How Estilo handles your data

Last updated: May 6, 2026 Status: Draft (pre-launch) Audience: artists & clients

Plain English, on purpose. Estilo is a booking platform for tattoo and beauty service workers and the clients who book them. This page tells you what we collect, what we do with it, and the things we will never do — in language a real person can read in five minutes.

Final lawyer-tightened language ships before public launch. The substance below reflects how Estilo actually plans to operate; the phrasing may shift after legal review. We will mark every meaningful change in the changelog at the bottom.

01. Introduction

Estilo is a booking platform built for independent service workers — tattooers, piercers, hair stylists, barbers, PMU artists, lash and nail techs, estheticians, and massage therapists — and the clients who book them. This Privacy Policy covers everyone who uses the artist-side app, the client-facing booking surface, this marketing site, and any related Estilo product.

If you're an artist, this tells you what we hold about you and your business. If you're a client, this tells you what we hold about you and the bookings you make. We treat both sides with respect — but our defaults resolve toward the artist when an interest tradeoff happens. We're honest about that.

This document is published by the operators of Estilo (referred to below as "Estilo," "we," "us," or "our"). Contact details are in Section 10.

02. Information we collect

From artists

Account basics — name, email address, phone number (verified via SMS where required), studio or city, profession.
Business identity — for paid tiers and payouts, the legal name, business name, and tax identification number (EIN or, for sole proprietors, SSN) required for Stripe Connect onboarding and U.S. tax-form generation. Estilo does not store full SSNs on our servers — that data goes directly to Stripe through their hosted KYC flow.
Profile content — profile photo, bio, portfolio images and flash uploads, services and pricing, hours of operation, social links.
Bookings & calendar — appointment records, deposits taken, session notes you choose to save, conversation logs in the in-app DM.
Financial activity — for the optional Finance module: revenue you log, expenses you categorize, mileage entries, scenarios saved in the 1099 calculator. If you opt in to Plaid (Solo + AI tier), the bank/card transactions Plaid returns to us.
SMS opt-in records — if you turn on SMS notifications or use SMS marketing campaigns, we keep a record of your consent and the opt-out signals required for Twilio compliance.

From clients

Account basics — name, email address, phone number (verified before you can submit a Trust & Safety report).
Booking history — artists you've booked, deposits you've paid, completed sessions, no-shows, cancellations.
Payment methods — handled and stored by Stripe, not by Estilo. We hold a payment-method token Stripe gives us so future bookings can charge a saved card with your consent. We do not see or store the full card number, CVV, or banking details.
Loves and saves — the artists and flash pieces you've hearted, your saved searches, any Style-Matcher answers you provide.
Reports you submit — content of any Trust & Safety report you file about an artist, including the category, free-text description, and any evidence you attach.

From everyone

Device & usage data — device type, operating system, browser, IP address (collected at request time, not retained beyond what's needed for fraud and abuse prevention), session timestamps, and which screens of the app you visit.
Minimal analytics — aggregate, de-identified counts that help us understand which features are used and where the app breaks. No third-party advertising tracking. No Meta Pixel. No Google Analytics for advertising audiences.
Cookies & local storage — small browser-level entries used to keep you signed in, remember your preferences, and make the PWA work offline. We don't use cookies for cross-site advertising.

03. How we use it

Operating the booking platform

Calendar, bookings, deposits, DMs, profile pages, the marketplace surface, the Style-Matcher discovery flow, Studio/Shop multi-artist team management. The boring core of running an appointment-based business.

Payment processing (via Stripe Connect)

When a client pays a deposit or session fee, the funds flow through Stripe Connect Express. Estilo never holds your money — Stripe does. Stripe handles the KYC, payout schedule, and tax-form generation. We see metadata (how much, when, status) so we can show you a dashboard and reconcile our subscription and Style-Matcher commission. More on Stripe in Section 5.

SMS via Twilio (with explicit opt-in)

If you turn on SMS notifications, transactional booking confirmations, or marketing campaigns, we route those messages through Twilio. You opt in explicitly per channel — there is no surprise SMS. You can opt out at any time by replying STOP or by toggling SMS off in your notification settings.

Trust & Safety system

Estilo uses a private, severity-tiered report system instead of public star reviews. When you submit a report or flag, that information is used to:

Help a human admin review what happened.
Power an internal "Client Snapshot" that other artists see only at booking-request time, with attribution masked to "verified artist, X ago" — flagger names are never exposed.
Detect patterns (e.g., the same client receiving multiple flags in 30 days) and route serious cases to faster admin queues.

