Back to Home

Privacy Policy

How SkinSage collects, uses, and protects your personal data.

Last Updated: 26 January 2026

Effective Date: 26 January 2026

1. Introduction

SkinSage ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website skinsage.uk (the "Site") and use our services.

We are registered in England and Wales. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, SkinSage is the data controller.

2. Information We Collect

2.1 Information You Provide

Callback Request Forms:

  • Name (first and last)
  • Email address
  • Phone number
  • Treatment interest
  • Preferred callback times
  • Special requests (optional)

Lead Magnet Downloads:

  • Email address
  • Treatment interest (contextual)
  • Location (contextual)

Contact Forms:

  • Name
  • Email address
  • Message content

2.2 Information Collected Automatically

Analytics Data (with consent):

  • Pages visited
  • Time spent on site
  • Referral source
  • Device type and browser
  • Approximate location (city level)
  • Search queries performed on our site

Technical Data:

  • IP address (anonymised)
  • Browser type and version
  • Operating system
  • Time zone setting

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies. See our Cookie Policy for details.

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide Our Services

  • Process callback requests and connect you with clinics
  • Deliver lead magnets and educational content
  • Respond to your enquiries
  • Personalise your experience based on treatment interests

3.2 To Improve Our Services

  • Analyse how users interact with our Site
  • Identify popular treatments and search patterns
  • Improve search functionality and user experience
  • Develop new features based on user needs

3.3 To Communicate with You

  • Send callback confirmations
  • Deliver requested lead magnets
  • Respond to your questions or concerns
  • Send service-related announcements (not marketing)

3.4 To Ensure Safety and Compliance

  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Protect our rights and the rights of others

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

PurposeLegal Basis
Processing callback requestsContract performance (connecting you with clinics)
Delivering lead magnetsConsent (you provided your email)
Analytics (with consent)Consent (cookie consent)
Essential cookiesLegitimate interest (site functionality)
Responding to enquiriesLegitimate interest (customer service)
Fraud preventionLegitimate interest (security)
Legal complianceLegal obligation

5. How We Share Your Information

5.1 With Clinics

When you submit a callback request, we share your contact details and treatment interest with the clinic you selected. This is necessary to fulfil your request.

5.2 With Service Providers

We use trusted third-party services to operate our Site:

ProviderPurposeData Shared
VercelHostingTechnical data
SupabaseDatabaseUser data (encrypted)
ResendEmail deliveryEmail address, name
PostHogAnalytics (with consent)Usage data
Google MapsLocation servicesSearch locations

All service providers are bound by data processing agreements and process data only on our instructions.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights or the safety of others.

5.4 Business Transfers

If SkinSage is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your personal data only as long as necessary:

Data TypeRetention Period
Callback requests2 years from submission
Lead magnet emailsUntil you unsubscribe
Analytics data26 months
Contact enquiries1 year from resolution

After retention periods expire, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request we limit processing of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent at any time (for consent-based processing)

To exercise these rights, contact us at privacy@skinsage.uk. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (database encryption)
  • Access controls (role-based permissions)
  • Regular security reviews
  • Secure service providers

No method of transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Transfers

Your data is primarily processed in the UK and EU. Where we use service providers outside these regions, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent protections).

10. Children's Privacy

Our Site is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or site notice.

12. Contact Us

For questions, concerns, or to exercise your rights:

Email: privacy@skinsage.uk

For complaints about our data handling, you may also contact the Information Commissioner's Office (ICO):

Related Policies