SKYNCLINIC & ACADEMY
Sign in

Privacy Policy

Last updated: 20 March 2026

1. Data controller

SKYN Group Ltd, Moffat House, 14–20 Pall Mall, Floor 2, Liverpool, L3 6AL. Email: info@skyn.app.

2. What personal data we collect

We may collect and process the following categories of personal data:

  • Account data — name, email address, and password (hashed) when you create an account.
  • Enquiry data — name, email, phone number, professional background, and message content when you submit an enquiry.
  • Booking data — appointment details, treatment preferences, and practitioner selections.
  • Health data — medical history, consent forms, and treatment notes collected as part of clinical consultations. This is special category data under UK GDPR.
  • Training data — course enrolments, progress, assessment results, and certificates.
  • Payment data — processed securely by Stripe. We do not store card details on our systems.
  • Technical data — session identifiers stored in essential cookies for authentication purposes.

3. Lawful basis for processing

We process your personal data on the following lawful bases:

  • Contract — to provide treatments, training courses, and manage your bookings and enrolments.
  • Consent — for processing health data, responding to enquiries, and marketing communications. You may withdraw consent at any time.
  • Legal obligation — to comply with healthcare regulations, CQC requirements, and financial record-keeping.
  • Legitimate interest — to improve our services, maintain security, and prevent fraud.

4. Special category data

As a CQC-registered clinic, we process health-related data as part of clinical consultations and treatment delivery. This data is processed on the basis of your explicit consent and is necessary for the provision of health care. We also collect professional background information (e.g. medical qualifications) through our enquiry form — this is processed with your explicit consent.

5. How we store your data

Your data is stored securely on Cloudflare's infrastructure (Cloudflare D1 database), protected by encryption in transit and at rest. Passwords are hashed using bcrypt and are never stored in plain text.

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Clinical records are retained for a minimum of 8 years in accordance with NHS and CQC guidance. Account and booking data is retained for the duration of your account plus 6 years. Enquiry data is retained for 2 years.

6. Third-party processors

We share your data with the following third-party processors:

  • Stripe — payment processing. Stripe's privacy policy applies to payment data.
  • Cloudflare — hosting and infrastructure. Data is processed within Cloudflare's network.

We do not sell your personal data to any third party.

7. Cookies

We use only essential cookies for authentication (session cookies). We do not use analytics, tracking, or advertising cookies. For full details, see our Cookie Policy.

8. Your rights

Under UK GDPR, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate personal data.
  • Right to erasure — request deletion of your personal data (subject to legal retention requirements).
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to object — object to processing based on legitimate interest.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email info@skyn.app. We will respond within one month.

9. Age restriction

Our services are available to individuals aged 18 and over only. We do not knowingly collect personal data from anyone under 18.

10. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with a revised "last updated" date. We encourage you to review this policy periodically.

This site uses essential cookies for authentication only. No tracking or analytics cookies are used. Learn more