously.

7. Children

The Service is not directed at children under 13. We do not knowingly collect information from children. If you believe we have, email us and we’ll delete it.

8. International users

Our servers are based in the United States. By using the Service, you consent to your data being processed in the US. If you’re in the EU or UK, you have additional rights under GDPR that we’ll honor on request.

9. Changes to this Policy

If we make significant changes, we’ll notify you by email or on-site notice at least 14 days before they take effect.

10. Contact

Questions, concerns, or data requests? Email hello@auntycurlcouncil.com.

Terms of ServicePrivacy PolicyRefund Policyhello@auntycurlcouncil.com