Skip to content
Studioloop

Data Privacy & Account Deletion

How client data deletion requests work and what data Studioloop stores

Overview

Studioloop stores client data to operate bookings, loyalty, payments, and forms. This article explains what data is stored, how clients can request deletion, and what the deletion process involves.

What Data Studioloop Stores

For each client account:

  • Profile -- name, email, phone, preferences, communication opt-outs
  • Bookings -- appointment history, status, services, notes
  • Payments -- payment records, tips, refunds (Stripe payment method tokens stored by Stripe, not Studioloop)
  • Loyalty -- points balance, ledger entries, reward redemptions
  • Reviews -- any reviews submitted
  • Forms -- completed intake forms and e-signatures
  • Preferences -- notification preferences, language settings

Account Deletion Requests

Clients can request deletion of their account and data through the mobile app under Profile > Delete Account.

Verification Process

To prevent unauthorized deletions:

  1. Client taps Delete Account
  2. A 6-digit verification code is sent to their registered email
  3. The client enters the code to confirm
  4. The code is valid for 15 minutes

If the code expires, the client can request a new one. A new request is allowed after a 2-minute cooldown. After 5 failed verification attempts, the deletion request is locked and the client must wait before trying again.

What Gets Deleted

Deletion removes data in a specific order to maintain referential integrity:

  1. Authentication records (sign-in tokens, sessions)
  2. Notification preferences
  3. Tenant memberships and role assignments
  4. Client-facing records (bookings, loyalty, forms, reviews)
  5. Payment method references
  6. The core user account record

What Is Not Deleted

  • Financial transaction records required for tax and audit purposes are retained in anonymized form per applicable law
  • Stripe payment records are managed by Stripe under their own data retention policy

Business-Side Deletion

If you need to remove a client record from the console (not initiated by the client), use the Archive or Delete action in Console > Clients. Archiving keeps the record but removes the client from active lists. Deletion permanently removes client-accessible data while preserving financial records.

Data Export

Clients can request an export of their data from the mobile app under Profile > Download My Data. The export includes all the categories listed above in a downloadable format.

GDPR and Regional Rights

Studioloop's deletion and export tools are designed to support GDPR right-to-erasure and right-of-access requests. For jurisdiction-specific questions or business-side data processing agreements, contact support.