Skip to main content

Salon/Spa Client Info: “It’s Not OK to Take My Personal Information When You Leave”

who-owns-salon-spa-client-data.png.

Retired Strategies Coach, Mary Walker, was a client at a salon near her home. As is standard practice at any salon with a computer system, she provided her contact information that included her mobile number and email address.

As a former salon owner, Mary expected that her personal information would remain secure and only be used by that salon for communication, appointment confirmations, and to maintain her service records and history.

Mary recently posted the following account to our Strategies Salon & Spa Business Idea Exchange:

Yesterday, I got to experience how a stylist leaves a salon from a client perspective. As a former salon owner and retired Strategies Coach, my personal ethics kicked into high gear.

I received a text from a number I didn’t recognize giving me the day and time of my next hair appointment, but at a salon I never heard of with no stylist name. At first, I thought that the salon I’ve been going to had its system hacked.

Then I received an email from the salon that sent the text message asking me to create my Vagaro account.  

I then sent an email the salon I’ve been going to and asked if they had given out my personal information. It took a day to receive a response stating, “No, we did not.” Shortly after, the salon called me to reschedule my appointment with them “because my stylist had left.”

I did receive a text from the stylist that said, “I thought it was OK to take your information because I thought you’d want to follow me.” 

I replied, “It’s not OK,” and wished her well.

I think she is a talented stylist, but there is a way to leave a salon with respect and dignity.

Until yesterday, I had only been on the owner/stylist side of these situations. Being on the customer side is unsettling and disappointing.

I feel like I'm just someone's "2:00pm" and stuck in the battle of “who owns me.” More importantly, I feel that my privacy had been violated because the salon I gave my personal information to did not keep it secure. 

The digital world is great, but there are times when a phone call and conversation is warranted. That’s what real "customer" service is all about.



The comments that followed were a mixed bag of owners sharing their thoughts and strategies on their client databases.


  • In this day and age of personal data security issues, it would definitely feel like there was a breach of some kind and it would make me worry about other sensitive information the stylist took — especially if credit cards were kept in the system. Clients do not know how secure our systems are so one could be infuriated at this type of breach.

  • This hits a cord with me. As a former employee and now an owner, I relentlessly tell employees, “We don’t own customers, we owe them respect. It’s not OK to take off with their personal information.” I have had responses like, “It only pertains to medical facilities.” No! It’s not OK to take client information and contact them. The original salon should always call and let the guest know. It’s professional and respectful to all parties.

  • I had six stylists leave last year to be independent contractors. They hacked into my computers and stole the client information. In the process, they destroyed one of my hard drives. I was advised to go to the police, but they did nothing. I took every precaution to protect my clients’ and employees’ personal info. I was shocked! The fact that they left was not as upsetting as them stealing client data.

  • As someone who just had three team members leave to go booth rent in two weeks, I feel this. It’s great to hear the client side of the situation.

  • This is why I have my front desk employees sign an agreement not to share any client information with ANYONE.


One stylist wrote the following comment: I recently went out on my own, so this is still new to me. I went old fashioned and sent a well written letter to my client base stating what and where I would be. Why I was doing this was included as well. I left it completely up to the client. They could decide and not be awkward if they didn’t. A phone call could be awkward. People loved the letter they told me it was so well stated. Also, I didn’t want things to be awkward on the salon I left.

I’m sure your reaction to this well-intended post was the same as this owner’s. What?! Did someone just say that getting the information from the receptionist and snapping photos of their daily sheets was classy?!

The very next comment asked, “How did you get the client data to send those letters?”

Response: “A receptionist helped me get the information. I had some new clients during the time I was leaving, so I snapped photos of my day sheet with names and googled them for addresses. It’s a bit of work, but well worth it and classy. The only ones I didn’t send letters to clients I’m very close with. I told them way ahead of time.”

Mary’s story, the owner responses, and the stylist’s comment and explanation how he acquired client data, is a story that has been repeating year after year, decade after decade.

It’s the never-ending battle over “who owns the customer.” And as long as salon/spa owners continue to build their businesses by measuring the value of a service provider by the size of his or her “clientele,” the battle will continue.

FACT 1: The single most valuable asset a salon/spa has is its client database that contains contact information, service history, formulas and notes.

  • Written and employee-signed policies that the removal, copying, scanning, photographing, or any other form duplication of client data is prohibited. This also includes acquiring contact information directly from clients.


FACT 2: A data breach is a data breach. It doesn’t matter if it happens at a major credit card company, major retail chain, insurance companies, or at a salon/spa. Client data must be protected and secure.

FACT 3: If your computer system stores client credit card data, you must have sufficient levels of security in place to prevent unauthorized access.

FACT 4: Just because a client received services from an employee one or more times, does not make that client “the employee’s client.” The client is, and always will be, a client of the salon/spa until the client decides otherwise.

Here’s my challenge to you: Protecting your client database is not just about protecting your business. It is an ethical responsibility to protect every client’s personal information from any and all unauthorized use inside and outside of your company.

  • Contact your salon/spa software company to understand and use all measures and levels of their system security.

  • Review and update all policies and procedures regarding access to and use of client data.

  • Require that all employee system passwords be reset every 90 days.


These days, there is no such thing as too much data security.

Comments (2)


Wonderful, what a blog it is! This web site gives valuable information to us, keep it up.

Posted By: MarcoMarch 5th 2024, 2:04:00 pm

We would like to thank you just as before for the lovely ideas you gave Jeremy when preparing a post-graduate research in addition to, most importantly, pertaining to providing each of the ideas in a single blog post. If we had known of your web page a year ago, we may have been kept from the unwanted measures we were selecting. Thank you very much. toys for adults

Posted By: toys for adultsJanuary 4th 2024, 1:38:00 pm