Privacy Policy
Last Updated: April 13th 2026
This Privacy Policy explains how Aesthetic Vision Inc. ("Company," "we," "us," or "our") collects, uses, stores, shares, and otherwise processes personal data in connection with AVA 3D (the "App"), our related mobile applications, websites, and healthcare professional web portal (collectively, the "Services").
The Services allow adult users to create and store 3D body scans, including scans of the face and certain body areas, and to share selected scans with healthcare professionals for communication purposes.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
Controller: Aesthetic Vision Inc.
Registered in: Delaware, USA
Privacy contact: support@ava3d.app
Registered in: Delaware, USA
Privacy contact: support@ava3d.app
If required under applicable law, we may designate a Data Protection Officer or other privacy contact and publish their details here.
2. Scope of This Privacy Policy
This Privacy Policy applies to personal data we process when you:
- create and use an account;
- create, store, manage, or delete 3D scans;
- share scans with healthcare professionals through the Services;
- use our mobile app or healthcare professional web portal;
- contact us for support;
- interact with analytics, diagnostics, and security features built into the Services.
3. Important Nature of the Data We Process
The Services process highly sensitive personal data, including special categories of personal data within the meaning of Article 9 GDPR.
In particular, this may include:
- 3D scans of your face and other body areas;
- data revealing or relating to physical characteristics;
- data revealing health-related information;
- data that may directly or indirectly identify you;
- data that constitutes biometric data within the meaning of Article 9 GDPR, even where not used for identification purposes;
- data relating to your sex, sex characteristics, or gender identity.
Due to the nature of 3D scan technology, such data may inherently allow conclusions about an individual's identity, physical condition, or characteristics.
We do not provide medical advice, diagnosis, or treatment. The Services are intended only to help users capture, manage, and share scans with healthcare professionals.
4. Eligibility
The Services are intended only for individuals who are at least 18 years old. You may not use the Services if you are under 18.
If we learn that we have collected personal data from a person under 18 in violation of this Privacy Policy, we may suspend or delete the relevant account and data, subject to applicable law.
5. Personal Data We Collect
We may collect the following categories of personal data:
A. Account and Registration Data
- full name;
- email address;
- phone number;
- password or authentication credentials;
- date of birth;
- sex;
- gender identity.
B. Scan Data and Related Content
- 3D scans and scan-derived files;
- images, meshes, geometric data, depth or surface data, and related scan outputs;
- scan metadata, such as date, time, body area, device information, scan status, and related technical parameters;
- user notes, tags, labels, and comments associated with a scan.
C. Healthcare Professional Sharing Data
- healthcare professional email address entered by the user;
- records of which healthcare professional a user invited or shared a scan with;
- timestamps of access grants and access revocations;
- records of whether a healthcare professional viewed, downloaded, or exported a scan, where available.
D. Device, Log, and Technical Data
- device type, operating system, app version, browser type;
- IP address and approximate location derived from IP;
- crash logs, diagnostics, performance data, and security logs;
- authentication and access logs.
E. Support and Communications Data
- messages sent to support;
- information you provide when contacting us.
F. Analytics Data
- in-app interaction data;
- usage metrics;
- engagement and performance data collected through analytics tools and software development kits (SDKs).
6. How We Use Personal Data
We use personal data for the following purposes:
- to create and manage user accounts;
- to enable users to capture, store, organize, and manage scans;
- to allow users to share selected scans with specific healthcare professionals chosen by the user;
- to allow healthcare professionals to access scans through the healthcare professional portal;
- to enable users to revoke portal access previously granted to a healthcare professional;
- to operate, maintain, secure, and improve the Services;
- to perform quality assurance and internal product quality control;
- to provide customer support;
- to monitor service performance and troubleshoot technical issues;
- to generate crash reports and diagnostics;
- to protect against fraud, abuse, unauthorized access, and security incidents;
- to comply with legal obligations and enforce our legal rights.
We do not use user scans to train artificial intelligence or machine learning models.
7. Legal Bases for Processing
Depending on your location and applicable law, we process personal data under one or more of the following legal bases:
A. Performance of a Contract
We process account, service, and operational data as necessary to provide the Services you request, including account creation, scan storage, scan sharing, access management, and support.
We process account, service, and operational data as necessary to provide the Services you request, including account creation, scan storage, scan sharing, access management, and support.
B. Legitimate Interests
We process certain data where necessary for our legitimate interests, including:
We process certain data where necessary for our legitimate interests, including:
- service security;
- fraud prevention;
- platform administration;
- debugging;
- internal analytics;
- performance monitoring;
- quality assurance;
- enforcing our Terms.
C. Consent
Where required by law, we rely on your consent, including your explicit consent for the processing of scans and other sensitive or health-related personal data.
Where required by law, we rely on your consent, including your explicit consent for the processing of scans and other sensitive or health-related personal data.
In particular, we rely on explicit consent under Article 9(2)(a) GDPR for the processing of 3D scans and related data that constitute biometric or other special categories of personal data.
