Revaia Health
Sign inJoin the Founding Member Programme
Legal

Privacy Policy

How we collect, use, and protect your personal data — and the rights you have over it.

Last updated: [date to confirm]

Revaia Health is a marketplace that introduces UK aesthetic practitioners to independent prescribers — doctors, dentists, nurses & pharmacists and other qualified independent prescribers. This policy explains what personal data we handle, why, and how we look after it. It applies to our marketing site and the Revaia Health platform.

The data controller is [Registered company name, number & address — to be completed], registered with the Information Commissioner’s Office under [ICO registration number]. For any privacy question, contact us at info@revaiahealth.com.

What we collect

We collect only what we need to run the marketplace and meet our governance obligations:

  • Account details — name, email address, password (stored hashed), role, and contact preferences.
  • Professional details — for prescribers, your professional register and registration number, prescribing status, indemnity cover, and PVG/DBS information where applicable, supplied during onboarding.
  • Practice details — for clinics, business name, location, and the opportunities you post.
  • Marketplace activity — applications, acceptances, saved listings, and messages exchanged through the platform.
  • Billing data — subscription status and limited transaction metadata. Card details are handled entirely by Stripe; we never see or store them.
  • Technical data — essential cookies, IP address, and basic logs needed to keep the service secure and working.

Lawful bases under UK GDPR

We rely on the following lawful bases under the UK GDPR and the Data Protection Act 2018:

  • Contract — to create and manage your account, operate the marketplace, and provide a subscription you have taken out.
  • Legitimate interests — to review professional credentials during onboarding, keep the platform secure, prevent misuse, and maintain an accountable record of engagements.
  • Legal obligation — to meet record-keeping, tax, and safeguarding duties.
  • Consent — where we ask for it, such as optional marketing emails, which you can withdraw at any time.

Verification data

Verification is carried out by our team as a manual review during onboarding, and is required before a prescriber gains marketplace access. We process the registration, indemnity, and PVG/DBS information you provide solely to assess eligibility and to keep a documented audit trail. We do not publish these underlying documents to other users; clinics see a reviewed status rather than your raw records.

Payments and Stripe

Subscriptions are billed through Stripe, our payment processor. When you subscribe or manage billing, you interact with Stripe Checkout and the Stripe Customer Portal directly. Stripe processes your card data as a separate controller under its own privacy terms; Revaia Health receives only the information needed to know your subscription is active, such as status and renewal dates. We never store full card numbers.

Who we share data with

We do not sell your data. We share it only with trusted service providers acting on our instructions — for example our hosting and database provider, Stripe for payments, and our email provider. Where a prescriber and a clinic engage through the marketplace, relevant profile and contact details are shared between those parties so they can work together. We may also disclose data where the law requires it.

Where your data is stored

Platform data is held in a database hosted in the UK or EU. Where any provider processes data outside the UK, we put appropriate safeguards in place, such as the UK International Data Transfer Agreement or equivalent standard contractual clauses.

How long we keep it

We keep personal data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting, and safeguarding obligations. Records tied to engagements may be retained longer so an accountable trail is available if a question arises later. When data is no longer needed we delete or anonymise it. [Specific retention periods — to be completed.]

Cookies

We use a small set of essential cookies to keep you signed in and the service secure. For full detail, see our Cookie Policy.

Your rights

Under UK data protection law you have the right to access your data, to correct inaccuracies, to ask for deletion, to restrict or object to certain processing, to data portability, and to withdraw consent where we rely on it. To exercise any of these, email info@revaiahealth.com. You also have the right to complain to the Information Commissioner’s Office at ico.org.uk, though we hope you will raise any concern with us first.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the date above and, for material changes, let you know through the platform or by email.

Contact us

For any privacy question or request, contact us at info@revaiahealth.com, or write to [Registered company name & address — to be completed].