Privacy & Cookies Policy

Last Updated February 2020


  • This Cookie & Privacy Policy relates to our use of any personal information we collect from your via our online services including our Websites (,, Apps (mobile application on iOS & Android) and frontend booking software Powered by Flossie used by hair and beauty businesses (‘Salons’) at unique subdomain addresses. (Altogether these make up the ‘Services’).
  • Services are solely managed by Ltd and UK subsidiary Powered by Ltd.
  • Ltd registered address is 96 St Georges Bay Road, Auckland 1052, New Zealand, registration number 3409935.
  • Powered by Limited, registration number BR021714 of Herschel House, 58 Herschel Street, Slough SL11PG.
  • Ltd and Powered by Flossie Ltd are the joint Data Controller and Processor throughout these Terms and Conditions 
  • Powered by Ltd and Ltd are both referred to as ‘Flossie’ for the purpose of ensuring our responsibilities are clear to you.
  • Flossie takes your privacy seriously and Flossie is committed to protecting your privacy. This Cookie & Privacy Policy (‘Privacy Policy’, ‘Policy’) explains who we are; how we collect, use and share your personal information; how you can manage the information you have shared with us and exercise your privacy rights; and how we protect and retain your information.

What does Flossie do?

Flossie provides software that helps hair and beauty businesses retail their appointments and products smarter online. Customers can instant book and choose to pay for an appointment upfront. Appointments can be made via the Services and through Powered by Flossie Salon branded websites and apps.

Flossie Services are not intended for or directed at children under the age of 13 years. As such, it is designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13.

What we’ve covered in this Policy

  • How we use your personal information
  • Security of your personal information
  • Processing and retaining your information
  • International transfers of your personal information outside the EU
  • Marketing
  • Buy Now, Pay Later Transactions (Oxipay)
  • Our Cookie Policy
  • Exercising your rights
  • Updates to this policy
  • Contact Us

We’ve done our best to make this as clear as possible for you, and not include legal terms, unless absolutely necessary.


  • Flossie uses your information for the purpose of completing a hair or beauty appointment.
  • This includes sharing your personal information to Salon’s in order for them to fulfill their duty in the service which you have booked and expect to be delivered.
  • When you create an account, you have the option to submit permission to be contacted with marketing communication by either Flossie or a Salon partner. You are informed upfront if you are giving consent to be contacted directly by Flossie or a Salon partner. You can unsubscribe from this at any given time by clicking the unsubscribe link from the email or turning off your notifications from your Phone settings.
  • Flossie uses information like cookies to improve your experience on Services; provide us with analytics information that help us improve our Services generally; and to collect information about hair and beauty categories and services of general interest to you so that you may only see content that are relevant to what you are interested in.
  • If any parts of our Services link through to other websites or Apps, those newly opened links don’t operate under this Privacy Policy and we recommend that you read the policies posted to ensure you understand their procedures for collecting and using your personal information.

Personal information Flossie collects from you and why

1. What you provide directly to us

In order to make a booking you need to create an account and we collect your First Name, Surname, Email Address, Phone Number, City and Country. You also provide your billing information (credit card number, cardholder name and expiry date) to make an upfront payment at the time of booking the appointment.

We use these details to:

  1. Enable and process your hair and/or beauty appointment.
  2. Register an account with us.
  3. Provide you with a tax receipt and information about your upcoming booking.
  4. Give you the option to store (via a secure encrypted server) your credit card details for ease to quickly make a future booking (this can only be done with the authorisation provided by you at payment).
  5. Invite you to leave a review of your booking experience and service after your appointment.
  6. Subscribe you to receive marketing communications.
  7. Submit enquiries and/or start live chats.
  8. Provide to the Salon should they need to contact you about your upcoming appointment.
  9. Fraud prevention and detection. To prevent and detect fraud against either you or us and our Salon’s - unfortunate but very critical.

    Your personal information may be linked to cookies we store and use to provide you with a better online experience. See our Cookie Policy further below for more details.
    From your account, you can at any time change and update your personal information.
    You may provide us at your choice any health concerns or pregnancy to disclose to the Salon prior to the booking. We do try to limit the circumstances under which we may collect sensitive personal information.
    If you plan to submit someone else’s personal information to us, for instance when making a booking on their behalf, you should only provide us with that third parties details with their consent and after they have been given information about how we will use their personal information outlined in this Policy.
    It’s important that all the information you provide us when you create an account is correct and accurate. This covers ensuring that we have the correct name and contact details for you at all times.
    We will not collect any personally identifiable information about you e.g. your name or email address, through the Services unless you have provided it to us voluntarily. If you do not want your personal data collected, please do not submit it to us.

