Home
About
Books
Download

Provider Privacy Standards

Last Updated: 12/1/2025

Welcome to Vera Reception. At Vera, our mission is to raise the world's skin game, and that begins with trust. When we send you a Patient, we are entrusting you not only with their aesthetic goals but with their sensitive personal and medical information.

These Provider Privacy Standards outline your obligations regarding the collection, use, and protection of Patient data received through the Vera Reception platform. By using Vera Reception, you agree to these standards.

1. Handling Patient Personal Information

As a Provider on Vera Reception, you will receive Personal Information about Patients to manage Appointment Requests, confirm bookings, and deliver Aesthetic Treatments.

Purpose Limitation

You agree to use Patient Personal Information solely to:

  • Manage Appointments and Appointment Requests initiated via Vera Reception.
  • Communicate with the Patient regarding their specific Consultation or Treatment.
  • Deliver the requested Aesthetic Treatment securely and safely.
  • Comply with applicable legal and medical record-keeping obligations.

Prohibited Uses

You may not use Patient Personal Information received via Vera Reception to:

  • Send unsolicited marketing materials, newsletters, or promotions outside of the Vera platform without the Patient's explicit, separate consent.
  • Sell, license, or trade Patient data to third parties.
  • Encourage Patients to interact with third-party websites or applications that are not reasonably necessary for the provision of the Aesthetic Treatment.

2. Sensitive Health Data & Facial Analysis

Vera distinguishes itself by providing detailed pre-consultation data, which may include "Before" photos, facial analysis results (via our AIA/AI Aesthetician), and specific aesthetic concerns.

Medical Confidentiality

You acknowledge that this information is highly sensitive. You agree to treat all Patient data received from Vera with the same level of confidentiality and security as you would your own medical records, in strict compliance with applicable healthcare privacy laws (such as HIPAA in the US, or the Personal Information Protection Act (PIPA) and Medical Service Act in Korea).

Access Control

Access to Patient profiles within your Vera Reception dashboard should be limited strictly to authorized medical and administrative staff who require such access to perform their duties.

3. Data Security

You agree to implement and maintain appropriate administrative, technical, and physical safeguards to protect Patient Personal Information against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.

Taking into account the state of the art and the sensitivity of medical data, these measures should include, where appropriate:

  • Encryption of data in transit and at rest.
  • Strong access controls (e.g., password protection, multi-factor authentication) for devices accessing Vera Reception.
  • The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident.

4. Cross-Border Data Transfers

Because Vera connects Patients with Providers globally (e.g., a US Patient visiting a Provider in Korea), Personal Information will be transferred across international borders.

If, in the course of providing Aesthetic Treatments, (i) Personal Information is transferred to you from the European Economic Area (EEA), Switzerland, or the UK, and (ii) the transfer does not benefit from an existing "adequacy decision" by the relevant regulatory body, then you agree to process the Personal Information you receive in accordance with the obligations of Module 1 (Controller-to-Controller) of the Standard Contractual Clauses ("Clauses") contained in European Commission Implementing Decision (EU) 2021/914.

The Clauses are hereby incorporated into your agreement with Vera with the same force and effect as if they were fully set forth in that agreement, with the following details:

  • Governing Law: The laws of Ireland (or the applicable jurisdiction of the Data Exporter) shall govern Clause 17.
  • Choice of Forum: The courts of Ireland (or the applicable jurisdiction of the Data Exporter) shall have jurisdiction for Clause 18.
  • Data Exporter: Vera Beauty Inc. (facilitating the transfer).
  • Data Importer: You (the Provider).
  • Data Subjects: Patients.
  • Purpose of Transfer: To enable you to evaluate Appointment Requests and provide Aesthetic Treatments.
  • Categories of Data: Patient name, profile photo, facial analysis data, aesthetic concerns, medical history relevant to treatment, appointment history, and chat logs.
  • Sensitive Data: Yes (Health data, biometric data/photos).
  • Retention: Data is retained for the period determined by you as necessary to manage medical records in compliance with local law (e.g., Medical Service Act requirements for maintaining patient charts).

5. Compliance with Local Law

You represent and warrant that your collection, use, and storage of Patient data complies with all applicable local privacy and health information laws in your jurisdiction (including, for Korea-based Providers, the Personal Information Protection Act and the Medical Service Act).

Where Vera acts as a technical intermediary, you remain the independent Data Controller responsible for the medical care and records of the Patient once they are under your care.