What client data a salon actually needs — and what to stop collecting
Walk up to the front desk of most salons and the intake form asks for almost everything: full name, home address, date of birth, occupation, sometimes even an ID number. The instinct is understandable — collect it now, you might need it one day. Data minimisation turns that instinct on its head. Under the GDPR you are meant to hold the least data that still lets you run the business, not the most you can persuade someone to write down.
This is not another legal explainer. For lawful basis, consent and the rights your clients have, read our plain-English guide to GDPR for salons — this article assumes you know the basics. What follows is the practical companion: a field-by-field audit of a salon client record, with a clear keep-or-drop verdict and a retention rule for each one.
Why "collect less" is the safer default
Every field you store is a field you have to protect, justify and eventually delete. A shorter record is quicker to fill in at the desk, there is less to leak if a laptop or phone is stolen, and it is far easier to hand over or erase when someone asks. Minimisation is not about being stingy — it is a security control and a trust signal rolled into one.
There is also a simple transparency test you can apply to any field: would the client be surprised to learn you are storing it? If the answer is yes, you probably should not be. Keeping your client cards and visit history lean means the notes that matter — colour formula, timings, preferences — are not buried under data you never look at.
The field-by-field verdict
Here is the short version. Detail follows the table.
| Field | Keep or drop | Why / retention |
|---|---|---|
| Full name | Keep | Needed to identify the booking. First name + last initial is enough for casual walk-ins. |
| Mobile phone | Keep | Your single most useful field — reminders, running-late calls, no-show contact. |
| Keep if used | Confirmations, receipts, marketing (with consent). Drop it if you never actually email. | |
| Date of birth | Trim | A birthday offer needs the day and month, not the year. Full DOB is usually excessive. |
| Home / postal address | Drop | Irrelevant for on-site visits. Only mobile and home-service providers need it. |
| Treatment notes | Keep | Formula, timing, what worked and what did not — the core of good repeat service. |
| Before / after photos | Keep, minimise | Separate explicit consent, store securely, never post publicly without permission. |
| Marketing consent record | Keep | You must be able to prove consent — but this is a record, not a data grab. |
| Health / allergy notes | Keep minimal | Special-category data. Store only what is needed to treat safely, protect it hardest. |
| National ID / card number | Drop | Never needed for a haircut. High risk, zero operational value. |
| Payment card number | Never store | Let your payment processor hold it. You do not want that liability. |
Working through the fields
Name and phone are the backbone of the record and almost never in question. The phone number in particular earns its place: it powers appointment reminders by SMS and email, which is the cheapest no-show reduction you will ever deploy. Keep both for as long as the client is active.
Email is a keep only if you use it. A salon that never sends a confirmation or a newsletter is holding an email address for no reason — and an unused field is pure liability. If you do email, split operational messages (booking confirmations, receipts) from marketing, because they rely on different lawful bases.
Date of birth is the classic over-collection. The only common reason a salon wants it is a birthday treat — and that needs the day and month, not the birth year. Storing the full date, or worse a national/birth number, tells a data thief someone's exact age and identity. Trim it to what the offer requires.
Home address almost never belongs in a salon record. The client comes to you; you do not post them anything. The exceptions are a mobile stylist, a home-visit service, or physical loyalty mailings you genuinely run. If none of those apply, drop the field from your form entirely.
Treatment notes are the opposite case — this is data you should keep well. Colour formulas, processing times, the fringe length that finally suited them: this is what turns a one-off into a regular and underpins a great first-visit experience the next time round. Keep it specific and professional, not gossip.
Photos deserve their own consent. Before-and-after shots are genuinely useful for the record and for marketing, but they are identifiable images. Take a separate, explicit opt-in, store them behind a login, and never publish a client's face without written permission.
Health and allergy notes are special-category data under the GDPR and carry the highest duty of care. You are allowed to hold what you need to treat someone safely — a patch-test result, a known reaction to a product, a relevant skin condition. You are not allowed to keep a medical history "just in case". Write the minimum, protect it the most.
