← Back to home
Legal

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how Aesthetic Vision Inc. ("Company," "we," "us," or "our") collects, uses, stores, shares, and otherwise processes personal data in connection with AVA 3D (the "App"), our related mobile applications, websites, and healthcare professional web portal (collectively, the "Services").

The Services allow adult users to create and store 3D body scans, including scans of the face and certain body areas, and to share selected scans with healthcare professionals for communication purposes.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Controller: Aesthetic Vision Inc.

Registered in: Delaware, USA

Privacy contact: support@ava3d.app

If required under applicable law, we may designate a Data Protection Officer or other privacy contact and publish their details here.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data we process when you:

3. Important Nature of the Data We Process

The Services process highly sensitive personal data, including special categories of personal data within the meaning of Article 9 GDPR.

In particular, this may include:

Due to the nature of 3D scan technology, such data may inherently allow conclusions about an individual's identity, physical condition, or characteristics.

We do not provide medical advice, diagnosis, or treatment. The Services are intended only to help users capture, manage, and share scans with healthcare professionals.

4. Eligibility

The Services are intended only for individuals who are at least 18 years old. You may not use the Services if you are under 18, unless applicable law in your jurisdiction sets a higher age threshold, in which case that higher age threshold applies.

If we learn that we have collected personal data from a person who is not eligible to use the Services in violation of this Privacy Policy, we may suspend or delete the relevant account and data, subject to applicable law.

5. Personal Data We Collect

We may collect the following categories of personal data:

A. Account and Registration Data

B. Scan Data and Related Content

Because the Services allow users to create 3D scans of the face and/or other body areas, we may process face data when a user chooses to scan their face.

For purposes of this Privacy Policy, "face data" means data collected from or derived from a user's face during the scan process, including 3D facial scans, facial mesh data, facial geometry, textures, depth or surface data, measurements, scan-derived files, scan outputs, scan metadata, and, for photogrammetry-based scans, source photographs used to create the 3D model.

Photogrammetry-based processing may occur on Company servers. LiDAR-based processing occurs on the user's device. After processing, scan data may be transmitted to Company servers for encrypted storage and for sharing only with healthcare professionals selected by the user.

C. Healthcare Professional Sharing Data

D. Device, Log, and Technical Data

E. Support and Communications Data

F. Analytics Data

6. How We Use Personal Data

We use personal data for the following purposes:

How We Use Face Data

We use face data only to provide the core functionality of the Services, including creating a 3D model from LiDAR or photogrammetry scans, storing the user's scans in the user's account, allowing the user to view, manage, delete, and share selected scans, allowing the user to share selected scans with healthcare professionals chosen by the user, and maintaining the security, integrity, and operation of the Services.

We do not use face data for facial recognition, face identification, identity verification, advertising, profiling, or sale. We do not sell face data.

We do not use user scans, face data, or scan content to train artificial intelligence or machine learning models.

7. Legal Bases for Processing

Depending on your location and applicable law, we process personal data under one or more of the following legal bases:

A. Performance of a Contract

We process account, service, and operational data as necessary to provide the Services you request, including account creation, scan storage, scan sharing, access management, and support.

B. Legitimate Interests

We process certain data where necessary for our legitimate interests, including:

Where we rely on legitimate interests, we consider the impact on users' rights and freedoms.

C. Consent

Where required by law, we rely on your consent, including your explicit consent for the processing of scans and other sensitive or health-related personal data.

In particular, we rely on explicit consent under Article 9(2)(a) GDPR for the processing of 3D scans and related data that constitute biometric or other special categories of personal data.

You may withdraw consent at any time. Withdrawal of consent does not affect processing carried out before withdrawal. In some cases, if you withdraw consent, some or all Services may no longer be available to you.

D. Legal Obligation

We may process personal data where necessary to comply with applicable legal obligations.

8. Data Protection Roles

The Company acts as a data controller with respect to the operation of the Services, including user accounts, platform functionality, and the storage and management of User Content.

Healthcare professionals who receive access to personal data through the Services act as independent data controllers with respect to any processing they perform.

Where the Services are used in a professional context by healthcare professionals or clinics, the Company may act as a data processor.

9. Sharing Scans with Healthcare Professionals

The Services are designed so that scans are only shared with a healthcare professional when the user actively chooses to share them by identifying a healthcare professional through their email address or another sharing workflow we make available.

A healthcare professional may access a scan only if:

A user may revoke a healthcare professional's access to a scan within the Services. Once revoked, that healthcare professional should no longer be able to access the scan through our healthcare professional portal.

