Privacy
Draft — counsel review pending

Privacy on the marketing site.

This page describes what we collect when you visit aesthpa.com. Patient data and clinic operations data are governed by a separate Data Processing Agreement attached to your AesthPA subscription.

Last updated: 07 May 2026.

Who we are

PhonePA Ltd trades as AesthPA. We are registered in the United Kingdom. For privacy enquiries you can email hello@aesthpa.com.

We are the controller for personal data collected on this marketing site (newsletter sign-ups, free-trial enquiries, analytics). When you become an AesthPA customer, the relationship for clinical and patient data flips: you are the controller and we are the processor under the Data Processing Agreement attached to your subscription.

What we collect on this site

  • Newsletter sign-ups. Email address, the page or source you signed up from, and a timestamp. Stored in our Supabase database in the EU.
  • Free-trial enquiries. Name, clinic name, email, phone, and the optional fields you fill in on the form. Stored in the same database. Forwarded by email to hello@aesthpa.com so a real person can reply.
  • Analytics. We use Plausible Analytics, a cookieless, EU-hosted product. Plausible records aggregate page views, referrers, country (not city), browser, and device class. No cookies. No cross-site tracking. No personal identifiers.
  • Spam protection. Cloudflare Turnstile may receive a challenge token from your browser. No personal data is exchanged with Cloudflare beyond a one-shot validation token.
  • Server logs. Vercel records request IPs and user-agent strings for short-term abuse detection (typically 30 days). We do not associate these with named individuals.

Lawful basis

Newsletter and free-trial enquiries: consent, given when you submit the relevant form. Analytics: legitimate interests (understanding aggregate site usage with no impact on individual privacy, and no cookies under PECR/UK GDPR).

How long we keep it

  • Newsletter: until you unsubscribe. Once you do, we hard-delete your record within 30 days.
  • Free-trial enquiries: uncontacted enquiries are hard-deleted after 180 days. Enquiries flagged as spam or disqualified are hard-deleted after 30 days. Enquiries that become customers are kept under the customer relationship.
  • Analytics: aggregate, indefinite. There are no individual records to delete.

Your rights

Under UK GDPR you can request access to, correction of, or deletion of your personal data. Email hello@aesthpa.com and we’ll respond within one calendar month. You can also complain to the Information Commissioner’s Office.

Cookies

We don’t set any tracking cookies on this site. Plausible is cookieless by design. The site may set a small number of strictly necessary cookies for security or session management; these are exempt from consent under PECR.

Data Processing Agreement (customers)

If you are an AesthPA customer (or evaluating becoming one) and need our DPA for your due-diligence file, email hello@aesthpa.com. We will sign yours.

Changes to this notice

If we make a material change to how we handle data on this site, we’ll update the “last updated” date above and, if you’re on the newsletter, send a short note explaining the change.