Privacy Policy

This Privacy Policy explains how Aesthetic Clinic collects, uses and protects information when you visit our website, use our progressive web app (PWA), or interact with our staff. It is written for our real clinic operations in Sheikhupura and the digital systems described in this project.

1. Who we are

“Aesthetic Clinic”, “we”, “us” or “our” refers to the physical aesthetic clinic located at Dil Chowk, opposite Trauma Center, Above Outfitters, Civil Lines, Sheikhupura. This website and clinic management system are used by our administrators, reception staff and clinicians to manage appointments, treatments, billing and communication with clients.

2. Information we collect

We only collect the minimum information needed to provide our services and run the clinic safely and efficiently.

  • Website enquiries: name, email, phone number and the message you send us through contact or consultation forms.
  • Clinic records (internal app): client profile details, appointment history, prescribed treatments, treatment notes and billing information, captured and used only by authorised staff.
  • Technical data: basic log information such as your IP address, browser type, approximate location and pages visited, which may be generated by our hosting provider for security, error logging and performance monitoring.
  • Communications: email messages (via our email service provider) and WhatsApp/SMS conversations used to confirm appointments or answer questions.

We do not collect or store payment card details in this system. All payments are recorded manually as cash or bank transfer.

3. How we use your information

  • to respond to enquiries and manage consultation bookings made through the website or WhatsApp;
  • to maintain accurate medical and treatment records for our clients;
  • to manage internal clinic workflows such as appointments, prescriptions, billing, expenses and reporting;
  • to send important notifications about appointments, invoices or treatment plans via email, SMS or WhatsApp;
  • to secure and improve our digital systems, including monitoring for errors, abuse or suspicious activity.

4. Legal basis and consent

We typically process your information because it is necessary for providing clinical services you request, for our legitimate interest in running a safe and efficient clinic, or because you have given us consent (for example, when you submit a form or opt in to receive marketing updates). You may withdraw consent for non-essential communications at any time by contacting us.

5. Data storage and service providers

This clinic management system is hosted on modern cloud platforms and uses reputable third‑party providers to deliver specific features:

  • DigitalOcean / similar hosting for running the web application and API.
  • Turso (libSQL) database for storing structured clinic data such as client profiles, appointments, billing and medical notes.
  • Cloudflare / CDN for faster and more secure delivery of static content.
  • Email provider (e.g. Resend) to send appointment and system emails.
  • WhatsApp/SMS provider (e.g. Twilio) to send and receive clinic messages through WhatsApp or SMS.

These providers may process data on servers located outside your country. We only share the information necessary for them to perform their services on our behalf and we do not sell your personal data.

6. Data retention

We keep client medical and billing records for as long as reasonably required for clinical, legal or regulatory purposes. Website enquiry data and technical logs are kept for shorter periods necessary to respond to you and to secure our systems. When information is no longer needed, it is deleted or anonymised where possible.

7. Your rights and choices

Depending on your local laws, you may have rights to:

  • request access to the personal information we hold about you;
  • ask us to correct inaccurate or incomplete information;
  • request deletion of certain information, subject to legal or clinical record‑keeping obligations; and
  • opt out of non-essential marketing communications.

To exercise these rights, please contact us at [email protected]or speak with our reception team at the clinic.

8. Security

We use a layered security approach consistent with modern web application practices: encrypted connections (HTTPS), access controls for staff accounts, and regular updates to our software components as described in our internal security guidelines. No system can be guaranteed 100% secure, but we work continuously to reduce risk and respond quickly to issues.

9. Children’s privacy

Our services are primarily intended for adults. Where we provide treatments to minors, information is collected and used with the involvement of a parent or legal guardian and in accordance with applicable local regulations.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology or legal requirements. The “last updated” date on this page will show when the policy was most recently revised. Your continued use of our website or services after any changes means you accept the updated policy.

If you have any questions about this Privacy Policy or how we handle your information, please contact us at [email protected].

Online