Privacy Policy

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Date of birth
• Account credentials (password hash or Apple Sign-In token — we never store plaintext passwords)
• Profile photograph (optional)
• Preferred language and communication preferences

2.2 Health and Treatment Data

To provide our core Services, we collect and process the following health-related and treatment data, which may constitute sensitive personal data or protected health information under applicable law:

• Skin type and skin assessment results
• Complete treatment history, including type of procedure, date, provider, and clinical notes
• Injection zones and treatment mapping (specific facial or body areas treated)
• Products used in each treatment (product name, manufacturer, batch/lot number, units or volume administered)
• Product reactions, adverse events, or allergies reported by you or your provider
• Treatment outcome assessments and follow-up records
• Provider-entered clinical observations

We treat all health and treatment data with the highest level of protection and do not sell, rent, or share this data with third parties for advertising, marketing, or any purpose unrelated to providing the Services.

2.3 Photographs

Our Services allow you and your providers to capture and store before-and-after treatment photographs. With respect to these photographs:

• Photos are uploaded only with your explicit consent or at the direction of your treating provider with your authorization
• All EXIF metadata, including GPS coordinates, is automatically stripped from photographs before they are uploaded to our servers
• Photographs are stored in encrypted form and are accessible only to you and providers you have explicitly authorized
• Photographs are not used for machine learning, model training, facial recognition, or any purpose other than displaying your treatment record

2.4 Biometric Authentication Data

The App supports Face ID and Touch ID for app-lock functionality. This biometric data is processed entirely on your device using Apple's Secure Enclave technology. Aesthetic Pass never receives, transmits, stores, or has access to your biometric data (fingerprints, facial geometry, or other biometric identifiers). We receive only a success or failure confirmation from the operating system's authentication framework.

2.5 Device and Technical Information

When you use the App or visit our Website, we automatically collect certain technical information:

• Device type, model, and operating system version
• Unique device identifiers (e.g., IDFV for iOS)
• Apple Push Notification Service (APNs) device tokens, used exclusively for delivering notifications you have opted into
• App version and build number
• IP address (automatically truncated/anonymized for analytics)
• Browser type and version (for Website visitors)
• General crash logs and performance diagnostics

2.6 Location Information

We may request access to your device's location services solely for the purpose of displaying nearby verified aesthetic providers. Location data is used in real-time to return search results and is not persistently tracked, stored on our servers, or associated with your account profile. You may deny or revoke location access at any time through your device settings, though this may limit the functionality of the provider-finder feature.

2.7 Usage Data

We collect anonymized and aggregated information about how you interact with our Services, including:

• Pages and screens viewed
• Features accessed and actions taken
• Session duration and frequency of use
• Navigation paths within the App

This data is used solely to improve the user experience and is not linked to your health or treatment records.

2.8 Payment Information

We do not directly collect or store your full credit card numbers, bank account details, or other financial account information. Payment processing is handled by our third-party payment processors:

• Stripe — processes payments for clinic subscriptions and provider billing. Stripe's privacy policy is available at stripe.com/privacy.
• RevenueCat — manages patient in-app subscriptions and purchase validation through Apple's App Store. RevenueCat's privacy policy is available at revenuecat.com/privacy.
• Apple (App Store) — processes all in-app purchases and subscriptions. Apple's privacy policy is available at apple.com/legal/privacy.

We may receive limited transaction information from these processors, such as transaction identifiers, subscription status, and billing dates, to manage your account and provide customer support.

3.1 Providing and Operating the Services

• Creating and managing your Aesthetic Pass account and digital passport
• Recording, storing, and displaying your treatment history and associated clinical data
• Enabling you to share your treatment passport with authorized providers via QR code scan
• Facilitating communication between you and your aesthetic providers
• Processing and managing subscriptions and payments through our third-party processors

3.2 Treatment Reminders and Notifications

• Sending push notifications for treatment touch-up reminders, product lifecycle alerts, and appointment follow-ups
• Delivering system notifications regarding your account, security alerts, or changes to the Services

You may disable push notifications at any time through your device settings or within the App's notification preferences.