However, if a healthcare professional has already downloaded, exported, copied, screenshotted, or otherwise retained the scan or information derived from it outside our Services, we may not be able to control or delete those copies. In such cases, the healthcare professional may act as an independent controller of that data under applicable law, and the user may need to contact the healthcare professional directly regarding records retained outside our Services.

10. Who We Share Personal Data With

We do not sell personal data. We do not share face data, 3D scans, scan images, scan-derived files, measurements, or scan content with advertisers, data brokers, analytics providers, or third-party artificial intelligence services.

We may share personal data only with the following categories of recipients:

A. Healthcare Professionals Selected by the User

The Services are designed so that scans are shared with a healthcare professional only when the user actively chooses to share a specific scan and provides an additional informed action or consent through the Services.

We share only the scan selected by the user and related information necessary to provide access to that scan. A healthcare professional may access a scan only if the user has selected that healthcare professional and granted access through the Services.

B. Service Providers

We may share personal data with vendors and service providers that support the operation, security, maintenance, and improvement of the Services, such as:

These service providers may handle personal data only as necessary to provide their services to us and are not permitted to use personal data for their own independent purposes.

With respect to scan data and face data specifically, third-party cloud hosting and infrastructure providers are used only to host, store, and transmit encrypted scan data as part of the technical infrastructure of the Services.

We do not authorize these providers to view, analyze, modify, use, sell, disclose, or otherwise handle user scan data or face data for their own purposes, including advertising, profiling, analytics, artificial intelligence model training, or product improvement.

We do not share face data, 3D scans, scan images, scan-derived files, measurements, or scan content with analytics providers, crash reporting and diagnostics providers, customer support tools, communications providers, advertisers, data brokers, or third-party artificial intelligence services.

C. Sign-In and Authentication Providers

If a user chooses to sign in using Apple or Google, the relevant sign-in provider may handle authentication-related information necessary to authenticate the user.

We do not share face data, 3D scans, scan images, scan-derived files, measurements, or scan content with Apple or Google for sign-in purposes.

D. Legal and Compliance Recipients

We may disclose personal data if required by applicable law, regulation, legal process, or enforceable governmental request, or where necessary to establish, exercise, or defend legal claims or protect the rights, safety, and security of users, healthcare professionals, the Company, or others.

E. Corporate Transaction Recipients

We may disclose personal data in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar transaction, subject to appropriate safeguards.

11. International Data Transfers

Because we operate worldwide, personal data may be processed in countries outside the country where you live, including outside the European Economic Area, the United Kingdom, or Switzerland.

Where required by law, we use appropriate safeguards for international transfers, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

12. Data Storage and Security

We use reasonable and appropriate technical and organisational measures designed to protect personal data, including measures intended to reduce the risk of unauthorized access, disclosure, alteration, or destruction.

Such measures may include, where appropriate:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, maintain security, and enforce our agreements.

In general:

We do not retain face data indefinitely.

We may also retain certain data longer where required or permitted by applicable law.

14. Your Rights

Depending on your location, you may have rights regarding your personal data, including the right to:

If you would like to exercise any of your rights, please contact us at support@ava3d.app.

15. Analytics, Diagnostics, and Software Development Kits (SDKs)

We use analytics, diagnostics, and crash-reporting tools to understand how the Services are used, improve performance, identify technical issues, and maintain security and reliability.

These tools may collect identifiers, device data, usage data, and event data. These tools do not receive face data, 3D scans, scan images, scan-derived files, measurements, or scan content.

Where required by law, we will obtain consent before using non-essential tracking technologies or similar tools.

16. Cookies and Similar Technologies

Our mobile app and healthcare professional portal may use cookies, software development kits, local storage, pixels, and similar technologies for authentication, security, preferences, analytics, and functionality.

Where legally required, we will provide notice and obtain consent for non-essential technologies.

17. Third-Party Healthcare Professionals and Independent Responsibilities

Healthcare professionals who receive scans through the Services may have independent legal obligations regarding any medical, clinical, or professional records they create, retain, download, or export.

This Privacy Policy describes our processing as the operator of the Services. It does not fully govern the independent privacy or professional obligations of healthcare professionals.

18. No Third-Party AI Processing

We do not send user face data, 3D scans, scan images, scan-derived files, measurements, or any other scan content to any third-party artificial intelligence service.

The Services do not use third-party AI services to analyze, process, generate, transform, evaluate, or train on user face data or scan content.

We do not use user face data, 3D scans, or scan content to train artificial intelligence or machine learning models.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by updating the "Last Updated" date, posting a notice in the Services, or otherwise notifying users.

20. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Aesthetic Vision Inc.

support@ava3d.app

← Back to home