Privacy & Data Handling Policy

1. Data Usage and Access

Admins are responsible for obtaining appropriate consent from Clients before inputting any personal or skin-related information into the Portal.

Clients can view data shared with them through their Admin but cannot access other parts of the Portal unless granted access.

Employees may only access client information as permitted by their Admin and must maintain strict confidentiality.

Skin Alchemy HI staff do not access client data unless required for technical support or troubleshooting purposes, and only with Admin authorization.

To ensure data privacy between different businesses, Skin Alchemy HI and other Admins do not have access to the client or employee information belonging to another Admin's account. Each Admin's data is siloed and accessible only to that Admin and their authorized users (Employees and Clients).

2. Data Protection Practices

Skin Alchemy HI uses basic administrative and technical safeguards to help protect account data from unauthorized access or misuse.

Users are encouraged to create strong, unique passwords and avoid uploading sensitive documents or diagnostic reports.

Admins should maintain their own external backups of essential records in case of accidental data loss.

3. Note on Health Information

While the Portal is designed for skincare and client tracking, it is not intended for storing protected health information (PHI) or for managing regulated medical records.

Please note: The SkinSync portal is not currently HIPAA-compliant or certified as an Electronic Medical Records (EMR) system. If we achieve HIPAA or EMR compliance in the future, all Admins will be notified and provided with updated terms and documentation.

4. Optional Community Features

SkinSync includes optional community-based tools within the Portal, such as discussion threads, shared routine boards, or progress-based community feeds.

Participation in these features is entirely optional.

Clients can choose whether or not to view, contribute to, or engage with community content.

If a Client participates, their first name, profile image (if applicable), and shared content may be visible to other participating Clients under the same Admin.

Admins can enable or disable community access, but participation is always voluntary for the Client.

Clients can opt out or delete their own content from these feeds at any time.

Skin Alchemy HI reserves the right to remove any content that is inappropriate, harmful, or violates our Terms of Service.

5. Admin Responsibilities

Admins agree to:

• Obtain informed consent from Clients before uploading or storing their skincare data
• Use the Portal in accordance with relevant data privacy and record-keeping laws in their jurisdiction
• Avoid storing PHI or medical records requiring HIPAA or EMR compliance
• Notify Skin Alchemy HI promptly if a data breach, accidental exposure, or loss of client information occurs

6. Data Retention & Deletion

Client and employee records are stored for the duration of the Admin’s active subscription.

If an Admin cancels their subscription, all stored data will be permanently deleted at the end of their billing period.

Clients and Employees must contact their Admin directly to request changes or removal of their personal data.

Skin Alchemy HI is not responsible for archiving or backing up data once an account has been deactivated.

If you have questions about data handling or community visibility, please contact your Admin or reach out to Skin Alchemy HI support.