Privacy Policy
Taper by Aiandi ("we", "us", "Taper") provides software that helps barbershops manage their walk-in queue, client cards, and AI haircut previews. This policy explains how we collect, use, and protect personal information when you use the Taper website (taper.style), the Taper application (app.taper.style), and any other service we provide (together, the "Service").
We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), and applicable Australian Consumer Law requirements. If you are in the EU/UK, the GDPR/UK GDPR may also apply; we treat your data to a substantially equivalent standard. By using the Service you accept this Policy and our Terms of Service.
1. Who controls your data
If you are a barbershop owner or staff member using Taper to run your shop, Taper is the controller of your account information (email, login, billing).
If you are a customer of a barbershop using a Taper iPad or queue link to choose a haircut, the barbershop is the data controller of all information you provide and Taper is only a data processor acting on the shop's documented instructions. The barbershop is solely responsible for: obtaining your consent, telling you why your information is collected, deciding how long to keep it, and responding to your access, correction or deletion requests. Taper provides the tooling; the shop owns the relationship with you. Requests to see, correct, or delete your data should be directed to the barbershop. If the barbershop does not respond, you may email privacy@taper.style and we will assist as a processor where we are legally able.
2. What we collect
From shop owners and staff
- Name, email, phone, business name, ABN if you provide one
- Hashed password (we never store the plain text)
- Subscription and billing metadata from Stripe (we never see your card number)
- Server logs: IP address, browser type, pages visited, basic activity timestamps
From customers using a barbershop's Taper iPad or queue link
- Name, mobile, email (only if you provide them)
- Selected haircut
- Front-facing photo (if you choose to use the AI preview)
- The AI preview image generated from that photo
- Marketing/contact consent flags
- Time you joined the queue, IP address (for abuse prevention only)
Photos of faces are personal information and may reveal sensitive information such as appearance, ethnicity, health, or religious dress. Taper does not use facial recognition, biometric verification, biometric identification, face matching, or biometric templates. We still handle face photos with a higher level of care because misuse could be harmful.
3. How we use it
- To run the service: show you the queue, save cut cards, generate AI previews, send the shop your selected style.
- To improve the product: aggregate, de-identified usage analytics. We do not train AI models on customer photos.
- To bill and support: manage subscriptions, respond to support requests.
- To comply with the law: respond to legal process, enforce our Terms.
We do not sell or rent personal information. We do not use your photo or any information you give a barbershop to advertise other products to you.
4. AI haircut previews
If you (or the shop on your behalf) request an AI preview, your front photo and the chosen haircut style are sent to OpenAI via OpenAI's API to generate a preview image. OpenAI processes the image under its API and business data terms and returns the generated image to Taper. OpenAI says API data is not used to train or improve models by default unless the API customer explicitly opts in. OpenAI may still process inputs for safety, abuse monitoring, legal compliance, and service operation. Taper does not opt in to OpenAI model training with customer photos.
Taper does not use the AI preview to make legal, financial, employment, credit, insurance, access, or other decisions that significantly affect a person's rights or interests. It is a visual aid for a haircut conversation only.
AI previews are illustrative only. They are not a guarantee of how a haircut will actually look on you. Variations in lighting, hair growth pattern, scalp visibility, and barber technique mean the real-world result will differ. The preview is a visualisation aid, not a contractual outcome.
The shop owner can delete a saved preview from their dashboard at any time. If you want yours deleted immediately, ask the shop, or email us at privacy@taper.style.
5. Marketing & SMS / email contact
A shop will only send you SMS reminders or marketing if you tick the consent box on the iPad or queue page (Spam Act 2003 — express consent). Marketing messages must identify the sender, include a functional unsubscribe option, and honour unsubscribe requests within 5 business days. You can withdraw consent at any time by replying STOP to an SMS, clicking unsubscribe in an email, or telling the shop. Taper itself only emails you about your Taper account, security alerts, and changes to this policy or our Terms.
6. How long we keep things
- Customer photos and AI previews: retained for 90 days by default, then automatically purged unless the shop has saved them as part of a cut card or client record with your consent.
- Cut cards and client records: retained while the shop is an active Taper customer, plus 12 months. The shop can delete individual records at any time.
- Account & billing records: kept for 7 years to comply with Australian tax law.
- Server logs: 90 days.
7. Where it's stored
Taper hosts the application on DigitalOcean infrastructure in Sydney, Australia. We use subprocessors only where needed to provide the Service, currently including DigitalOcean for hosting, Stripe for payments, Resend/SMTP providers for transactional email, and OpenAI for AI previews. Stripe, Resend, and OpenAI may process data outside Australia, including in the United States. Where data is sent overseas, we take reasonable steps to ensure it is handled consistently with the APPs, including contractual controls, provider security reviews, minimising the data sent, and using providers' business/API data protection settings where available.
8. Security
We use HTTPS for all connections, hash passwords with bcrypt, apply role-based access controls, keep API keys server-side only, run server monitoring and backups, and limit public AI preview abuse with server-side quotas. No system is perfectly secure; if we discover a breach that's likely to result in serious harm to you, we'll assess it promptly and, where required, notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.
9. Your rights
You can ask us to:
- See the personal information we hold about you
- Correct anything that's wrong
- Delete data where deletion is legally and technically available
- Export a copy of your data
- Stop marketing contact
Email privacy@taper.style from the address linked to your account, or contact your barbershop. If that address does not respond, email jai@aiandi.com.au. We aim to respond within 30 days. If you're not satisfied, you can complain to the Office of the Australian Information Commissioner.
10. Cookies
Taper uses only the minimum cookies needed to keep you logged in and to remember your shop. We don't run third-party advertising trackers. The marketing site at taper.style does not set tracking cookies for visitors who don't sign in.
11. Children
Taper isn't designed for under-16s. If a customer under 16 wants to try the iPad preview, the shop should obtain parental consent first.
12. Changes
We'll post material changes here and notify shop owners by email at least 14 days before they take effect.
13. Contact
Privacy questions: privacy@taper.style or jai@aiandi.com.au
General contact: hello@taper.style or jai@aiandi.com.au
Operator: Taper by Aiandi, Melbourne, Australia.