Privacy Policy

Last updated: 11 May 2026

This is the privacy notice for BYBU Aesthetics & Wellness ("BYBU", "we", "us"), based at 15 Horse Barrack Court, Suite 2, Horse Barrack Lane, Gibraltar, Gibraltar. We take your privacy seriously and only collect the information we need to look after you as a client.

What we collect

  • When you create an account: first name, last name, email address, phone number, and a hashed password.
  • When you book a wellness class: the class you booked, the time, and (for paid bookings) a Stripe payment session reference. We never store your card number — Stripe handles that directly.
  • When you buy a class pack: a record of the purchase, the credits granted, and their expiry date.
  • When you contact us: the message you send and your contact details.
  • Automatically: minimal technical data needed to keep you signed in and protect the site from abuse (session cookies, rough IP for rate limiting). We do not run third-party analytics or advertising trackers.

Aesthetic treatments are booked through Fresha — their privacy notice governs that data.

Why we use it

  • To deliver your bookings — confirmations, reminders, and cancellation handling (legal basis: contract).
  • To run the studio safely — your phone number lets the instructor reach you if a class changes (legal basis: legitimate interest).
  • To process payments — Stripe processes the card transaction on our behalf (legal basis: contract).
  • To meet our legal obligations — accounting records, tax compliance, regulator requests.

Who we share it with

  • Stripe — payment processing.
  • Resend — sending you booking confirmation and cancellation emails.
  • Vercel and Neon — hosting the site and database.
  • Our team — instructors see attendee names for the classes they teach; admin staff see booking and payment records to run the studio.

We do not sell your data, ever.

How long we keep it

Account and booking records are kept while your account is active and for a reasonable period after, so we can answer queries, handle refunds, and meet financial record-keeping obligations (typically up to 6 years for transactional records). You can ask us to delete your account at any time — see "Your rights" below.

Your rights

You can ask us to:

  • Show you the personal data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and personal data, where we are not required to keep it.
  • Export your data in a portable format.
  • Stop using your data for any specific purpose.

Email info@bybuaesthetics.com to make a request and we will respond within one month. If you are unhappy with how we have handled your data, you have the right to complain to the relevant data protection authority.

Security

Passwords are stored hashed (bcrypt) — we cannot see your password and we will never ask you for it. Card details are handled by Stripe and never touch our servers. The site is served over HTTPS only.

Cookies

See our Cookie Policy.

Changes

If we change this notice in a meaningful way we'll update the "Last updated" date and, where appropriate, let signed-in clients know by email.

Contact

BYBU Aesthetics & Wellness
15 Horse Barrack Court, Suite 2, Horse Barrack Lane, Gibraltar
Gibraltar
Email: info@bybuaesthetics.com
Phone: +350 5406 8245

Treatment Fresha Wellness Book a class