Trust & Safety data is internal — used only by Estilo's admin and the platform itself. It is never sold, never shared with partners, never used for advertising.

Aggregate usage analytics (de-identified)

We track which features are used, where users get stuck, and what breaks — at the level of "15% of artists open the mileage tracker on day three", not "this person is 31, lives in Portland, books $400 sessions". The output goes to product decisions inside the app. It does not get sold, and it does not feed advertising profiles.

AI features (preview)

Solo + AI tier users can opt into AI-powered features (booking-request triage, bio-writer, service description generator, follow-up drafts, expense categorization, receipt OCR). When you use these:

The minimum content needed for the feature is sent to our LLM provider (TBD — we'll publish the exact provider in the next revision of this policy and notify you in-app).
We do not allow the LLM provider to train on your content. Provider settings are configured for "no training" on enterprise/API tier.
You can turn off AI features per-feature in Settings. We don't auto-opt you in.

Honest about preview state: AI features are launching as a preview. We are not yet making airtight legal guarantees about every model behavior. We will publish a full AI data-handling addendum before charging for the AI tier at scale.

04. What we don't do

This is the section that matters. The rest of the policy describes what we do; this one tells you what we will not do, and what would have to change for any of it to change.

We do not sell financial or trust data. Period.

Not anonymized. Not aggregated for ad targeting. Not for partner integrations. This is principle 9 of Estilo's master design: "Don't sell financial or trust data. Ever." Internal de-identified analytics inside the app only.

No ad targeting based on your data. We don't run an ad network. We don't sell audience segments to one. We don't share your booking history, finance data, or trust signals with third-party advertisers.
No data sharing with third parties for marketing. The third parties listed in Section 5 are operational vendors (payments, SMS, image hosting, etc.) — they receive only what's required to perform the service, and they're contractually constrained from re-using it.
No public reviews or public ratings published about artists. Estilo's trust model is "verified bookings, love-only, no one-star revenge." Clients who want to express appreciation can heart artists or flash pieces; clients who have a problem file a private report that goes to a human reviewer. Star ratings, public review pages, and public commentary about an artist's work are not features of Estilo and we have no intention of adding them.
No selling of contact lists. Your email and phone number are not products. We do not rent, sell, or otherwise transfer client lists or artist lists to third parties.
No surprise data uses. If we ever want to use your data for something not described in this policy, we'll tell you, ask for opt-in where opt-in is the right standard, and update this policy with a clearly-marked changelog.

Source: ESTILO-MASTER-DESIGN.md §1.2 (the ten principles, locked 2026-05-04). The "we do not sell data" stance is a brand-defining commitment, not a marketing line.

05. Third-party services

We use a small set of operational vendors so we can avoid building (and storing) things we shouldn't be holding ourselves.

Stripe (payment processing)

Stripe handles all payment processing for Estilo, including deposits, session fees, payouts to artists via Stripe Connect Express, KYC, and IRS tax-form generation (1099-K where required). Card data is held by Stripe, not by Estilo. Stripe's privacy policy: stripe.com/privacy.

Twilio (SMS)

Twilio sends and receives SMS for transactional notifications, two-factor verification, and opt-in marketing campaigns. We pass your phone number, opt-in status, and message body to Twilio at send time. Twilio's privacy policy: twilio.com/legal/privacy.

Cloudinary (image hosting)

Portfolio images, flash uploads, profile photos, and other artist-uploaded media are stored on Cloudinary, which serves them globally via CDN. Cloudinary's privacy notice: cloudinary.com/privacy.

Plaid (bank/card sync — optional, Solo + AI tier)

If you opt in, Plaid retrieves bank and card transactions and returns them to Estilo for AI-categorization. Opt-in is per-account and reversible. Plaid's privacy policy: plaid.com/legal.

LLM provider (AI features — TBD, preview)

AI features run against a large language model provider. The exact provider is under final selection at the time of this draft and will be named here in the revision before AI billing goes live. Our procurement criteria require: (a) "no training on customer data" must be a contractual default, (b) U.S.-only data residency where possible, (c) ability to send only the minimal content needed for the feature.

Hosting (Vercel + Supabase)

The app and marketing site are hosted on Vercel and use Supabase Postgres for the application database, Supabase Auth for sign-in, and Supabase Edge Functions for server-side logic. Vercel privacy: vercel.com/legal/privacy-policy. Supabase privacy: supabase.com/privacy.

