Privacy Policy

MedSpa Guide ("we", "us", or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data. We operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation. Our core principle is simple: collect as little as possible, and delete it as soon as it is no longer needed.

Your camera feed and microphone audio are processed in real time to provide cosmetic appearance guidance during your session. This data is streamed through our real-time infrastructure (LiveKit) and is never recorded, stored, or saved in any form. No video frames, audio recordings, or biometric data are retained. Once your session ends, no video or audio data exists anywhere in our systems. We do not use facial recognition technology, and no biometric identifiers are created or stored.

Location access is optional. If you grant it, we use your approximate location solely to find nearby clinics that match your concerns. Your location is associated with your anonymous session and is used only for generating clinic recommendations during that session. Location data is deleted when the session expires (maximum 1 hour for active sessions, 30 days for the anonymized analysis record). We do not track your location outside of active sessions.

When you complete a session, we save a structured analysis summary that includes appearance observations, suggested treatment categories, and clinic recommendations. This data is stored anonymously and is not linked to any personal identity, email address, or device identifier. Analysis data is automatically and permanently deleted after 30 days. You may request earlier deletion by contacting us at hello@medspa.guide.

Video and audio streams: never stored. Camera frames used for analysis: deleted at session end. Session transcripts: deleted at session end. Structured analysis JSON: deleted after 30 days. Location data: deleted at session end. Anonymous session identifiers: deleted after 30 days. Cookies and local storage: cleared when you clear your browser data.

We use minimal, strictly necessary cookies and local storage to maintain your session state and remember your anonymous session ID so you can revisit your results. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking or behavioral advertising networks.

We use the following third-party services to operate MedSpa Guide: LiveKit for real-time video and audio streaming (data is processed in transit and is not recorded or stored by LiveKit); Google Places API for clinic and business listing information (subject to Google's privacy policy; we cache non-identifying business data only); Google Gemini API for AI-powered appearance analysis (session data is processed in real time and is not retained by Google for model training); Supabase for secure, encrypted database storage; and Cloudflare for security, performance, and bot protection. We do not sell, rent, share, or provide your personal data to any third parties for advertising or marketing purposes.

Some of the third-party services we rely on process data in the United States and other jurisdictions. This includes Google Gemini for appearance analysis, Google Places for clinic information, LiveKit for real-time voice and video transport, and Cloudflare for security and delivery. When information is processed outside of Canada, we use standard contractual protections with each provider to maintain a comparable level of protection. Data processed by these providers may be subject to the laws of the jurisdiction in which it is processed, including lawful requests for access by local authorities.

Under PIPEDA and applicable Canadian privacy law, you have the right to: access the personal information we hold about you; request correction of inaccurate information; request deletion of your data; withdraw consent for data processing; and file a complaint with the Office of the Privacy Commissioner of Canada. Because we collect minimal anonymized data and do not maintain user accounts in our current version, most of these rights are satisfied by design. To exercise any of these rights, contact us at hello@medspa.guide.

MedSpa Guide has designated Pranay Joshi as the Privacy Officer accountable for our compliance with PIPEDA. Privacy questions, access requests, correction requests, deletion requests, and complaints can be sent to hello@medspa.guide and will be acknowledged and addressed within 30 days, as required under PIPEDA. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

MedSpa Guide is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children or minors. If you believe a minor has used our service, please contact us and we will take steps to delete any associated data.

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide notice through our platform. We encourage you to review this policy periodically. Your continued use of MedSpa Guide after changes are posted constitutes your acceptance of the revised policy.

If you have questions about this privacy policy, our data practices, or wish to exercise your privacy rights, please contact us at hello@medspa.guide.