Privacy Policy

RunChair is an AI-powered salon management platform operated from Auckland, New Zealand, and built for hair and beauty salons across New Zealand and Australia. In this policy, “RunChair”, “we”, and “us” refer to the operator of the RunChair service.

We act as a processor for the client data that salons load into RunChair, and as a controller for the account data of the salon owners and staff who use our platform. We handle personal information in line with the New Zealand Privacy Act 2020 and, where applicable, the Australian Privacy Principles.

Operator & contact

RunChair is operated by Think and Form Limited, registered at 23 Calumet Way, Takanini, Auckland, New Zealand. For any privacy question, or to exercise your rights, you can reach our privacy contact at admin@thinkandform.co.nz.

Account & salon data

• Name, email, phone number, and role of salon owners and staff.
• Salon business details — trading name, address, hours, services, and pricing.
• Login credentials managed through our authentication provider.

Client data your salon stores

• Client contact details, appointment history, and preferences.
• Consultation notes, service formulas, and reference photos you upload.
• Booking, deposit, and no-show records.

Communications & usage

• Messages exchanged with our AI concierge by text, voice, and web chat.
• Payment metadata processed through Stripe (we never store full card numbers).
• Device, browser, and usage logs used to operate and secure the service.

We use personal information to:

• Provide booking, waitlist, reminder, and client-management features.
• Power the AI concierge that answers calls, texts, and web chats on your salon’s behalf.
• Send appointment confirmations, reminders, and win-back messages you configure.
• Process deposits and subscription payments.
• Secure the platform, prevent fraud, and meet our legal obligations.

We do notsell personal information, and we do not use your salon’s client data to train third-party AI models.

We share data only with the sub-processors needed to run RunChair, and only as far as each needs to perform its function:

• Supabase — database and authentication.
• Stripe — deposit and subscription payments.
• Twilio & ClickSend — voice and SMS messaging.
• Resend — transactional email.
• Firebase — real-time calendar sync.
• AI model providers (via a managed gateway) — to generate concierge responses.

Each provider is bound by its own data-protection terms. Some process data outside New Zealand and Australia; where that happens we rely on contractual safeguards comparable to local privacy standards.

Some RunChair features capture consultation photos. By default these are used only for that consultation and the client’s record — not for training.

Separately, a client may opt in to let their photos help improve our hair-assessment model. This is strictly optional and off unless explicitly chosen. When a client opts in:

• Faces are blurred before any training use.
• The data is used to improve our own models only — we do not share photos with third-party model providers for training.
• Consultation photos default to a 90-day retention and are then automatically purged, unless your stylist saves a photo to the client profile.
• Consent can be withdrawn at any time through the salon, after which the photos are no longer used for model improvement.

We keep account and client data for as long as your salon maintains an active RunChair account. You can export your data at any time and request deletion when you close your account; we will delete or anonymise personal information within a reasonable period after closure, except where we must retain records to meet legal, accounting, or security obligations.

Under the NZ Privacy Act and Australian Privacy Principles you can ask us to access, correct, or delete the personal information we hold about you. Salon clients should direct these requests to the salon that stores their data; we will support the salon in responding.

To exercise your rights or raise a privacy concern, email admin@thinkandform.co.nz. If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner (NZ) or the OAIC (Australia).

We encrypt data in transit and at rest, scope every salon’s data with row-level access controls, and limit staff access to what each role needs. For more detail, see our Security overview.

We may update this policy as RunChair evolves. When we make material changes we will update the date above and, where appropriate, notify salon account holders by email.