Legal
Last updated: 8 June 2026
The Skin Collective (“we”, “us”, “our”), operated by Skin Revision Pty Ltd, provides a software platform that enables skin clinics and aesthetic practitioners (“Clinics”) to create and share personalised skincare routine plans with their clients (“Clients”). This policy explains how we handle personal information, in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
When a Clinic enters Client information into the platform, the Clinic decides what data is collected and why. We process that Client data on the Clinic's behalf as a service provider. Clients with questions about their own records should contact their Clinic in the first instance. Each Clinic is responsible for obtaining appropriate consent from its Clients before entering their information into the platform.
We do not knowingly collect more sensitive information than a Clinic chooses to record for skincare care purposes.
We use personal information to provide and maintain the platform, deliver routine plans and emails on a Clinic's behalf, authenticate users, process payments, provide support, and keep the service secure. We do not sell personal information, and we do not use Client data for advertising.
We rely on a small number of trusted infrastructure providers to operate the service: hosting and database (Supabase), application hosting (Vercel), transactional email (Resend), and payment processing (Stripe). These providers process data only to provide their service to us and are bound by their own security and privacy obligations. Some may store or process data outside Australia; we take reasonable steps to ensure appropriate protections are in place.
We use only essential cookies and browser storage needed to sign you in, keep you signed in, secure the service, and remember small interface preferences. We do not currently use advertising or third-party tracking cookies. Full detail is set out in our Cookie Policy.
Data is stored in managed cloud infrastructure with access controls, including database row-level security that isolates each Clinic's data. We take reasonable technical and organisational measures to protect personal information from misuse, loss, and unauthorised access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We retain personal information for as long as a Clinic maintains an account and as needed to provide the service, then delete or de-identify it within a reasonable period, unless we are required to retain it by law.
Clients may request access to, correction of, or deletion of their personal information by contacting their Clinic, who can action it within the platform. Clinics may request export or deletion of their account data by contacting us. We will respond to verified requests within a reasonable time.
If you have a concern about how we have handled your personal information, please contact us first at hello@theskincollective.au and we will work to resolve it. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
We may update this policy from time to time. Material changes will be notified to Clinics by email, and the “last updated” date above will change.
Privacy questions or requests can be directed to hello@theskincollective.au.