Last updated: 17 May 2026
CrownSuite is a booking management platform for hair salons. CrownSuite is a trading name of T J Bungwe, a sole trader based in the United Kingdom.
For data protection purposes, CrownSuite is the data processor for customer booking data and the data controller for salon owner account data.
Contact: [email protected] · Post: [BUSINESS ADDRESS — TO ADD]
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email, phone | Account creation & communication | Contract |
| Business name, address, postcode | Salon profile & booking page | Contract |
| Payment information | Subscription billing via Stripe | Contract |
| Login credentials (hashed) | Authentication | Contract |
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email, phone | Booking confirmation & communication | Legitimate interest |
| Booking details | Appointment management | Legitimate interest |
| Payment reference | Deposit verification | Legitimate interest |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Payment details, email |
| SendGrid (Twilio) | Transactional emails | Email address, booking details |
| Railway | Application hosting | All platform data (encrypted at rest) |
Each processor is bound by their own privacy policies and data processing agreements.
Salon owner data: retained for the duration of your account plus 30 days after account closure.
Customer booking data: retained for the duration of the salon's account. Salon owners may request deletion of individual customer records at any time.
Payment records: retained for 7 years as required by UK tax regulations.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
We use essential session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics. See our Cookie Policy for details.
In the event of a personal data breach that affects your data or your customers' data, CrownSuite will notify you without undue delay and no later than 48 hours after becoming aware of the breach. We will provide details of the nature of the breach, the data affected, and the steps we are taking to mitigate it.
As required under UK GDPR, we will also assist you in meeting your obligation to report the breach to the Information Commissioner's Office within 72 hours where required. For full details, see our Data Processing Agreement.
Your data is stored on servers within the EEA or in jurisdictions that provide adequate protection under UK GDPR. Where data is transferred outside the UK, appropriate safeguards are in place.
We may update this policy from time to time. Material changes will be communicated via email. The "last updated" date at the top reflects the most recent revision.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
For any privacy-related enquiries, contact us at [email protected].