top of page

Privacy Policy

A legal disclaimer

AI Scalp (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our website, book treatments, or interact with us.

By using our website or services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We may collect and process the following types of personal information:

  • Identity Data – full name, date of birth, gender.

  • Contact Data – email address, phone number, billing and delivery addresses.

  • Health Data – medical history, allergies, medications, patch test results, and treatment suitability information (sensitive personal data).

  • Transaction Data – payment details, booking information, purchase history.

  • Technical Data – IP address, browser type, operating system, time zone settings, and website usage details (collected via cookies and analytics).

  • Marketing Data – preferences for receiving marketing communications, social media interactions, survey responses.

2. How We Use Your Information

We will only use your personal data when legally permitted. Common uses include:

  • To provide treatments, consultations, and aftercare.

  • To process bookings and payments securely.

  • To contact you regarding appointments, reminders, and treatment updates.

  • To maintain client health and safety records.

  • To send promotional offers, newsletters, or updates (only if you have opted in).

  • To comply with legal, regulatory, and insurance requirements.

  • To improve our website, services, and customer experience.

3. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Consent – when you agree to receive marketing communications or provide medical details voluntarily.

  • Contract – to perform our obligations when you book a service or consultation.

  • Legal obligation – to retain certain data for tax, insurance, or regulatory compliance.

  • Legitimate interests – to improve services, prevent fraud, and maintain business operations.

4. How We Share Your Information

We do not sell your data. However, we may share information with:

  • Payment providers (e.g., PayPal, Klarna, Clearpay) to process transactions.

  • Booking system providers (e.g., Ovatu) to manage appointments.

  • IT and website hosting providers for secure data storage.

  • Regulatory bodies, insurers, or legal authorities where required.

All third parties are required to respect the confidentiality and security of your data.

5. Data Retention

  • Client consultation forms, consent forms, and treatment records are stored for 7 years in line with insurance and legal requirements.

  • Financial transaction data is retained for 6 years as required by HMRC.

  • Marketing data is retained until you unsubscribe or request deletion.

6. Your Rights

You have the following rights under UK GDPR:

  • Right to access – request a copy of the personal data we hold about you.

  • Right to rectification – correct any inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) – request deletion of your data where appropriate.

  • Right to restrict processing – limit how your data is used in certain cases.

  • Right to data portability – request transfer of your data to another provider.

  • Right to object – opt out of marketing communications at any time.

  • Right to withdraw consent – where we rely on consent, you may withdraw it anytime.

To exercise your rights, please contact us at:
📧 [Insert email address]

7. Data Security

We have implemented technical and organisational measures to protect your data, including:

  • Encrypted payment processing via trusted providers.

  • Secure booking systems with restricted access.

  • Confidential storage of medical consultation forms.

  • Staff training on GDPR compliance and confidentiality.

8. Cookies

Our website uses cookies to enhance your experience and analyse traffic. These include:

  • Essential cookies – required for site functionality.

  • Analytical cookies – track website usage to improve performance.

  • Marketing cookies – deliver relevant ads or content (only if consented).

You can adjust your browser settings to refuse cookies, but some features may not function correctly.

9. International Transfers

We primarily store data within the UK/EEA. If any third-party provider processes data outside this area, we ensure adequate safeguards (e.g., UK-approved standard contractual clauses).

10. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website with a revised date.

bottom of page