Privacy notice.

Refined Scan is operated by Refined Medical Aesthetics, a nurse-led aesthetic clinic at Double Row, Seaton Delaval, NE25 0PP, United Kingdom. Rachel is the registered nurse practitioner and data controller.

For any privacy questions, email [email protected].

From your scan: a single selfie, which is processed by Anthropic's Claude Vision AI to identify aesthetic concerns. The image is sent to Anthropic, processed in memory, and never stored — either by us or by Anthropic (subject to their data retention policy).

From the form: first name, email, age range, and an optional sentence about what brought you to us. Stored in Pabau, our CRM (the system of record).

From your browser: we log pseudonymous events (page views, scan completion, errors) using a hashed version of your IP. We do not use cross-site tracking cookies.

• To generate your personalised scan report (shown on-screen)
• To pass your scan and contact details to Rachel via Pabau so she has context when you book a consultation
• If you've opted in, to send occasional marketing emails from Pabau
• To analyse aggregate usage patterns and improve the service

We share your information only with these processors:

• Anthropic (AI vision provider) — your selfie is sent to their API for analysis. Anthropic does not train on data sent through the API.
• Pabau (CRM) — your contact details and report are stored here. Pabau also handles any marketing email we send afterwards, only if you opted in.
• Neon (database, UK-region) — short-lived session data is held here. No images. PII held only briefly when retrying a failed Pabau write.
• Cloudflare (CDN and security) — handles incoming HTTPS requests, hides our server's location, blocks abuse. Standard access logs only.
• Our own hosting (self-hosted in the UK) — the app itself runs on hardware we control. Server logs are kept for 30 days and contain no body content, just routing metadata.

We do not sell, rent, or share your data with any other third party. We do not use it for advertising profiling.

• Your selfie: not stored. Discarded immediately after analysis.
• Scan report: kept for 30 days in our cache so you can re-open it. Permanently stored in Pabau.
• Contact details: stored in Pabau for as long as you remain a client, plus the period required by health regulators.
• Analytics events: kept for 13 months, then deleted.

Under UK GDPR you can ask us to:

• Show you what we hold about you
• Correct anything that's wrong
• Delete your records (subject to our regulatory retention duties)
• Stop sending you marketing
• Export your data

Email [email protected] with any of these. We'll respond within 30 days.

You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We use only strictly-necessary cookies (session state, security). We do not use advertising or analytics cookies. We do not need a cookie banner.

Refined Scan and any treatments at the clinic are not for anyone under 18. If we detect an underage face in a scan, the result is blocked.

We'll update this notice if we change how we handle your data. Material changes will be communicated by email.