Get Beta Access

Privacy Policy

Last Updated: December 10, 2025

Estetika Professional (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://app.estetikaprofessional.com/ or use our mobile application (the “App”).

Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

1. Identification of the Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the Data Controller responsible for your account information is:

  • Legal Name: Knoll Florentina
  • Registered Office: Chaussée de Watermael 15/b004, 1160 Auderghem, Belgium
  • VAT Number: BE0567860665
  • Contact Email: [email protected]

2. The Distinction Between “User Data” and “Client Data”

To understand your rights, it is critical to distinguish between the two types of data we process:

  • User Data (You): Information about you, the beauty professional (e.g., your name, email, subscription status). We are the Data Controller of this data.
  • Client Data (Your Customers): Information you input about your clients (e.g., their names, photos, allergies, health notes). You are the Data Controller of this data. We act strictly as the Data Processor, storing and processing it on your behalf and under your instructions.

3. Information We Collect

3.1. Personal Data You Provide to Us

  • Account Registration: We collect your email address, full name, and business name when you register.
  • Authentication Data: If you sign in via Google or Apple, we receive your email and profile ID from these providers.
  • Support Queries: Information you include in communications with our customer support team.

3.2. Data You Process via the App (Client Data)

As a business management tool, the App allows you to input and store:

  • Client Identity: Names, phone numbers, and addresses.
  • Health Data (Special Category): Information regarding client allergies, skin conditions, contraindications, and patch test results.
  • Biometric/Visual Data: Photographs of clients (e.g., “Before & After” treatment photos).
  • Legal Records: Digital signatures and timestamps on consent forms.

Important: As the Data Controller of this Client Data, you warrant that you have obtained explicit consent from your clients to record their sensitive health data and photos in the App.

3.3. Information Collected Automatically

  • Device Data: We collect information about your mobile device ID, model, operating system version, and IP address.
  • Usage Analytics: We track anonymous interactions (e.g., “button taps,” “screens visited”) to improve App performance.
  • Crash Reports: If the App crashes, we collect technical logs to help us fix the bug.

4. Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6):

  • Performance of Contract: To provide the App’s core features (scheduling, consent generation) and manage your subscription.
  • Legal Obligation: To comply with tax laws (invoicing) and consumer protection regulations.
  • Legitimate Interest: To secure the App, prevent fraud, and improve our services via analytics.

5. How We Store and Share Your Data

5.1. Data Location

Your data is securely stored in cloud databases hosted by Supabase. The primary data center is located in West Europe (Ireland), ensuring that your data remains within the European Economic Area (EEA).

5.2. Third-Party Service Providers (Sub-Processors)

We do not sell your data. We share data only with the following trusted third parties necessary to operate the service:

Provider Purpose Location
Supabase Database, Auth, File Storage Ireland (EEA)
Sentry Error Tracking & Crash Reports Germany (EEA)
Google Analytics Website Traffic Analysis Ireland (EEA)
RevenueCat Subscription Validation USA
Expo App Updates & Deployment USA

5.3. International Transfers

Some of our service providers (RevenueCat, Expo) are based in the United States. Transfers to the US are protected by standard data protection clauses (Standard Contractual Clauses – SCCs) or the EU-US Data Privacy Framework (DPF) where applicable, ensuring a level of protection equivalent to GDPR.

6. “Offline-First” Architecture and Data Safety

The App is designed to function without an internet connection (“Offline Mode”).

  • Local Storage: Data entered while offline is encrypted and stored locally on your device.
  • Synchronization Risk: This local data is not backed up to our servers until you reconnect to the internet. We are not responsible for data loss resulting from device theft, damage, or App uninstallation occurring before synchronization is complete.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Deleted Accounts: If you delete your account via the App settings, your profile and Client Data are immediately removed from our active databases (“Hard Delete”).
  • Backups: Encrypted database backups (Point-in-Time Recovery) may be retained for security purposes for up to 30 days after deletion. These backups are isolated and automatically overwritten.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: You can view your profile and client data directly within the App.
  • Right to Portability: You can export your client list and signed PDF forms via the “Settings > Export Data” feature.
  • Right to Rectification: You can correct inaccurate data in your profile.
  • Right to Erasure: You can request the permanent deletion of your account directly within the App.
  • Right to Withdraw Consent: You can cancel your subscription at any time via the App Store/Play Store settings.

To exercise rights not available directly in the App interface, please contact us at [email protected].

9. Security Measures

We implement industry-standard security measures, including:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256).
  • Row Level Security (RLS): Our database enforces strict policies ensuring that users can only access their own data.
  • Immutable Storage: Signed consent forms are stored in “Write-Once” buckets to prevent tampering after signature.

10. Children’s Privacy

Our Service is a business tool intended for use by professionals. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact the Data Controller:

Knoll Florentina (Estetika Professional)
Email: [email protected]
Address: Chaussée de Watermael 15/b004, 1160 Auderghem, Belgium