3.3 Improving and Personalizing the Services

• Analyzing aggregated, de-identified usage patterns to improve features, interface design, and overall user experience
• Personalizing content and recommendations based on your skin type, treatment history, and preferences
• Conducting internal research and analytics (using anonymized data only)

3.4 Safety and Security

• Detecting, preventing, and addressing fraud, unauthorized access, or other illegal activity
• Monitoring for security threats and protecting the integrity of our infrastructure
• Verifying provider credentials and maintaining the trust of our provider network

3.5 Legal Compliance

• Complying with applicable laws, regulations, legal processes, or governmental requests
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, or safety of Aesthetic Pass, our users, or the public

4.1 With Your Authorized Providers

When you present your digital treatment passport to an aesthetic provider — for example, by allowing a provider to scan your QR code — the provider gains temporary, read-only access to the treatment history and clinical data that you have chosen to share. You control which information is visible through your App's sharing settings. Providers are bound by their own professional and legal obligations regarding the handling of your health information.

4.2 Service Providers and Data Processors

We engage trusted third-party service providers who process data on our behalf under strict contractual obligations, including data processing agreements that require them to protect your information and use it only for the purposes we specify:

• Supabase — provides our database infrastructure, user authentication, and backend services. Supabase processes account data, treatment records, and other information stored within the platform. Data is hosted within the European Union. Supabase's privacy policy: supabase.com/privacy.
• Cloudflare — provides content delivery, web hosting, DDoS protection, and performance optimization for our Website. Cloudflare may process IP addresses and technical request data in the course of delivering our Website content. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
• Stripe — processes payment transactions for clinic and provider billing. Stripe receives only the payment-related information necessary to process transactions. Stripe is PCI-DSS Level 1 certified.
• RevenueCat — manages in-app subscription state and purchase validation. RevenueCat receives anonymized user identifiers and subscription event data.
• Apple, Inc. — provides Sign in with Apple authentication, Apple Push Notification Service (APNs) for delivering notifications, and App Store purchase processing. Apple processes data in accordance with its own privacy policy.

4.3 Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Respond to valid subpoenas, court orders, or other legal instruments
• Protect the rights, property, or personal safety of Aesthetic Pass, our users, or the public
• Detect, prevent, or otherwise address fraud, security, or technical issues
• Enforce our Terms of Service or other applicable agreements

Where legally permitted, we will make reasonable efforts to notify you before disclosing your information in response to legal process.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services prior to your personal information being subject to a different privacy policy, and you will have the opportunity to delete your account before such transfer.

4.5 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for industry research, trend analysis, or public reporting purposes. Such data will never contain personal identifiers, treatment photographs, or information that could be re-identified to a specific individual.

5.1 Encryption

• At Rest: All personal data, health records, and treatment photographs are encrypted at rest using AES-256 encryption, the same standard used by financial institutions and government agencies
• In Transit: All data transmitted between your device and our servers is protected using TLS 1.3 (Transport Layer Security), the most current and secure transport protocol available
• Certificate Pinning: The iOS App implements SSL/TLS certificate pinning to prevent man-in-the-middle attacks and ensure your device communicates only with verified Aesthetic Pass servers

5.2 Access Controls

• Row-Level Security (RLS): Our database infrastructure enforces row-level security policies, ensuring that each user can access only their own data and that providers can access only the patient records they have been explicitly authorized to view
• Principle of Least Privilege: Internal access to production data is restricted to essential personnel only, with role-based access controls and multi-factor authentication required for all administrative access
• On-Device Authentication: Biometric authentication (Face ID/Touch ID) provides an additional layer of security at the device level, processed entirely within Apple's Secure Enclave

5.3 Photo Security

• EXIF metadata (including GPS coordinates, camera model, and timestamps) is automatically stripped from all photographs before upload
• Photos are stored in encrypted object storage with unique, non-guessable identifiers
• Access to photographs is controlled via time-limited, signed URLs that expire after a short period

5.4 Infrastructure Security

• Regular security audits and vulnerability assessments
• Automated monitoring and alerting for suspicious activity
• DDoS protection via Cloudflare
• Regular data backups with encrypted backup storage
• Incident response procedures and breach notification protocols

5.5 Limitations

While we implement rigorous security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable laws and regulations.

6.1 Rights Under the EU General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent legislation:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data, subject to certain exceptions (e.g., where retention is required by law or necessary for the establishment, exercise, or defense of legal claims).
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and to transmit it to another controller.
• Right to Restriction of Processing (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to Withdraw Consent (Article 7): Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Legal Bases for Processing: We process your personal data on the following legal bases: (a) performance of a contract (providing the Services you have requested); (b) your explicit consent (for health data processing and optional features); (c) legitimate interests (improving and securing our Services, provided such interests are not overridden by your rights); and (d) compliance with legal obligations.

