Skincoach

Privacy Policy

Last updated: March 20, 2026

1. Introduction

Skincoach ("we," "our," or "us") operates a platform that connects patients with skincare practitioners, including dermatologists and aestheticians, for consultations, bookings, treatment plans, and related services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile applications, and services (collectively, the "Platform").

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, phone number, and password when you create an account.
  • Profile Information: Profile photos, biographical details, and practitioner credentials (for practitioner accounts).
  • Skin Assessment Data: Skin type, skin tone, skin concerns, treatment goals, and budget preferences collected during our skin assessment quiz.
  • Appointment Information: Booking history, appointment dates and times, selected services, and appointment notes.
  • Messages: Content of messages exchanged between patients and practitioners through our messaging feature.
  • Payment Information: Payment details processed through our payment provider (we do not store full credit card numbers on our servers).
  • Usage Data: Device information, IP address, browser type, and interaction data collected automatically when you use the Platform.

3. How We Use Your Information

We use your information to:

  • Facilitate appointment bookings between patients and practitioners.
  • Match patients with appropriate practitioners based on skin assessment results.
  • Enable communication between patients and practitioners.
  • Process payments for services booked through the Platform.
  • Create and manage treatment plans and product recommendations.
  • Send appointment reminders, confirmations, and service-related notifications.
  • Improve and personalize our services.
  • Comply with legal obligations.

4. How We Share Your Information

We may share your information with:

  • Practitioners: Your profile, skin assessment data, and appointment details are shared with the practitioners you book with so they can provide care.
  • Payment Processor (Square): Payment information is processed by Square to complete transactions securely.
  • Communication Providers (Twilio): Your phone number may be shared with Twilio to deliver SMS appointment reminders and notifications.
  • Email Provider (SendGrid): Your email address is shared with SendGrid to deliver transactional emails such as booking confirmations and account notifications.
  • Cloud Infrastructure: Your data is stored on secure cloud infrastructure providers, including Amazon Web Services (AWS).
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process.

We do not sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures to protect your personal information, including encryption of data in transit (TLS) and at rest, access controls limiting data access to authorized personnel, and regular security assessments. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information as follows:

  • Account data: Retained for as long as your account is active, plus 30 days after account deletion to allow for recovery.
  • Appointment and treatment records: Retained for 7 years after the last appointment, in accordance with healthcare record-keeping requirements.
  • Messages: Retained for 3 years after the last message in a conversation.
  • Payment records: Retained for 7 years to comply with financial reporting requirements.
  • Usage data: Retained for 12 months.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a portable, machine-readable format.
  • Withdrawal of Consent: Withdraw consent for optional data processing at any time.

To exercise any of these rights, please contact us using the information below.

8. Health Information Compliance

Skincoach is committed to protecting the privacy and security of health-related information. While Skincoach is not a covered entity under HIPAA (Health Insurance Portability and Accountability Act), we follow HIPAA-aligned best practices for handling skin assessment data, treatment plans, and appointment records. For users in Canada, we acknowledge our obligations under PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable provincial privacy legislation. We implement appropriate safeguards to protect health-related personal information in accordance with these standards.

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics tools to understand how users interact with the Platform. You can control cookie preferences through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. Your continued use of the Platform after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Skincoach
Email: privacy@skincoach.app
Website: skincoach.app