Privacy Policy

NUYU Clinic Pty Ltd (ABN 35 692 027 937), trading as AestheticOS ("we", "us", "our"), operates the AestheticOS platform ("Platform"). This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all users of the Platform, including Tenants (clinic operators) and patients who interact with Tenant clinic portals. It should be read alongside our Terms of Service.

We are committed to protecting the privacy of all individuals whose information we handle. As a platform serving health practitioners, we recognise the sensitivity of health information and apply additional safeguards accordingly.

Tenant Data — We are the Data Controller: We determine the purposes and means of processing Tenant account information (your name, email, clinic details, billing information). We collect and use this data to provide the Platform services and manage our relationship with you.

Patient Data — We are the Data Processor: When patients submit bookings, enquiries, or orders through a Tenant's clinic portal, the Tenant is the data controller. We process this data solely on the Tenant's behalf to provide the Platform services. Tenants are responsible for obtaining patient consent and maintaining their own privacy policy.

This distinction is important: if a patient has a privacy query about how their data is used, their primary point of contact is the Tenant (their clinic), not us. However, we remain responsible for the security and integrity of all data stored on the Platform.

When you register and use the Platform, we collect:

• Account Information: Name, email address, password (hashed), clinic name, AHPRA registration number (optional at signup), ABN
• Clinic Profile: Clinic address, phone number, operating hours, branding preferences (logo, colours), and subdomain
• Billing Information: Subscription plan, payment history, and Stripe customer ID. We do not store credit card numbers — these are held by Stripe
• Content: Treatments, products, blog posts, images, and other content you create on the Platform
• Usage Data: Log data (IP address, browser type, access times), feature usage patterns, and error reports

When patients interact with a Tenant's clinic portal, the following data may be collected and stored on the Platform:

• Booking Information: Patient name, email, phone number, preferred treatment, appointment date/time, and any notes or messages
• Enquiry Information: Name, email, phone number, and message content
• Order Information: Products or treatments purchased, order total, and Stripe payment reference (no card details)

The Platform does not collect or store detailed clinical records, medical histories, clinical photographs, or prescription information. If a Tenant needs to store such information, they should use a dedicated clinical records system.

The Platform is designed with strict multi-tenant data isolation:

• Each Tenant's data is logically separated using a tenant identifier on every database record
• All database queries are scoped to the authenticated Tenant — one Tenant cannot access another Tenant's data
• Patient data submitted through one clinic portal is only accessible to that clinic's authorised users
• Platform administrators (NUYU Clinic Pty Ltd) have access to Tenant account data for support and operational purposes, but do not routinely access patient records

We recognise that some information flowing through the Platform may constitute "health information" as defined in the Privacy Act 1988, which is a subset of "sensitive information" under APP 3 and APP 6.

We apply the following safeguards to health-related information:

• We only collect health information that is reasonably necessary for the Platform's booking, enquiry, and e-commerce functions
• We do not use health information for marketing, profiling, or any purpose unrelated to providing Platform services
• We do not disclose health information to third parties except as required to provide Platform services (e.g., transactional emails via Resend) or as required by law
• Tenants are responsible for ensuring their collection and use of health information complies with the APPs and any applicable state/territory health records legislation

We use personal information for the following purposes:

• Providing Services: Operating the Platform, processing subscriptions, enabling bookings and payments, delivering transactional emails
• Account Management: Managing Tenant accounts, verifying identity, processing billing
• Communication: Sending service-related notifications, responding to support requests, providing important updates about the Platform
• Security: Detecting and preventing fraud, unauthorised access, and other security threats
• Improvement: Analysing usage patterns (using aggregated, de-identified data) to improve Platform features and performance
• Legal Compliance: Meeting our obligations under Australian law, including tax reporting and responding to lawful requests from authorities

We do not sell personal information to third parties. We do not use patient data for marketing purposes.

