Privacy Policy

Last updated: June 2026

Aesthatech ("we", "us", "our") is a business management platform for independent beauty and wellness professionals. This Privacy Policy explains what personal data we collect, how we use it, and your rights over it.

We do not sell your personal data to third parties. Ever.

1. What We Collect

Account information

Name, email address, and authentication data collected via Clerk when you create an account.

Business data

Client records (names, contact details, service notes, visit history), services, products, and content preferences that you enter into Aesthatech.

Usage data

Feature usage counts, daily generation limits, and scheduled content — used to operate and improve the product.

Billing data

Subscription and payment information processed by Stripe. We never store raw card numbers.

2. How Smart Features Work

Aesthatech's smart features (Smart Actions, Smart Insights, Content Planner) are powered by Anthropic's Claude API.

  • Client names, email addresses, and phone numbers are pseudonymized before transmission. Each client is replaced with an opaque token (e.g. a1b2c3d4) derived from their internal ID. Real contact details are restored server-side after processing and are never sent to Anthropic.
  • Service notes and visit history (which may contain health-related context such as allergies or skin conditions) are sent in anonymized form — not linked to any identifiable individual.
  • Anthropic does not train its models on API inputs. Per Anthropic's standard API terms, inputs and outputs are retained for up to 30 days for safety and operational purposes, then deleted.
  • You will be asked to acknowledge this data processing the first time you use a smart feature. You may withdraw consent at any time by contacting us (see Section 7).

3. Third-Party Processors

ProcessorPurposeData involved
SupabaseDatabase & storageAll business and client data
ClerkAuthenticationName, email, login sessions
StripeBillingSubscription and payment info
AnthropicIntelligent generation (Claude API)Anonymized business context (no PII)

4. Your Rights

Right to Access / Portability

Download a copy of all your data at any time: Download my data

Right to Erasure

You may request permanent deletion of your account and all associated data. This is available in your account settings or via our API endpoint DELETE /api/gdpr/delete-account. Deletion is irreversible.

Right to Correction

Update any of your personal data directly within the Aesthatech dashboard, or contact us.

Right to Withdraw Smart Feature Consent

You may withdraw consent to smart feature data processing at any time by contacting us. This will disable smart features for your account.

5. Data Retention

  • Your data is retained for as long as your account is active.
  • On account deletion, all data is permanently removed from our databases.
  • Anthropic retains pseudonymized API inputs for up to 30 days per their standard terms.
  • Stripe retains billing records as required by financial regulations (typically 7 years).

6. Cookies

We use session cookies set by Clerk for authentication and browser-side local storage for caching generated content between page loads. We do not use advertising or tracking cookies.

7. Contact

For any privacy-related requests or questions, email privacy@aesthatech.com.

California Residents (CCPA)

Aesthatech does not sell or share personal information as defined by the California Consumer Privacy Act. California residents have the right to know, delete, and opt out of the sale of personal information. To exercise these rights, contact us at the address above.