A quick decision framework
When you are unsure about a field, ask four questions in order:
- Could I do the appointment without it? If yes, you probably do not need to store it.
- Do I have a lawful basis to hold it? Contract, legitimate interest, or consent — one of these must apply.
- Would the client be surprised I kept this? The transparency test. Surprise means trouble.
- When exactly will I delete it? If the honest answer is "never", that is a red flag, not a plan.
Your data-minimisation checklist
- Audit your intake form and delete every field you do not actually act on.
- Separate marketing consent from the booking itself, with its own tick box.
- Set a retention clock so dormant records are deleted or anonymised on a schedule.
- Lock down health notes and photos behind proper access controls.
- Kill the paper appointment book — a locked digital record beats a notebook anyone can read.
- Review yearly and prune, the same way you would tidy stock. Leaner records also mean a leaner tool bill; see how salons cut running costs and bake it into your client-database plan.
Retention: how long is long enough
Set a simple, written policy and stick to it. Contact details and visit history live while the client is active, plus a defined dormancy window — many salons settle on 24 to 36 months of inactivity before deletion or anonymisation. Accounting documents such as invoices and receipts follow your national tax retention period, which usually overrides an erasure request. Marketing consent stays until it is withdrawn, health notes stay only while clinically relevant, and photos stay until consent ends. Fold the rules into your written salon policies so every team member applies them the same way.
Tools that make minimisation automatic
The right software does most of this for you: a short, configurable booking form, consent captured and logged separately, and a one-click export or delete when a client asks. A tidy salon booking system keeps the fields you chose and nothing more, and a simple online booking flow stops staff from over-typing details into a free-text box.
Disclosure: we build YourSalon, so treat this as a recommendation from the maker. If you want to try a lean, EU-hosted setup, create a free YourSalon account and start with a minimal intake form — you can always add a field later, but you can never un-collect data you never needed.
Minimisation is not a compliance chore you do once. It is a habit: collect the least, protect it well, delete it on time. Do that and the GDPR stops feeling like a threat and starts working as what it really is — the reason your clients keep trusting you with their details.
Frequently asked questions
Try YourSalon for free
Online booking, automatic reminders and a POS in one place.
Start for freeYou might also like
GDPR for salons: client data basics made simple
What GDPR means for an everyday salon — what data you may collect, when you need consent, how long to keep it and how to protect client cards.
Client profiles and visit history
How to keep client profiles with a complete visit history, what to record and how to turn that data into loyal guests and higher revenue.
How to build a salon client database
A practical guide to building, cleaning and using a salon client database to turn data into rebookings and revenue.
Salon policies that work: what to set and how to communicate them
A clear run-through of the policies every salon should set, why each one matters and where to state it — with a table and sample wording you can use right away.
How to reduce salon costs and protect your margin
Where salon money quietly leaks and how to win it back into your margin — from the back bar and utilities to no-shows and smarter rotas.
Chair utilization: get more from every seat
How to measure chair utilization and fill idle hours with the demand you already have — often cheaper than winning new clients.
Continue reading
AI wrote it in a minute. Why that still isn't expert salon content
A language model produces text that looks expert without being expert. Here's the gap — experience, verification, a named author — and a checklist to turn any AI draft into genuine salon expertise.
Cancellation terms clients actually understand: plain-language rewrite patterns
Before-and-after rewrites that turn contract-speak cancellation terms into clauses a client understands on the first read — plus a template, a table and a checklist.
When a deposit protects your salon — and when it just costs you bookings
Deposits are neither good nor bad — it depends where you point them. A decision matrix by service value, duration, client history and demand, with a sizing table and a checklist.
How to describe your services so clients, Google and AI all understand them
A photo of your price list looks fine to a human and means nothing to a machine. Here's how to structure service names, inclusions, duration and price so clients, Google and AI assistants can all read what you actually offer.