aestheticIQBetter insights. Better outcomes.
FeaturesHow It WorksPricingAboutFAQ
Sign InGet Started Free

Legal

Privacy Policy

Last updated: March 10, 2026

1. Introduction

AestheticIQ ("we," "our," or "us") operates a business intelligence platform for medical spa owners at aestheticiq.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this policy carefully. If you disagree with its terms, please discontinue use of the platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and business information. We use Clerk for authentication and do not store passwords directly.

2.2 Aesthetic Record Credentials

To sync your data, you provide your Aesthetic Record login credentials. These are encrypted at rest using AES-256-GCM encryption and are never stored or transmitted in plain text. They are used solely to retrieve your practice's business metrics from the Aesthetic Record API.

2.3 Business Metrics Data

We retrieve aggregated business data from your Aesthetic Record account, including:

  • Revenue totals and trends
  • Appointment counts and completion rates
  • Practitioner performance metrics (revenue attribution, appointment volumes)
  • Service and product sales summaries
  • Sync logs and health status

We do not retrieve, store, or process individual patient records, protected health information (PHI), clinical notes, treatment records, or any data that identifies individual patients. Our data extraction focuses exclusively on aggregated business intelligence.

2.4 Usage Data

We collect standard usage information through Sentry (error monitoring) and may collect browser type, pages visited, and time spent on features to improve the platform. This data is aggregated and not linked to individual patients.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the AestheticIQ platform
  • Sync your Aesthetic Record data on your behalf
  • Generate analytics dashboards and business insights
  • Send operational alerts (sync failures, data anomalies)
  • Respond to support requests
  • Improve platform performance and reliability
  • Comply with legal obligations

We do not sell your data. We do not use your business data for advertising or share it with third parties for their own marketing purposes.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Render, a SOC 2 Type II certified cloud infrastructure provider located in the United States. We implement the following security measures:

  • AES-256-GCM encryption for credentials at rest
  • TLS encryption for all data in transit
  • Role-based access controls (OWNER, ADMIN, MEMBER tiers)
  • Comprehensive audit logging for administrative operations
  • HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy)
  • Regular automated database backups

For more detail, see our Security Overview.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information or business data to third parties. We may share information in limited circumstances:

  • Service providers: We use Render (hosting), Upstash (Redis caching), Clerk (authentication), Resend (transactional email), and Sentry (error monitoring) to operate the platform. These providers process data only as needed to provide their services.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users.
  • Business transfer: If AestheticIQ is acquired or merges, your data may be transferred as part of that transaction, with equivalent privacy protections.

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of the data we hold about your account
  • Correction: Update your account information at any time in Settings
  • Deletion: Request deletion of your account and associated data
  • Portability: Request an export of your synced business metrics
  • Opt-out: Disable email alerts in account settings

To exercise any of these rights, contact us at hello@aestheticiq.ai. We will respond within 30 days.

7. Data Retention

We retain your account data and synced business metrics for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, after which it is deleted from our active systems. Backup copies may persist for up to 90 days per our backup rotation schedule.

8. HIPAA

AestheticIQ is designed to operate as a business associate under HIPAA where applicable. We do not retrieve or store patient PHI — our data extraction is limited to aggregated business metrics. However, we follow HIPAA best practices for data security and access controls. For more information, see our HIPAA Compliance Statement.

9. Cookies

We use essential session cookies for authentication (via Clerk). We do not use advertising cookies or third-party tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in to the platform.

10. Children's Privacy

AestheticIQ is a business platform intended for adults operating medical spa practices. We do not knowingly collect information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

AestheticIQ

Email: hello@aestheticiq.ai