← Back to Brushline

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy describes how Brushline ("Brushline", "we", "us"), trading as Brushline, collects, uses, and protects your personal information when you use our booking platform.

Controller

Brushline acts as the data controller for personal data collected through our website and app. For payment-related personal data, our reseller Paddle.com acts as an independent controller — see "Payments and Merchant of Record" below.

Information we collect

  • Account information: name, email address, phone number, hashed password.
  • Business data: services, staff, calendar, clients, appointments you create in the app.
  • Usage data: device type, browser, IP address, anonymous product analytics.
  • Support data: messages you send us and related metadata.

How we use information and legal basis

  • Provide the service (booking, scheduling, notifications) — legal basis: performance of a contract.
  • Secure your account and prevent fraud/abuse — legal basis: legitimate interests.
  • Improve product quality and analytics — legal basis: legitimate interests.
  • Send transactional emails — legal basis: performance of a contract.
  • Marketing communications, where applicable — legal basis: consent, which you may withdraw at any time.
  • Comply with legal obligations (tax, accounting, lawful requests) — legal basis: legal obligation.

Payments and Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle is the Merchant of Record for all our orders. Paddle handles all checkout, payment processing, billing, sales tax/VAT, customer service inquiries related to payments, and refunds. When you make a purchase, Paddle receives personal data (name, email, billing address, payment details) directly and processes it under Paddle's Privacy Policy.

Data sharing

We do not sell your personal data. We share data only with:

  • Subprocessors required to operate the service (cloud hosting, database, email delivery, error monitoring).
  • Paddle, our Merchant of Record, for payments, subscription management, tax compliance, and invoicing.
  • Professional advisers (legal, accounting) where necessary.
  • Authorities where required by law.

Data retention

We retain account and business data for as long as your account is active. After account closure, personal data is deleted or anonymised within 90 days, except where we are required to keep records longer (e.g. invoicing/tax records kept for up to 7 years). Backups are purged on a rolling 30-day cycle.

Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure — please use a strong, unique password and contact us immediately if you suspect unauthorised access.

International transfers

Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, and to withdraw consent. You can request export or deletion of your account at any time from Settings → Account, or by emailing support@brushline.com. You also have the right to lodge a complaint with your local supervisory authority. We aim to respond within 30 days.

Cookies

We use essential cookies required to operate the service (authentication, session) and limited analytics cookies to understand product usage. You can manage cookies in your browser settings.

Contact

Questions? Email support@brushline.com.