Privacy Policy

The Gaff Barber Shop ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our website at www.thegaff.co.za or make a booking with us. We comply with the Protection of Personal Information Act (POPIA) of South Africa.

We collect the following personal information when you make a booking or contact us:

• Name — to identify you and personalise your experience.
• Phone number — to contact you about your booking or appointment.
• Email address — to send booking confirmations, updates, and cancellation notices.
• Appointment details — barber, services selected, date and time, notes.

We do not collect payment card information. All payments are processed in person at our premises.

We use your personal information to:

• Process and manage your booking requests.
• Send you booking confirmation, reminder, and status update emails.
• Respond to enquiries submitted via our contact form.
• Maintain internal records of clients and appointments for operational purposes.
• Improve our services based on usage patterns (no personally identifiable data used for this).

We will never sell, rent, or share your personal information with third parties for marketing purposes.

Your data is stored securely in our database hosted by Supabase, which is hosted on AWS infrastructure. All data is encrypted in transit (TLS) and at rest.

Access to your personal data is restricted to authorised staff members (barbers and management) who require it to deliver our services.

• Booking records are retained for 24 months from the date of the appointment.
• Contact form messages are retained for 12 months.
• You may request deletion of your data at any time by contacting us (see section 9).

Our website may use essential cookies to ensure the site functions correctly (e.g. session management). We do not use tracking or advertising cookies.

We may use anonymised analytics to understand how visitors use our site. This data does not identify you personally.

We use the following third-party services to operate our website and booking system:

• Vercel — website hosting (vercel.com).
• Supabase — database and authentication (supabase.com).
• Resend — transactional email delivery (resend.com).

Each of these providers has their own privacy policy and security practices. We only share the minimum data necessary for each service to function.

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Be informed about how your personal information is used.
• Access the personal information we hold about you.
• Request correction of inaccurate personal information.
• Request deletion of your personal information.
• Object to the processing of your personal information.
• Lodge a complaint with the Information Regulator of South Africa.

To exercise any of your rights, request access to your data, or raise a privacy concern, please contact our Information Officer at:

• Email: support@thegaff.co.za
• Address: 22 Newton Street, Port Elizabeth, Eastern Cape, South Africa

We will respond to all requests within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "last updated" date. We encourage you to review this page periodically.