Privacy Policy

1. Introduction

Welcome to Natural Clinic (“Natural Clinic”, “Clinic”, “we”, “us”, or “our”).

Natural Clinic is an advanced healthcare institution and technology-enabled patient engagement platform providing healthcare, medical aesthetics, dental, cosmetic, wellness, consultation, patient coordination, communication, and related healthcare support services through licensed healthcare professionals, physical medical facilities, digital systems, AI-supported technologies, and cross-border patient communication channels.

This Privacy Policy explains how we collect, process, use, store, disclose, transfer, and protect personal data in connection with:

• the Natural Clinic mobile application;
• websites and digital platforms;
• AI-powered visualization systems;
• digital consultation tools;
• patient communication systems;
• appointment and coordination services;
• healthcare support technologies;
• telecommunication and messaging channels; and
• related healthcare and patient-support services.

Collectively, these are referred to as the “Platform” or “Services”.

By accessing or using the Platform, you acknowledge that you have read, understood, and accepted this Privacy Policy.

2. Important Medical, AI, and Digital Consultation Disclaimer

The Platform may provide AI-generated previews, simulations, chatbot outputs, visualizations, translations, transcripts, preliminary consultation support tools, and automated informational content.

Such tools and outputs:

• are generated through algorithmic and artificial intelligence systems;
• are intended solely for preliminary informational, visualization, communication, coordination, and patient-support purposes;
• do not constitute definitive medical advice, diagnosis, prescription, treatment recommendation, or guaranteed medical outcome;
• do not replace physical examination, radiological review, laboratory testing, clinical evaluation, or professional medical judgment;
• may contain inaccuracies, inconsistencies, technical limitations, translation errors, or clinically unsuitable results;
• may materially differ from actual medical, dental, surgical, aesthetic, or cosmetic outcomes.

All final medical evaluations, diagnoses, treatment decisions, procedural recommendations, surgical planning, and suitability assessments shall be determined exclusively by qualified healthcare professionals following appropriate medical examination and clinical assessment.

Users expressly acknowledge that:

• healthcare outcomes inherently involve uncertainty and variability;
• AI-generated previews and simulations are illustrative only;
• digital assessments may be affected by image quality, lighting, anatomical limitations, device quality, connectivity issues, incomplete information, translation limitations, and contextual factors;
• no healthcare, surgical, dental, aesthetic, or cosmetic result is guaranteed.

Natural Clinic does not warrant that any AI-generated content, automated output, simulation, translation, transcript, recommendation, or digital communication will be accurate, complete, uninterrupted, clinically appropriate, or error-free.

3. Data Controller Information

Depending on the nature of the relevant processing activity, Natural Clinic may act as:

• a healthcare provider;
• a data controller;
• a joint controller;
• a data processor/service provider; and/or
• a healthcare coordination entity.

For privacy-related requests or questions, you may contact us at:

4. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

4.1 Identity and Account Information

• Full name
• Email address
• Phone number
• Date of birth
• Gender
• Nationality
• Country and city
• Passport or identification details where required
• Preferred language
• Emergency contact information
• Profile photograph
• Authentication and account credentials

4.2 Healthcare and Consultation Information

• Consultation requests
• Treatment interests and preferences
• Medical history voluntarily provided by users
• Medications and allergies
• Previous procedures and treatment history
• Clinical notes
• Appointment records
• Follow-up information
• Healthcare coordination records
• Uploaded forms and medical documents

4.3 Images, Visual Data, and AI Preview Information

• Uploaded photographs and videos
• Facial, dental, body, hair, and aesthetic images
• Image-derived information
• AI-generated previews and simulations
• PDF summaries and visual reports
• Metadata associated with uploaded content

Certain image-related information may constitute biometric or sensitive personal data under applicable laws.

In addition to images uploaded by the user, the application may locally analyze facial geometry — including head orientation (yaw, pitch, roll), eye openness probability, smile probability, and the position of facial landmarks — exclusively on the user's device, by means of Google ML Kit's on-device face detection technology. Such geometric measurements are processed locally to guide and validate photo capture (for example, to confirm correct framing and orientation) and are not transmitted to Natural Clinic or to any third party. No biometric template, faceprint, or biometric identifier within the meaning of applicable biometric-information laws is created, stored, or shared from these on-device measurements.

4.4 Communication Information

• WhatsApp communications
• Emails
• Chatbot conversations
• Consultation messages
• Customer support communications
• Audio and video consultation records
• Transcripts and translations where applicable

4.5 Technical and Device Information

• IP address
• Device identifiers
• Browser and operating system information
• Session activity
• Application logs
• Crash reports
• Notification identifiers
• Usage analytics
• Connectivity and diagnostic information

5. Special Category and Health-Related Data

Certain information processed through the Platform may constitute:

• health-related personal data;
• biometric information;
• medical records;
• consultation data; and/or
• special category or sensitive personal data under applicable laws.