Vendor list current as of the "Last updated" date at the top of this page. We will revise this section when vendors change.

06. Your rights

Access your data (export)

You can export your data in a machine-readable format (JSON) at any time, even before anything goes wrong. Artists get their portfolio, client list, message logs, finance records, calendar, and bookings. Clients get their profile, booking history, hearts, and the content of any reports they've filed. Your data is yours. If Estilo shuts down tomorrow, you walk away with everything.

Delete your account

You can delete your account from Settings. Most data is removed promptly. Some categories must be retained:

Bookings tied to financial records — retained for the period required by U.S. tax law (currently 7 years for 1099 / income records). After that, they're deleted.
SMS opt-out signals — retained indefinitely so we never accidentally re-message someone who told us to stop. This is required by SMS-marketing compliance rules.
Trust & Safety records — reports about violations may be retained on a case-by-case basis where required for safety, legal, or fraud-prevention purposes. We do not retain identifiable personal data beyond what's needed.

Opt out of SMS / push notifications anytime

SMS: reply STOP to any Estilo SMS, or toggle SMS off per category in Settings → Notifications. Push: revoke notification permission in your device's OS settings, or toggle off in Settings. Email: every marketing email has an unsubscribe link; transactional emails (booking confirmations) are required for the service to work.

California & GDPR rights (placeholder)

If you are a California resident, you have rights under the CCPA / CPRA, including the right to know what personal information we collect about you, the right to delete it, and the right to non-discrimination for exercising those rights. If you are in the EU/UK, you have rights under GDPR / UK GDPR, including access, rectification, erasure, restriction, portability, and objection.

Final, tightened language for both jurisdictions ships with the lawyer-reviewed final policy. To exercise any of these rights today, email us at the contact address with a clear description of what you want, and we'll respond within the timeline that jurisdiction's law requires.

One important Trust & Safety carve-out: If a client requests a data export under GDPR/CCPA, the export does not include flag content from artists about that client. Per the Trust & Safety design (§3.4), counts and aggregate signals are returned — flagger attribution and quoted notes are not. This protects the safety system from being weaponized. Final language ships with lawyer review.

07. Data retention

Active accounts: data is kept as long as you have one. Toggle finance tracking off any time; the data already entered remains until you delete it.
Closed accounts: 7 years for financial records (per IRS retention requirements for income, deposits, and 1099 reporting), then deleted. Non-financial data (profile, portfolio, DM logs) is removed promptly when you close the account.
Stripe Connect dormant accounts: after 60 days of inactivity, your Connect payment line auto-pauses (a 14-day-out warning email goes first). Re-activating is one click. This is a cost-control measure that also limits the surface of dormant data we hold. (Source: DECISIONS-NEEDED.md §2.7.)
SMS opt-outs: kept indefinitely so we never re-message someone who said stop.
Backups: we keep encrypted backups for up to 30 days for disaster recovery; deletions propagate through the next backup cycle.
Logs: request logs (with IP and minimal request metadata) are retained for up to 90 days for security and abuse investigation, then rotated.

If retention timelines change in any meaningful way, we'll update this section and note the change in the changelog.

08. Children's privacy

Estilo is built for adults. You must be 18 or older to use Estilo as either an artist or a client. We do not knowingly collect data from anyone under 18. If we discover that we have collected information from a minor, we will delete it and close the account.

If you are a parent or guardian and believe a minor has created an account, please contact us using the address in Section 10 and we will act promptly.

Note on tattoo & piercing minimums: some jurisdictions allow minors to receive tattoos or piercings with parental consent. That is a question for the artist's licensing rules in their state — Estilo's account-age requirement (18+) applies regardless of the in-person service rules of any state.

09. Changes to this policy

We may update this Privacy Policy from time to time as the product evolves, vendors change, or laws change. When we make a meaningful change, we will:

Update the "Last updated" date at the top of this page.
Add an entry to the changelog (we will add the changelog section in the v1 lawyer-reviewed release).
For significant changes, notify active users by email and in-app at least 14 days before the change takes effect.

If you keep using Estilo after a meaningful change, that means you accept the updated policy. If you don't, you can export your data and close your account at any time.

10. Contact

Questions, requests, complaints, or law-enforcement inquiries:

Email: hello@estilo.app

Privacy-specific requests can also go to privacy@estilo.app once the inboxes are stood up. Until then, the hello@ address routes to the founder directly.

Mailing address and registered-entity details will be added in the lawyer-reviewed final policy.