The Platform integrates with the following third-party services, each with their own privacy policies:

• Stripe (USA) — Payment processing and subscription billing. Stripe stores payment card details directly and is PCI-DSS compliant. Privacy Policy
• Resend (USA) — Transactional email delivery. Receives recipient email addresses and email content. Privacy Policy
• UploadThing (USA) — File and image hosting for clinic content. Privacy Policy
• Anthropic (USA) — AI content generation. No patient data is sent to AI services. Only Tenant-initiated content prompts are processed. Privacy Policy
• Cloudflare (USA) — DNS, CDN, and DDoS protection. Processes request metadata (IP addresses, headers). Privacy Policy
• GitHub (USA) — Source code hosting and CI/CD. Does not process user or patient data. Privacy Policy

In accordance with APP 8, we disclose that several of our third-party service providers are based in the United States of America (see Section 8). Before engaging these providers, we have taken reasonable steps to ensure they handle personal information in a manner consistent with the APPs.

Our primary database and application servers are hosted in Australia. However, data processed by the third-party services listed above may be stored or processed in the United States.

We do not otherwise disclose personal information to overseas recipients.

We implement industry-standard security measures to protect personal information:

• Encryption in Transit: All data transmitted to and from the Platform is encrypted using TLS 1.2/1.3
• Encryption at Rest: Sensitive data fields are encrypted using AES-256-GCM
• Password Security: Passwords are hashed using bcrypt with appropriate work factors — we never store plaintext passwords
• Access Controls: Role-based access controls limit who can access data within the Platform
• Infrastructure Security: Firewall protection (UFW), intrusion detection (fail2ban), SSH key-only authentication, and regular security updates
• Server Location: Primary database and application servers are hosted in Australia

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

The Platform does not interact with, connect to, or access the Australian My Health Record system. If a Tenant's patients have questions about their My Health Record, they should contact their healthcare provider or the Australian Digital Health Agency.

We retain personal information for the following periods:

• Active Accounts: Data is retained for the duration of your subscription
• Cancelled Accounts: You have 30 days after cancellation to request a data export. Account data is deleted 90 days after cancellation
• Transaction Records: Retained for 7 years in accordance with Australian tax law requirements
• Audit Logs: System and security logs are retained for 12 months
• Soft-Deleted Records: Records that are "soft deleted" within the Platform (e.g., cancelled bookings, archived enquiries) remain in the database but are hidden from the user interface. These are permanently deleted when the account is deleted

In accordance with APP 12 and APP 13, you have the right to:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading

To exercise these rights, contact us at [email protected]. We will respond to access and correction requests within 30 days.

Tenants can access and update most of their information directly through the Platform's admin dashboard. Patients should direct access and correction requests to the Tenant (clinic) they interacted with.

We have procedures in place to respond to data breaches in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

If we become aware of a data breach that is likely to result in serious harm to any individual, we will:

• Take immediate steps to contain the breach and mitigate any harm
• Assess the breach to determine if it meets the NDB threshold
• Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the NDB scheme
• Notify affected Tenants so they can in turn notify their patients if appropriate

If you become aware of a potential data breach involving the Platform, please contact us immediately at [email protected].

The Platform uses cookies and similar technologies for:

• Essential Cookies: Session management, authentication, and CSRF protection. These are necessary for the Platform to function and cannot be disabled
• Preference Cookies: Remembering your settings and preferences

We do not currently use third-party analytics or advertising cookies. If this changes in the future, we will update this policy and provide appropriate notice and consent mechanisms.

We may send you marketing communications about Platform features, updates, and related services if you have consented or if permitted under the Spam Act 2003 (e.g., existing business relationship).

Every marketing email will include an unsubscribe link. You can opt out at any time, and we will honour your request within 5 business days.

We do not use patient data for marketing purposes. We do not share your contact information with third parties for their marketing purposes.

The Platform is designed for use by AHPRA-registered health practitioners and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If patients under 18 book treatments through a Tenant's portal, the Tenant is responsible for ensuring appropriate parental or guardian consent is obtained in accordance with applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by email or prominent notice within the Platform at least 14 days before changes take effect. The "Last updated" date at the top of this policy indicates when it was last revised.

Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy.

If you have a complaint about how we have handled your personal information, please contact us first:

We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):