Privacy policy
A plain-English explanation of the information we collect, why we collect it, and the rights you have over it.
Pre-launch draft
This is a pre-launch draft and will be reviewed before Aesta goes live. It does not constitute final binding legal text. If you have a question in the meantime, please contact us via the early-access form.
Aesta is software for UK aesthetic and skin clinics, built by a small UK team. This policy explains what personal data we collect through the Aesta website and early-access programme, and how we handle it.
Who we are
Aesta is operated by [to be confirmed before launch]. Our registered address and company registration number will be published here before the product launches. If you need to reach us in the meantime, please use the early-access form.
What data we collect
At the moment, the only personal data we collect comes through our early-access sign-up form. This may include:
- Your name and the name of your clinic.
- Your email address and phone number.
- Brief information about your clinic (number of locations, current software).
With your consent, we also use advertising cookies from Meta and Google to measure our advertising and reach relevant audiences. If you do not consent, these are not set. You can see exactly what they do, and change your choice, on our cookie notice.
Why we collect it
We collect early-access details solely to contact you about joining the Aesta Founding Cohort and to answer any questions you send us. We will not use your details for any other purpose without telling you first.
Sharing your data
We do not sell your personal data, and we do not share it with third parties for their own marketing purposes. We use a small number of trusted service providers to run the site and handle your enquiry, including our website host (Vercel), our email provider (Resend), and Google Fonts, which serves the fonts on this site. Each is bound by appropriate terms and may use your data only as we instruct.
Cookies
This site uses essential cookies to work, and, with your agreement, advertising cookies from Meta and Google. Advertising cookies are set only if you accept them, and Meta and Google act as independent controllers for the data they then receive. The full detail, and a way to change your choice, is on our cookie notice.
Patient data and clinic records
Once the Aesta product launches, clinics that subscribe will upload and store patient records inside the platform. For that data, the clinic is the data controller and Aesta is the data processor, acting only on the clinic's instructions. A full Data Processing Agreement will be provided to every subscribing clinic before they begin using the product. You can read the draft terms on our data processing page.
Security
We take reasonable technical and organisational steps to protect the personal data we hold. Patient records within the Aesta platform are encrypted at the application level before being stored. More detail is on our security and privacy page.
How long we keep your data
We keep your early-access enquiry details for as long as is needed to manage your application or until you ask us to delete them, whichever comes first.
Your rights under UK GDPR
Under the UK General Data Protection Regulation you have the right to:
- Access the personal data we hold about you.
- Correct any inaccurate information.
- Delete your data, subject to any legal obligations we hold.
- Restrict or object to certain processing.
- Portability of your data in a machine-readable format.
- Withdraw consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us via the early-access form. We aim to respond within one calendar month.
If you are unhappy with how we have handled your data, you also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Changes to this policy
We may update this policy as the product and our legal obligations develop. The date at the top of this page will reflect the most recent revision. Significant changes will be communicated directly to anyone already on our early-access list.
Contact
Our data protection contact is [to be confirmed before launch]. In the meantime, please reach us via the early-access form and we will respond as quickly as we can.
Last reviewed: July 2026 (draft)
Questions about your data?
Get in touch via the early-access form and we will answer promptly.
Contact us