Such data shall only be processed:

• where voluntarily provided by the user;
• where necessary for healthcare, consultation, coordination, communication, or related service purposes;
• where authorized by applicable law; and/or
• pursuant to explicit consent where required.

6. Legal Basis for Processing

Depending on the applicable jurisdiction and processing activity, personal data may be processed on one or more of the following legal bases:

• explicit consent;
• performance of a contract;
• provision of healthcare-related services;
• legitimate interests;
• compliance with legal and regulatory obligations;
• protection of vital interests;
• establishment, exercise, or defense of legal claims.

Where required under applicable law, explicit consent shall be obtained for the processing of health-related or sensitive personal data.

7. Purposes of Processing

Personal data may be processed for purposes including:

• providing healthcare and consultation services;
• facilitating patient coordination and communication;
• scheduling and managing appointments;
• generating AI-supported previews and simulations;
• enabling digital communication and consultation;
• generating reports, summaries, and visual outputs;
• identity verification and fraud prevention;
• customer support and patient assistance;
• improving service quality and operational efficiency;
• monitoring security and preventing abuse or misuse;
• maintaining technical infrastructure;
• complying with healthcare, legal, regulatory, ethical, and contractual obligations;
• protecting legal rights and enforcing policies.

8. AI Processing and Automated Technologies

Natural Clinic may utilize artificial intelligence systems, machine learning technologies, automated processing tools, and third-party AI infrastructure providers in connection with:

• image analysis;
• visual simulations;
• facial or aesthetic mapping;
• translation systems;
• transcript generation;
• communication support systems;
• automated informational outputs.

AI-generated outputs are probabilistic in nature and may contain inaccuracies, inconsistencies, biased outputs, incomplete information, visual distortions, or clinically unsuitable results.

Uploaded photographs and visual content may be processed solely for:

• generating previews and simulations;
• consultation support;
• patient coordination;
• communication functionality;
• operational, security, and service-improvement purposes.

Natural Clinic does not use uploaded patient photographs or medical images to train publicly accessible AI models unless separately and expressly authorized by the user where required by applicable law.

8.1 Third-Party AI Service Providers

Where the user has expressly accepted the in-application AI photo analysis consent, photographs voluntarily submitted by the user for the generation of AI previews may be transmitted to and processed by the following third-party artificial intelligence service providers acting on Natural Clinic's behalf:

1. Google LLC (Gemini API) — for image generation and treatment-fit classification across all aesthetic procedure types;
2. OpenAI, L.L.C. — for supplementary visual analysis in hair and facelift procedures.

Each such third-party processor is engaged under a data processing agreement requiring it to (i) apply technical and organizational safeguards substantially equivalent to those described in this Privacy Policy, (ii) process personal data solely on Natural Clinic's documented instructions and for the limited purposes described above, and (iii) refrain from using such data to train its publicly accessible artificial intelligence models. The list of third-party providers above shall be updated from time to time as the Services evolve, and any material change shall be reflected in this Privacy Policy.

8.2 In-Application Consent for AI Photo Analysis

Prior to the first transmission of any photograph for AI preview generation, the user shall be presented with an in-application consent dialog identifying (i) the categories of visual data that may be transmitted, (ii) the third-party AI service providers involved, and (iii) the purposes of processing. No photograph shall be transmitted to any such provider unless and until the user has expressly accepted that consent dialog. The user's acceptance is recorded locally on the user's device.

9. International Data Transfers

Personal data may be processed, transferred, accessed, or stored in jurisdictions outside the user’s country of residence through:

• cloud infrastructure providers;
• AI technology providers;
• communication systems;
• analytics providers;
• healthcare coordination systems;
• customer support services.

Where required by applicable law, Natural Clinic implements commercially reasonable safeguards designed to protect transferred personal data, including:

• confidentiality obligations;
• access restrictions;
• contractual protections;
• technical and organizational safeguards;
• data minimization practices.

10. Sharing of Personal Data

Personal data may be shared where reasonably necessary with:

• doctors and healthcare professionals;
• hospitals and clinics;
• patient coordinators;
• laboratory, imaging, and diagnostic providers;
• cloud and infrastructure providers;
• AI technology providers;
• communication and support providers;
• legal, regulatory, judicial, governmental, or law enforcement authorities;
• auditors, consultants, insurers, and professional advisors.

Natural Clinic does not sell personal data.

All disclosures shall be limited to what is reasonably necessary for the relevant purpose.

11. WhatsApp, Digital Communications, and Third-Party Services

Users acknowledge that communications may occur through third-party systems including:

• WhatsApp;
• email systems;
• telecommunications infrastructure;
• video conferencing platforms;
• translation services;
• push notification systems;
• cloud communication providers.

Such third-party systems operate under their own technical standards and privacy policies.

Natural Clinic shall not be responsible for:

• third-party service interruptions;
• transmission delays;
• communication failures;
• external cybersecurity vulnerabilities;
• failures outside its reasonable control.