You may withdraw consent at any time. Withdrawal of consent does not affect processing carried out before withdrawal. In some cases, if you withdraw consent, some or all Services may no longer be available to you.
D. Legal Obligation
We may process personal data where necessary to comply with applicable legal obligations.
We may process personal data where necessary to comply with applicable legal obligations.
8. Data Protection Roles
The Company acts as a data controller with respect to the operation of the Services, including user accounts, platform functionality, and the storage and management of User Content.
Healthcare professionals who receive access to personal data through the Services act as independent data controllers with respect to any processing they perform.
Where the Services are used in a professional context by healthcare professionals or clinics, the Company may act as a data processor.
9. Sharing Scans with Healthcare Professionals
The Services are designed so that scans are only shared with a healthcare professional when the user actively chooses to share them by identifying a healthcare professional through their email address or another sharing workflow we make available.
A healthcare professional may access a scan only if:
- the user has selected that healthcare professional; and
- access has been granted through the Services.
A user may revoke a healthcare professional's access to a scan within the Services. Once revoked, that healthcare professional should no longer be able to access the scan through our healthcare professional portal.
However, if a healthcare professional has already downloaded, exported, copied, screenshotted, or otherwise retained the scan or information derived from it outside our Services, we may not be able to control or delete those copies. In such cases, the healthcare professional may act as an independent controller of that data under applicable law, and the user may need to contact the healthcare professional directly regarding records retained outside our Services.
10. Who We Share Personal Data With
We may share personal data with the following categories of recipients:
A. Healthcare Professionals Selected by the User
We share scans and related information with the specific healthcare professional selected by the user.
We share scans and related information with the specific healthcare professional selected by the user.
B. Service Providers
We may share personal data with vendors and service providers that support our Services, such as:
We may share personal data with vendors and service providers that support our Services, such as:
- cloud hosting and infrastructure providers;
- analytics providers;
- crash reporting and diagnostics providers;
- security and authentication providers;
- customer support tools;
- communications providers.
C. Legal and Compliance Recipients
We may disclose personal data:
We may disclose personal data:
- when required by law;
- in response to lawful requests from public authorities;
- to establish, exercise, or defend legal claims;
- to protect the rights, safety, and security of users, healthcare professionals, us, or others.
D. Corporate Transaction Recipients
We may disclose personal data in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar transaction, subject to appropriate safeguards.
We may disclose personal data in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar transaction, subject to appropriate safeguards.
We do not sell personal data in the ordinary meaning of that term.
11. International Data Transfers
Because we operate worldwide, personal data may be processed in countries outside the country where you live, including outside the European Economic Area, the United Kingdom, or Switzerland.
Where required by law, we use appropriate safeguards for international transfers, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
12. Data Storage and Security
We use reasonable and appropriate technical and organisational measures designed to protect personal data, including measures intended to reduce the risk of unauthorized access, disclosure, alteration, or destruction.
Such measures may include, where appropriate:
- encryption in transit;
- encryption at rest;
- role-based access controls;
- access logging;
- authentication and session controls;
- infrastructure and environment security controls.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
13. Retention
We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.
In general:
- account data is retained while your account remains active and for a reasonable period thereafter as necessary for legal, security, and operational purposes;
- scans are retained until deleted by the user, unless longer retention is required by law or necessary for legal, security, or dispute-resolution purposes;
- logs, analytics, and diagnostics data are retained for limited periods appropriate to their purpose;
- backup copies may persist for a limited period after deletion.
We may also retain certain data longer where required or permitted by applicable law.
14. Your Rights
Depending on your location, you may have rights regarding your personal data, including the right to:
- access personal data;
- correct inaccurate personal data;
- request deletion of personal data;
- restrict certain processing;
- object to certain processing;
- withdraw consent;
- receive a portable copy of certain personal data;
- lodge a complaint with a supervisory authority.
If you would like to exercise any of your rights, please contact us at support@ava3d.app.
15. Analytics, Diagnostics, and Software Development Kits (SDKs)
We use analytics, diagnostics, and crash-reporting tools to understand how the Services are used, improve performance, identify technical issues, and maintain security and reliability.
These tools may collect identifiers, device data, usage data, and event data. Where required by law, we will obtain consent before using non-essential tracking technologies or similar tools.
16. Cookies and Similar Technologies
Our mobile app and healthcare professional portal may use cookies, software development kits, local storage, pixels, and similar technologies for authentication, security, preferences, analytics, and functionality.
Where legally required, we will provide notice and obtain consent for non-essential technologies.
17. Third-Party Healthcare Professionals and Independent Responsibilities
Healthcare professionals who receive scans through the Services may have independent legal obligations regarding any medical, clinical, or professional records they create, retain, download, or export.
This Privacy Policy describes our processing as the operator of the Services. It does not fully govern the independent privacy or professional obligations of healthcare professionals.
18. No Use for AI Model Training
We do not use user 3D scans or scan content to train machine learning or artificial intelligence models.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by updating the "Last Updated" date, posting a notice in the Services, or otherwise notifying users.
20. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Aesthetic Vision Inc.
support@ava3d.app
support@ava3d.app