Legal
Privacy Policy
1. Introduction and Data Controller
1.1 About This Policy
This Privacy Policy explains how Dano Aesthetics (“we,” “us,” “our,” or the “Clinic”) collects, uses, discloses, and protects your personal information when you use the Dano Aesthetics mobile application (the “App”).
1.2 Data Controller
Dano Aesthetics
Address: ערער 17 קומה 8, Modi'in, Israel 7178564
Email: admin@danoaesthetics.vip
Phone: +972 50‑207‑6303
1.3 App Developer (Data Processor for Technical Operations)
The App is developed and published by Arvin Kit Gallego, an independent software developer:
- Developer: Arvin Kit Gallego
- Location: Bacolod City, Negros Occidental, Philippines
- Technical Support: kitarvin23@gmail.com
- Role: Technical development and app maintenance only
The developer acts as a data processor for technical operations under the direction of Dano Aesthetics.
1.4 Applicable Law
This Privacy Policy is designed to comply with:
- Israel Protection of Privacy Law, 5741‑1981 (PPA) and associated regulations
- Privacy Protection Regulations (Data Security), 5777‑2017
- EU General Data Protection Regulation (GDPR) where applicable
- Apple App Store and Google Play requirements
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
- Full name
- Email address
- Phone number (optional)
- Password (stored encrypted by Firebase)
- Language preference (Hebrew / English)
Booking Information:
- Appointment dates and times
- Consultation type and service interest
- Special requirements or notes
- Treatment preferences
Apple Sign‑In Users:
If you sign in with Apple, we may receive:
- Apple User Identifier (for consistent identity management)
- Your real email address OR a private relay email address based on your privacy preferences
- Your name (if you choose to share it)
We respect Apple's “Hide My Email” feature and manage your account based on your Apple User ID, regardless of email visibility.
2.2 Information We Collect Automatically
Device Information:
- Device model and manufacturer
- Operating system version
- App version
- Device timezone
- Network connectivity status
Usage Information (Custom Logging):
We maintain internal logs in our secure database for:
- App events (login, booking actions)
- Error tracking for troubleshooting
- Security events (blocked user status)
Important: We do NOT use Firebase Analytics, Google Analytics, or any third‑party analytics services. All logging is stored in our own secure Firestore database.
2.3 Information from Authentication Providers
- Google Sign‑In: Name, email address, profile picture
- Apple Sign‑In: Name (if shared), email (real or private relay), Apple User ID
3. How We Use Your Information
3.1 Service Delivery (Legal Basis: Contract Performance)
- Process and manage your appointment bookings
- Send booking confirmations, updates, and reminders
- Communicate about rescheduling or cancellations
- Manage your loyalty program membership and rewards
- Provide customer support
3.2 Security and Operations (Legal Basis: Legitimate Interest)
- Authenticate your identity
- Protect against unauthorized access
- Monitor for fraudulent or abusive behavior
- Maintain audit trails for compliance
- Troubleshoot technical issues
3.3 Legal Compliance
- Comply with Israeli healthcare and privacy regulations
- Respond to legal requests from authorities
- Maintain records as required by law
3.4 Communications (Legal Basis: Consent or Legitimate Interest)
- Send email notifications about your bookings
- Notify you of account changes (e.g., email updates)
4. Email History and Transparency
We maintain a record of your previous email addresses in your account profile. This includes:
- The old email address
- The new email address
- Who made the change (you or an administrator)
- Date / time of the change
- Reason for change (for admin‑initiated changes)
This transparency measure helps you track any changes to your account and is part of our security audit trail.
5. Data Sharing and Recipients
5.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties.
5.2 Service Providers (Data Processors)
| Provider | Location | Purpose |
|---|---|---|
| Google Firebase | USA / Global | Database, authentication, cloud functions |
| Google Cloud Platform | USA / Global | Infrastructure hosting |
| Gmail API | USA / Global | Sending transactional emails |
| Apple (Sign‑In) | USA / Global | Authentication service |
All service providers are bound by data processing agreements.
5.3 International Data Transfers
Your data is processed by Google Firebase, which operates globally including in the United States. These transfers are protected by:
- Google's Standard Contractual Clauses (SCCs)
- Google's compliance certifications (ISO 27001, SOC 2)
5.4 Healthcare Providers
Your booking and treatment information may be shared with healthcare professionals at Dano Aesthetics who provide your treatment.
