What we collect, what we don't, and how we handle the rest.

goldenhour is operated by Gabriel Oleas (the “Operator”). The service helps independent beauty professionals (artists) manage bookings, payments, and client communication. Contact: hello@goldenhourhq.com.

From artists who use goldenhour:

• Account information — name, email, phone, business name, timezone, vertical (e.g. spray tan, hair).
• Authentication — handled by Clerk; we receive only your user ID and email, not passwords.
• Payment configuration — Stripe Connect account ID, charge / payout status (we never see card numbers; Stripe holds them).
• Operational data — services, prices, business hours, travel zones, automations.
• Usage telemetry — basic page views and errors, via Sentry and PostHog. No screen recordings, no keystroke capture.

From your clients (when they book through your link):

• Name, email, phone, optional preferences, optional intake-form answers.
• Appointment metadata — what was booked, when, payment status.
• Card details — held by Stripe, not by goldenhour.

• To run the service — show your dashboard, send confirmations and reminders, take payments through Stripe.
• To send transactional SMS and email (booking confirmations, reminders, after-care). We never market your clients to anyone.
• To improve the product — aggregated, de-identified usage patterns. We do not sell, rent, or share personal data with advertisers.
• To meet legal obligations — Stripe and Twilio require us to retain transaction and messaging logs for compliance.

The minimum set of vendors required to run the service. Each is contractually bound to handle data per the same standards we use:

• Stripe — payment processing and Connect onboarding. Subject to Stripe's Privacy Policy.
• Twilio — SMS delivery. Subject to Twilio's Privacy Notice.
• Resend — transactional email delivery.
• Clerk — authentication and session management.
• Neon — managed Postgres hosting (your account's data lives here).
• Vercel — application hosting + CDN.
• Cloudflare R2 — file storage (photos, exports).
• Sentry, PostHog, Anthropic — error monitoring, product analytics, optional AI features (used only when you enable them).

We do not sell personal information. We do not share data for cross-context behavioral advertising.

• All traffic is served over HTTPS (TLS 1.2+).
• Database connections are encrypted; backups are encrypted at rest.
• Card numbers never touch our servers — Stripe handles tokenization and PCI compliance.
• Access to production data is restricted to the Operator and limited tooling required to operate the service.

You can request to access, correct, export, or delete the personal data we hold about you. Account-level export is available in your dashboard at any time (Clients → Export CSV; Settings → Data). For other requests, email hello@goldenhourhq.com; we respond within 30 days.

California residents have the right to know what personal information is collected and to request deletion under the CCPA. We do not sell personal information.

Residents of the EEA, UK, and Switzerland can request data portability and lodge complaints with their local supervisory authority.

We use cookies to keep you signed in, remember your preferences (theme, sidebar state), and measure aggregate usage via PostHog. We do not use third-party advertising cookies. You can clear or block cookies in your browser; doing so may sign you out.

We retain account data while your account is active. When you delete your account, we remove your authentication record immediately and retain the underlying business records (clients, appointments, messages, payments) only as required by Stripe, Twilio, and tax law — typically 7 years.

goldenhour is for adults. We do not knowingly collect personal information from anyone under 16.

We'll post any material changes here and notify account holders by email at least 14 days before they take effect. The last-updated date at the top reflects the most recent revision.