Privacy

Last updated 10 July 2026. Draft pending final legal review.

Aesthetic Passport exists so that a record of your aesthetic treatments belongs to you. That only works if you can trust how we handle it. This page says what we collect, why, where it lives, who can see it, and how you delete it. It is written to be read.

Who we are

Aesthetic Passport is operated by Aesthetic Passport Ltd, a company registered in England and Wales. Aesthetic Passport Ltd is the data controller for the information described here. Contact: privacy@aesthetic-passport.com.

What we collect and why

We do not collect your location, contacts, browsing, or advertising identifiers. The app contains no ads, no trackers, and no analytics that profile you. This website sets no cookies.

Where your data lives

In London, United Kingdom, on Google Cloud infrastructure with a UK data boundary. Your treatment records and photos are encrypted before they are written to disk, using a key that belongs to your Passport alone. Your data does not leave the UK without your explicit consent.

Who can see your record

You, and nobody else by default. Clinics can propose entries only during a five minute window you open, and nothing enters your record without your approval. If you share a viewing key with a clinic or doctor, they see exactly what you scoped, every view is logged for you, and you can revoke the key at any moment, which cuts access instantly. We do not sell, rent, or share your data with advertisers or data brokers, ever.

Our suppliers

We use Google Cloud (UK region) to run the service, and a transactional email provider to send sign in codes. Suppliers process data only on our instructions. We do not use your data to train AI models, and we do not permit suppliers to.

How long we keep it

For as long as you keep your Passport. This is a lifetime record by design. If you erase it, see below. If an account is abandoned, we may contact you before applying our dormancy policy.

Deleting everything, for real

In the app, open Profile and choose Erase it for good. This destroys the encryption key that protects your records. Without the key, your treatment data and photos are permanently unreadable everywhere, including inside our backups. The skeleton of the record and your activity trail remain, because proof that a record existed protects you, but the content is gone. Nobody can undo this, including us.

Your rights

Under UK GDPR you can ask for access, correction, deletion, portability, and restriction, and you can complain to the ICO at ico.org.uk. The app gives you most of these directly: export from Profile gives you a complete copy of your record as a file, and erasure is yours to trigger without asking us. For anything else, email privacy@aesthetic-passport.com and we answer within a month.

Changes

If this policy changes in a way that matters, we tell you in the app before it takes effect. We never weaken the erasure promise.