    2. What Flossie collects automatically

When you visit and engage with Services on the web we collect information such as the device, unique device ID number, browser type, IP address and location, the date and time that you visited, the duration of your visit, referral source and navigation paths of your visit across our Services including pages viewed and links clicked (for example hair category viewed and the time and date when viewed).

When you use Services on app we also collect information regarding what screens are viewed and links clicked. If you have your location feature turned on we use information to only show localised content that’s relevant to you and you can switch this off at any time from your phone settings.

We may associate this information back to your account profile. Collecting this information enables us to better understand who comes to Flossie Services, where they come from and what is of interest to them. We use this information for internal analytical purposes and to improve the quality and relevance of Flossie Services. We also use this information to protect and prevent online fraud.  

See our Cookies Policy further below for more information outlining our intent and purpose.

3. What Flossie collects from 3rd parties

Social Media: Flossie may access information about you from social media such as Facebook in accordance with their privacy policy. You may choose to create an account using Facebook Connect and we access your personal information such as your First Name, Surname, Email Address, Gender, Birthday and respective Location Data. We encourage you to review the privacy policy of Facebook to be aware of how your personal information is used.

Salon’s: Flossie may lawfully obtain personal information from Salon’s including updated contact information, like email or phone number that we need to add to our account information we have about you.

Online Chat: Flossie collects information about you when you engage with us in live chat. This is for the purpose to provide you with a better online booking experience (for example resolving any requests for a refund).

4. Cookies and related tracking technology

Flossie uses cookies and related tracking technology to collect and use personal information about you. See our Cookie Policy further below for more information on the types of cookies and vendors we use. Flossie may combine the information you provide us related to transactions you make and other information we receive about you. Flossie uses the information we collect from you only for the purposes described in this Policy.

5. Other instances when you provide information directly to Flossie

Salon’s: If you’re an employee of a Salon in which we work with then we may also collect from you employee names, photos and other relevant details that are used for the sole purpose of promoting the business across our relevant Services. 

Job applications: You may share personal information as part of a job application submitted via a recruitment agent, third-party recruitment platform or online community group or directly to us through our website, social media platforms or live chat. You may share sensitive personal data with us relating to whether reasonable adjustments ought to be made for you in the application process or subsequently if an employment relationship is established.


The security of your personal information is important to Flossie. We want you to feel confident about using Flossie Services to make bookings and we are committed to protecting the personal information we collect.

Flossie has implemented appropriate technical and organisational measures to protect the personal information that we collect and process about you. For example, we use encryption when transmitting your sensitive personal information between your system and ours and then to the Salon, and we employ firewalls to help prevent unauthorised persons from gaining access to your information. Hardware is locked every evening in secured lockers and all databases are managed with secure logins and passwords. In addition, only authorised employees are permitted to access personal information, and they may only do so for permitted business functions.

No method of transmission over the Web, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information.

The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.

If you have any questions about Flossie’s security please write to us at


Flossie retains your personal information for as long as required to fulfil the activities (for example enabling and processing your hair and/or beauty appointment) we’ve set out in this Policy, otherwise communicated to you or for as long as is permitted by applicable law.

Examples include:

  • When you correspond with us via live chat across Flossie Services we only retain this data for up to 60 days after the end of the session.
  • If you apply for a role with us Flossie only retains your information for up to one year from the submission date.


Powered by Flossie operates globally and adheres to the local laws data is processed in. The personal information we collect from you may be transferred, processed and stored at a destination outside of the European Economic Area (EEA), that being, New Zealand. If we disclose personal data to a third party in another country, Powered by Flossie puts safeguards in place to ensure that personal data remains protected. 

When personal information is transferred outside the EEA, it is only transferred to New Zealand, a country that the EEA has deemed to provide adequate data protection. 

If you are a resident of the European Economic Area, you have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by writing to us 
  • If you request access to your personal data we will confirm whether we hold your information and provide you with a copy, explaining how we process it and why, how long we store it for and your rights associated with it.
  • If you request deletion of your personal information, we will erase it. Please do note that we will need to retain any information that we require to fulfil our legal obligations or to establish, exercise or defend a legal (for example fraudulent) claim.
  • You can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. 
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the ‘unsubscribe’ link in the marketing emails we send you.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here


You have the right to stop us from contacting you for marketing purposes by either ‘unsubscribing’ from email or turning off your notifications from your mobile phone settings.