5.5 Legal Requirements
We may disclose information when required by Israeli law or to:
- Comply with legal processes
- Respond to government requests
- Protect our rights, privacy, safety, or property
6. Data Security
6.1 Technical Measures
- Encryption of data in transit (TLS / SSL)
- Firebase security rules restricting data access
- Secure authentication via Firebase Auth
- Automatic session management
- Real‑time monitoring for blocked accounts
6.2 Administrative Measures
- Mandatory reason logging for administrative actions
- Audit trails for all data modifications
- Limited access to administrative functions
- Regular security reviews
6.3 Incident Response
In the event of a data breach, we will:
- Notify affected users as required by Israeli law
- Report to the Israeli Privacy Protection Authority if required
- Take immediate steps to contain and remediate
7. Data Retention
7.1 General Principle
We retain your personal data only as long as necessary for the purposes described in this policy, or as required by applicable law.
7.2 Account Data
- Active accounts: Your data is retained while your account remains active
- Inactive accounts: We do not automatically delete inactive accounts. If you wish to delete your account, you may request deletion at any time (see Section 8.3)
- Deleted accounts: When you request account deletion, your personal data will be removed within 30 days, except where retention is required by law
7.3 Booking and Treatment Records
Booking records may be retained for up to 7 years or longer as required by Israeli healthcare regulations and business record‑keeping requirements. This ensures we can:
- Maintain your treatment history for continuity of care
- Comply with legal and regulatory obligations
- Respond to potential legal claims
7.4 Audit and Security Logs
Administrative and security logs are retained as necessary for compliance, security investigations, and legal requirements.
7.5 Your Right to Deletion
You may request deletion of your data at any time. We will comply with deletion requests except where we are legally required to retain certain information (such as medical records within the mandatory retention period).
8. Your Rights
Under Israeli privacy law and GDPR (where applicable), you have the right to:
8.1 Access
Request a copy of all personal data we hold about you.
8.2 Rectification
Correct inaccurate or incomplete data via the App or by contacting us.
8.3 Erasure (“Right to be Forgotten”)
Request deletion of your data, subject to legal retention requirements for medical records.
8.4 Data Portability
Receive your data in a structured, machine‑readable format.
8.5 Object to Processing
Object to processing based on legitimate interests.
8.6 Restriction
Request that we limit how we use your data.
8.7 Withdraw Consent
Where processing is based on consent, withdraw it at any time.
To exercise your rights: Email admin@danoaesthetics.vip with “Privacy Request” in the subject line.
Response Time: We will respond within 30 days.
9. Account Suspension and Blocking
We may suspend or permanently block your account if you:
- Violate our Terms and Conditions
- Engage in fraudulent or abusive behavior
- Provide false information
When an account is blocked:
- You will be automatically logged out
- Your Firebase authentication will be disabled
- An audit record will be created
- You will not be able to create a new account without contacting us
10. Children's Privacy
This App and the services offered by Dano Aesthetics are intended for adults aged 18 and older. The aesthetic and medical services provided require adult consent under Israeli law.
We do not knowingly collect personal information from individuals under 18 years of age. If you are under 18, please do not use this App or provide any information through it.
If we learn that we have collected information from a user under 18 without verified parental consent, we will take steps to delete that information promptly.
11. Local Device Storage
The App stores the following data locally on your device:
- Authentication tokens (encrypted in iOS Keychain / Android Keystore)
- Language and preference settings
- Cached content for performance
This local data can be cleared by:
- Uninstalling the App
- Logging out of your account
- Using your device's app data clearing function
12. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes through:
- Email to your registered address
- Updated “Last Updated” date
Your continued use of the App after changes constitutes acceptance.
13. Contact Us
Privacy Inquiries
Dano Aesthetics
Email: admin@danoaesthetics.vip
Phone: +972 50‑207‑6303
Address: ערער 17 קומה 8, Modi'in, Israel 7178564
Technical / App Issues
Developer: Arvin Kit Gallego
Email: kitarvin23@gmail.com
Regulatory Authority
Israeli Privacy Protection Authority (PPA)
Website: gov.il — Privacy Protection Authority