Privacy Policy

Beauty Health Index (“BHI”, “we”, “us”, “our”) is committed to protecting the privacy, confidentiality, integrity as well as security of personal data processed through the Beauty Health Index mobile application, website or any related digital services (collectively, the “Services”).

This Privacy Policy sets out in a comprehensive legally binding manner how BHI collects, processes, stores, uses, discloses, safeguards or retains personal data, including biometric or facial data, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable Greek data protection law, as well as applicable international data protection standards where relevant.

BHI operates as a biometric wellness or informational platform intended to measure or track facial aesthetic health. The Services are provided strictly for informational, wellness or self monitoring purposes. BHI does not provide medical advice, diagnosis, prognosis, treatment or clinical recommendations. BHI is not a medical device under Regulation (EU) 2017/745 (MDR), U.S. FDA regulations or any equivalent regulatory framework.

The primary data controller is currently established in Greece (European Union). As BHI expands its operations, certain processing activities may involve infrastructure, affiliates, contractors or service providers located outside the European Union, including in the United States, subject at all times to appropriate lawful transfer mechanisms or safeguards.

The Services are strictly limited to individuals who are at least eighteen (18) years of age. By accessing or using the Services, you represent or warrant that you are at least eighteen (18) years old with full legal capacity to enter into binding agreements.

BHI does not knowingly collect, process or store personal data relating to minors. Any account identified as belonging to a person under the age of eighteen (18) may be immediately suspended or permanently deleted without notice. Any associated data may be erased, subject to legal retention obligations.

For the purposes of this Privacy Policy, the following definitions apply.

Personal Data means any information relating to an identified or identifiable natural person, as defined under Article 4 GDPR.

Biometric Data means personal data resulting from specific technical processing relating to physical or physiological characteristics of a natural person, including facial features, enabling or confirming biometric analysis.

Facial Scan Data means images, video frames or derived representations of a user’s face captured through the Services solely for biometric measurement or aesthetic health analysis.

Health Related Data means wellness, lifestyle, behavioral or environmental information that may influence facial aesthetic health but does not constitute medical records, clinical data or protected health information.

Anonymized Data means data processed in such a manner that the data subject is no longer identifiable. Re identification is not reasonably possible.

Processing means any operation performed on personal data, whether or not by automated means, including collection, recording, organization, storage, analysis, transmission, disclosure or deletion.

Personal data is collected or processed solely for explicit, specified or legitimate purposes, including calculation or display of the Beauty Health Index, generation of personalized insights or reports, longitudinal tracking of aesthetic health metrics, user initiated data sharing, service operation or security, anonymized statistical analysis, research validation as well as compliance with legal obligations.

Personal data is not processed for purposes incompatible with those described in this Privacy Policy.

Under the GDPR, BHI processes personal data on the following legal bases.

Explicit consent pursuant to Article 9(2)(a) GDPR for processing biometric or health related data.

Performance of a contract pursuant to Article 6(1)(b) GDPR where processing is necessary to provide subscribed Services.

Compliance with legal obligations pursuant to Article 6(1)(c) GDPR.

Legitimate interests pursuant to Article 6(1)(f) GDPR, strictly limited to platform security, fraud prevention or service integrity, only where such interests do not override user rights.

Prior to any facial scan or biometric processing, users must provide explicit, informed or affirmative consent. Consent is purpose specific. It may be withdrawn at any time through account settings or by contacting BHI. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. It may result in loss of access to biometric dependent features.

With separate explicit opt in consent, anonymized or aggregated data may be used to validate algorithms, improve model accuracy, conduct internal research or support scientific publications. Such processing excludes identifiable personal data or raw facial images. Re identification of anonymized datasets is strictly prohibited.

Participation in research or model improvement is voluntary. It may be withdrawn at any time without affecting core Service access.

BHI does not sell personal data.

Personal data may be disclosed only to service providers acting as data processors under binding contractual obligations, to competent authorities where required by law or to clinics or professionals solely upon explicit user request or authorization. All disclosures are limited to the minimum data necessary.

Where users elect to share data with clinics or professionals, such sharing is initiated by the user. It is limited to the scope of consent granted. Clinics act as independent data controllers with respect to any data received. BHI does not control, supervise or assume responsibility for third party processing activities.

Users may revoke professional access at any time.

Where personal data is transferred outside the European Union, appropriate safeguards are implemented, including Standard Contractual Clauses approved by the European Commission or equivalent lawful mechanisms.

Personal data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, provide the Services, comply with legal obligations or resolve disputes.

Users may request deletion of their account or associated data, subject to mandatory legal retention requirements.

BHI implements technical or organizational measures designed to protect personal data, including encryption, access controls, monitoring or periodic security reviews. While BHI employs reasonable safeguards, no system can be guaranteed to be completely secure. Users acknowledge or accept residual risk.

Users may exercise rights of access, rectification, erasure, restriction, portability or objection in accordance with applicable law. Requests may be submitted using the contact information below.

BHI reserves the right to amend this Privacy Policy at any time. Material changes will be communicated through the Services. Continued use following changes constitutes acceptance of the updated Policy.

Privacy related inquiries, requests or complaints may be submitted to info@beautyhealthindex.com.