If you do decide to opt-in again to receive marketing communications from us you can write to us at


Oxipay (New Zealand): Please be aware that all Oxipay Transactions are subject to the Oxipay Privacy Policy and Terms of Use. Flossie recommends you become familiar with these first before you complete any transactions with Oxipay using our web or app Services.


We use cookies to distinguish you from other users of Flossie web services. This helps us provide you with a good experience when you browse and also allows us to improve Flossie Services.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computers hard drive. We use the following cookies:

Strictly necessary cookies: These are cookies that are required for the operation of Flossie web Services. For example, cookies that enable you to log into a secure account, book and pay upfront for an appointment.

Analytical and performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around Flossie web Services when they are using it. This helps us to improve the way Flossie web Services work, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies: These are used to recognise you when you return to Flossie web Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your city and country).

Targeting cookies: These cookies record your visit to Flossie web Services, the pages you have visited and the links you have followed. We will use this information to make Flossie web Services and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Third parties (for example Facebook, Instagram, Twitter) do collect and use data from cookies placed on Flossie Services. We don’t describe their privacy or security policies in this Policy. We recommend that you read their policies and if you prefer to not have your data reported by these parties that you follow their opt-out process. We’ve linked to these further down in this section.

Individual cookies Flossie uses and the purpose for which we use them:

  • Google Analytics: collect and aggregate visitor information such as browsing patterns, page visits, shopping behaviour to allow analysis of site performance and usage. All information collected is anonymous. Google Privacy Policy here. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On here.
  • Google Adwords: store information about your preferences, and allow us to customise and provide you with offers that are targeted at your individual interests on the Google Platform. Google Privacy Policy here.  You can opt-out of Google’s use of Cookies by visiting the Google Advertising opt-out page here.
  • Facebook: enable single sign-on with Facebook Connect to enable you to book appointments faster, store information about your preferences, and allow us to customise and provide you with relevant offers and news that are targeted to your interests. Facebook Cookie Policy here.
  • Facebook Analytics: used to personalise and optimise ads shown to you on Facebook and Instagram. You can opt-out of Facebook Analytics Privacy Settings here.
  • Facebook Retargeting: used to create custom audiences for ads personalisation on Facebook and Instagram. You can opt-out of Facebook Retargeting Privacy Settings here.
  • Intercom: customer service tool for live chat in our Services we collect information on your location, queries and device. This allows us to ensure we respond in a timely manner and provide a better customer experience. Intercom Privacy Policy here. Intercom Cookie Policy here.
  • Amplitude Analytics: customer data aggregator to track and analyse behavior when using Services in order to identify gaps and areas to improve the user experience. This data is completely anonymous. Amplitude Privacy Policy here.
  • deep-linking into specific places in the app Services. This data is completely anonymous. Privacy Policy here.
  • Appsflyer: service used to identify the source of app downloads and for relevant, related analytics. Appsflyer Privacy Policy here. You can opt-out of Appsflyer Privacy Settings here.
  • Sendgrid: platform for sending triggered operational and marketing emails to nominated addresses. Sendgrid Privacy Policy here.

By continuing to use Flossie Services you are agreeing to our use of cookies. If you don't want us to use cookies when you use Flossie Services you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. However, if you block cookies some of the features may not function as a result.

You can find more information about how to manage cookies for all the commonly used internet browsers by visiting This website will also explain how you can delete cookies which are already stored on your device.

The important thing to remember is that some cookies do track your use of Flossie Services but cannot be used to identify you personally or tell us who you are.


You can access and update your personal information at any time from your account in the Flossie web and app Services. You can deactivate your account and request to have your data deleted at any time either by contacting us at or via our chat service. After you deactivate your account you will no longer be able to access your personal information. You can create a new account at any given time. 


Updates to this Policy will be made when required by legal, technical and business developments. When we update this Policy, we will take appropriate measures to update you consistently with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where required by applicable data protection laws.

You can see when this Policy was last updated by checking the ‘last updated date displayed in the header of this Policy.

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may write to us at 

This website uses cookies. By continuing you agree to our Cookie & Privacy Policy.