Privacy policy

When you sign up: your email address. When you use Lashbrief: the data you enter (clients, sessions, photos, notes). That’s it. We don’t collect analytics about your client list, names, or session content.

Postgres + object storage hosted by Supabase in the United States. Encrypted at rest. Access gated by row-level security — your data is only readable when you’re signed in as you.

We don’t sell your data. We don’t share client lists with third parties. We don’t train models on your sessions or Brief content.

Supabase (database, auth, storage). Stripe (payments). Netlify (hosting). Resend / Postmark (transactional email — auth links only). Each handles a narrow function and signs the standard data-processing terms.

Export your data at any time from Settings → Download all my data. Delete your account at any time from Settings → Danger zone — this drops your DB rows + Storage objects within 24 hours. Email us if you want a confirmation receipt.

support@lashbrief.com — for any privacy question, or to invoke your rights under GDPR / CCPA.