Privacy
Last updated 10 July 2026. Draft pending final legal review.
Aesthetic Passport exists so that a record of your aesthetic treatments belongs to you. That only works if you can trust how we handle it. This page says what we collect, why, where it lives, who can see it, and how you delete it. It is written to be read.
Who we are
Aesthetic Passport is operated by Aesthetic Passport Ltd, a company registered in England and Wales. Aesthetic Passport Ltd is the data controller for the information described here. Contact: privacy@aesthetic-passport.com.
What we collect and why
- Your name, as you write it. It appears on your Passport. Nothing else about your identity is required to start.
- Sign in details. An email address, or your Apple ID if you use Sign in with Apple. Used only to let you back into your record. Sign in codes are stored hashed and expire in ten minutes.
- Your treatment records. Treatment names, dates, areas, notes, product details, and any label photos you take. This is health data. It exists because you or a clinic you approved put it there. It is the product, and it is yours.
- Your activity trail. A log of what happened to your record: entries added, access granted, views, revocations, exports, erasure. This log protects you and cannot be edited, by us or anyone.
- Technical basics. A device key that signs your requests, so nobody can pretend to be your phone.
We do not collect your location, contacts, browsing, or advertising identifiers. The app contains no ads, no trackers, and no analytics that profile you. This website sets no cookies.
Where your data lives
In London, United Kingdom, on Google Cloud infrastructure with a UK data boundary. Your treatment records and photos are encrypted before they are written to disk, using a key that belongs to your Passport alone. Your data does not leave the UK without your explicit consent.
Who can see your record
You, and nobody else by default. Clinics can propose entries only during a five minute window you open, and nothing enters your record without your approval. If you share a viewing key with a clinic or doctor, they see exactly what you scoped, every view is logged for you, and you can revoke the key at any moment, which cuts access instantly. We do not sell, rent, or share your data with advertisers or data brokers, ever.
Our suppliers
We use Google Cloud (UK region) to run the service, and a transactional email provider to send sign in codes. Suppliers process data only on our instructions. We do not use your data to train AI models, and we do not permit suppliers to.
How long we keep it
For as long as you keep your Passport. This is a lifetime record by design. If you erase it, see below. If an account is abandoned, we may contact you before applying our dormancy policy.
Deleting everything, for real
In the app, open Profile and choose Erase it for good. This destroys the encryption key that protects your records. Without the key, your treatment data and photos are permanently unreadable everywhere, including inside our backups. The skeleton of the record and your activity trail remain, because proof that a record existed protects you, but the content is gone. Nobody can undo this, including us.
Your rights
Under UK GDPR you can ask for access, correction, deletion, portability, and restriction, and you can complain to the ICO at ico.org.uk. The app gives you most of these directly: export from Profile gives you a complete copy of your record as a file, and erasure is yours to trigger without asking us. For anything else, email privacy@aesthetic-passport.com and we answer within a month.
Changes
If this policy changes in a way that matters, we tell you in the app before it takes effect. We never weaken the erasure promise.