Notwithstanding the foregoing, where Natural Clinic transmits personal data to third-party processors for the provision of the Services — including, without limitation, artificial intelligence service providers, cloud infrastructure providers, push-notification providers, and real-time audio and video communication providers — such processors act under written data processing agreements requiring them to maintain technical and organizational safeguards substantially equivalent to those described in this Privacy Policy and to process personal data only on Natural Clinic's documented instructions.

12. Data Retention

Personal data may be retained for as long as reasonably necessary to:

• provide healthcare and coordination services;
• maintain consultation and medical records;
• comply with healthcare, tax, accounting, insurance, legal, and regulatory obligations;
• resolve disputes;
• establish, exercise, or defend legal claims;
• maintain operational integrity, auditability, and security.

Retention periods may vary depending on:

• applicable laws and regulations;
• medical obligations;
• dispute risks;
• regulatory requirements;
• operational and security needs.

12.1 Retention of Photographs and AI-Generated Visual Outputs

Notwithstanding the general retention principles set out above, photographs voluntarily uploaded by the user (including facial, dental, body, hair, and aesthetic images) and AI-generated previews derived therefrom shall be retained for a maximum of twelve (12) months from the date of the most recent user activity associated with such images, except where a longer retention period is strictly required by applicable healthcare, tax, or other legal obligations. Upon a verified account deletion request submitted by the user, such images shall be deleted from active systems within thirty (30) days, save for residual copies contained in standard, time-limited backup systems which shall be overwritten in the ordinary course of operations. Where retention beyond the above periods is mandated by applicable law, the retained images shall be subject to access controls limiting use to the specific legal purpose requiring retention.

13. Security Measures

Natural Clinic implements commercially reasonable administrative, technical, physical, and organizational safeguards designed to protect personal data against unauthorized access, misuse, disclosure, destruction, alteration, or loss.

Such safeguards may include:

• authentication protocols;
• encrypted transmission systems;
• secure cloud infrastructure;
• restricted access controls;
• monitoring and logging systems;
• internal confidentiality obligations;
• technical and organizational security procedures.

However, no electronic platform, communication system, transmission method, or storage infrastructure can be guaranteed to be completely secure.

Accordingly, Natural Clinic disclaims any warranty of absolute or uninterrupted security.

14. User Rights

Depending on applicable law and jurisdiction, users may have the right to:

• request access to personal data;
• request correction of inaccurate information;
• request deletion of certain data;
• request restriction of processing;
• object to certain processing activities;
• withdraw consent;
• request portability of eligible data;
• lodge complaints with competent supervisory authorities.

Certain rights may be limited where retention or processing is necessary for:

• healthcare obligations;
• legal compliance;
• fraud prevention;
• regulatory requirements;
• dispute resolution;
• establishment, exercise, or defense of legal claims.

15. Account Deletion

Users may request deletion of their accounts through the Platform or by contacting Natural Clinic.

Upon verified deletion requests, Natural Clinic may delete, anonymize, or de-identify certain personal data, subject to applicable:

• healthcare obligations;
• legal obligations;
• regulatory requirements;
• security requirements;
• operational necessities; and
• dispute-resolution obligations.

Certain records may be retained where reasonably necessary or legally required.

16. Children

The Platform and Services are not intended for children below the minimum age permitted under applicable law.

Natural Clinic does not knowingly collect personal data from children without legally required authorization or consent.

If unauthorized collection involving a child becomes known, Natural Clinic reserves the right to remove the relevant information and suspend associated accounts.

17. Limitation of Liability

To the fullest extent permitted by applicable law, Natural Clinic disclaims liability arising from:

• AI-generated inaccuracies;
• automated outputs;
• digital simulation differences;
• treatment outcomes;
• medical decisions made by healthcare professionals;
• third-party system failures;
• communication interruptions;
• cybersecurity incidents outside reasonable control;
• unauthorized external access;
• user misuse of the Platform;
• reliance on automated or digitally generated content.

Nothing in this Privacy Policy shall exclude rights that cannot legally be excluded under mandatory applicable law.

18. Regulatory Compliance

Nothing within the Platform, AI systems, chatbot outputs, digital previews, informational materials, or communication tools shall be interpreted as:

• guaranteed treatment outcomes;
• emergency medical services;
• definitive medical diagnosis without appropriate clinical evaluation;
• unlawful healthcare advertising;
• regulated medical device certification unless expressly stated.

Users remain responsible for obtaining appropriate medical evaluation from qualified healthcare professionals.

19. Changes to This Privacy Policy

Natural Clinic reserves the right to amend, revise, update, or modify this Privacy Policy at any time.

Where required by applicable law, users may be notified through:

• in-app notices;
• email notifications;
• Platform announcements; or
• publication of updated versions.

Continued use of the Platform following such updates constitutes acknowledgment of the revised Privacy Policy.

20. Contact Information