Kseniia Brow Art

Privacy Policy

Last updated: 2026-04-30

1. Who we are

Kseniia Vasileva (trading as Kseniia Brow Art) operates the website at kseniia.co.uk and the client portal at portal.kseniia.co.uk. This policy explains what personal data we collect, why we collect it, and what rights you have over it.

Contact: support@kseniia.co.uk

Address: 12 Station Road, Gerrards Cross SL9 8EL, United Kingdom

2. What we collect

  • Booking details — the dates, services, prices, and notes associated with appointments you book with us, handled by our scheduling system (Acuity Scheduling).
  • Customer record — your name, email address, phone number, and any intake-form answers you submit to us.
  • Sign-in details (portal users) — the email address you use to sign in (via magic link or Google), and the basic profile information Google returns when you choose that sign-in method.
  • Operational logs — basic technical records (sign-in timestamps, system events) so we can keep our services secure and reliable.

3. Why we collect it

  • To let you sign in and see your own bookings, photos, and notes.
  • To deliver the treatments you've booked and the aftercare that goes with them.
  • To contact you about your appointments (confirmations, reminders, aftercare).
  • To keep records we're required to keep for accounting and tax purposes.

4. Where your data is stored

  • Acuity Scheduling — our booking system. Holds the live appointment data that the portal mirrors.
  • Supabase (EU region, London) — our portal database. Holds customers, appointments, messages, and files.
  • AWS SES (eu-west-2, London) — sends transactional emails like magic-link sign-ins and appointment confirmations.
  • Google Workspace — if you sign in with Google, your authentication is handled by Google and we only receive your email and basic profile.
  • Our hosting — a private UK-based server. No data is copied outside the UK or EU under normal operation.

5. Who we share it with

We don't sell your data. We share it only with the processors listed above (Acuity, Supabase, Google, AWS), and only what's necessary for them to do their job. We never share your data with third parties for marketing without your explicit consent.

6. How long we keep it

We keep your account data for as long as you're a customer. If you ask us to delete your account, we'll remove your personal data within 30 days, except for records we're legally required to keep (for example, invoices for tax purposes — 7 years per HMRC rules).

7. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate personal data.
  • Erase your personal data (subject to the retention exceptions above).
  • Restrict or object to how we use your data.
  • Port your data to another service in a machine-readable format.
  • Complain to the UK Information Commissioner's Office at ico.org.uk if you're not satisfied with how we handle your data.

To exercise any of these rights, email support@kseniia.co.uk.

8. Cookies and tracking

The portal uses only the cookies strictly necessary to keep you signed in. The kseniia.co.uk website uses Tilda's standard cookies for site operation. We don't use advertising or analytics cookies at this time. If that changes, we'll update this policy and ask for your consent where required.

9. Changes to this policy

If we change this policy in a way that materially affects your data, we'll update the date above and notify you by email before the change takes effect.

10. Contact us

Questions about this policy, your data, or any of your rights? Email support@kseniia.co.uk.