6.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share (as defined under the CCPA/CPRA) your personal information. Therefore, no opt-out mechanism is necessary; however, if our practices change, we will provide a conspicuous "Do Not Sell or Share My Personal Information" link.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at privacy@aestheticpass.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law (generally 30 days for GDPR requests and 45 days for CCPA requests, with extensions as permitted).

6.3 Additional State and International Privacy Rights

Residents of other U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, and others) and residents of other countries with applicable data protection legislation may have similar rights. We are committed to honoring all valid privacy rights requests in accordance with applicable law. Please contact us using the information in Section 12 to exercise your rights.

6.4 Account Deletion

You may request complete deletion of your account and all associated data at any time by contacting us at privacy@aestheticpass.com or by using the account deletion feature within the App (Settings > Account > Delete Account). Upon verification, we will permanently delete your account data, treatment records, photographs, and all associated personal information from our active systems within 30 days. Residual copies in encrypted backups will be purged within 90 days in accordance with our backup retention schedule.

7.1 Retention Periods

• Account Information: Retained for the duration of your active account. Upon account deletion, personal data is removed from active systems within 30 days and from encrypted backups within 90 days.
• Treatment Records and Health Data: Retained for the duration of your active account. We do not impose a separate retention limit on treatment history, as the core purpose of Aesthetic Pass is to provide a comprehensive, long-term treatment record. All treatment data is deleted upon account deletion.
• Photographs: Retained until you or your authorized provider deletes them, or until account deletion. You may delete individual photographs at any time through the App.
• Usage and Analytics Data: Anonymized usage data may be retained indefinitely for aggregate analytics purposes. Identifiable usage logs are retained for no more than 12 months.
• Payment Records: Transaction records are retained for the period required by applicable tax and financial regulations (typically 7 years), even after account deletion. These records contain only transaction metadata and do not include full payment instrument details.
• Communication Records: Customer support correspondence is retained for up to 3 years to ensure quality and resolve disputes.

7.2 Legal Holds

Notwithstanding the above, we may retain personal information for longer periods where required by law, regulation, court order, or in connection with pending or anticipated legal proceedings or investigations.

8.1 Primary Data Storage

Our primary database and authentication infrastructure is hosted by Supabase within data centers located in the European Union. This means that your account data, treatment records, health information, and photographs are stored on servers physically located within the EU, benefiting from the protections afforded by EU data protection law.

8.2 Content Delivery and Edge Processing

Our Website is served through Cloudflare's global content delivery network (CDN), which routes requests through the nearest edge location to optimize performance. This means that certain technical data (such as IP addresses and request headers) may be transiently processed at Cloudflare edge nodes worldwide. Cloudflare is certified under the EU-U.S. Data Privacy Framework and implements appropriate safeguards for international data transfers.

8.3 Transfer Safeguards

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Verification that recipients participate in recognized data privacy frameworks (e.g., the EU-U.S. Data Privacy Framework)
• Supplementary technical measures, including encryption, pseudonymization, and access controls

10.1 Cookies We Use

• Essential Cookies: Strictly necessary cookies required for the operation of our Website, such as session tokens for authenticated users and security tokens to prevent cross-site request forgery (CSRF). These cookies cannot be disabled without impairing core functionality.
• Preference Cookies: Cookies that remember your language preference and display settings to provide a consistent experience across sessions.
• Analytics Cookies (minimal): We may use privacy-respecting, first-party analytics to understand aggregate traffic patterns. We do not use Google Analytics, Facebook Pixel, or any third-party advertising or behavioral tracking scripts.

10.2 What We Do Not Use

• No third-party advertising cookies or tracking pixels
• No cross-site tracking or retargeting technologies
• No social media tracking widgets or embedded trackers
• No fingerprinting or supercookie techniques

10.3 Mobile App

The Aesthetic Pass iOS App does not use cookies. Device identifiers collected by the App (such as IDFV) are used solely for push notification delivery and crash diagnostics. We respect Apple's App Tracking Transparency (ATT) framework and do not engage in cross-app tracking.

10.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from using certain features of the Website. For more information about cookies and how to manage them, visit allaboutcookies.org.