Security

Data Security & Compliance

Your health data deserves the highest level of protection. Here's how we safeguard it.

GDPR / DSGVO Compliance

As a German company (drylabs GmbH), GDPR is our primary data protection framework. We comply with all requirements of the EU General Data Protection Regulation.

Data Protection Principles

Purpose limitation — data collected only for specified, legitimate purposes

Data minimisation — only data necessary for the service is collected

Storage limitation — data retained only as long as necessary

Integrity and confidentiality — appropriate security measures at all times

Your Rights

Under GDPR, you have the right to access, rectify, erase, port, and restrict processing of your data. You can exercise these rights directly in the app or by contacting us.

Technical Security

AES-256 encryption at rest, TLS 1.3 in transit

Certificate pinning in the iOS app prevents man-in-the-middle attacks

Row-level security ensures you can only access your own data

EXIF metadata stripped from all photos before upload

Face ID / Touch ID via Apple Secure Enclave — biometrics never leave your device

Encrypted daily backups with automated drift detection

EU Data Hosting

Your data is hosted on servers physically located in the European Union via Supabase. Cloudflare provides CDN and DDoS protection under the EU-U.S. Data Privacy Framework. Standard Contractual Clauses govern any data transfers.

Not a Medical Device

Aesthetic Pass is not a medical device under EU Medical Device Regulation (MDR 2017/745). It is a record-keeping and information platform for aesthetic treatments. It is categorised as Health & Fitness on the App Store, not Medical.

International Standards

GDPR is our primary compliance framework and we apply its protections to all users worldwide. Our technical security measures meet or exceed the standards required by major international data protection regulations.

سياسة الخصوصية · شروط الخدمة · Impressum · الرئيسية