Privacy Policy

The Skin Camouflage Network (“SCN”, “we”, “us”) is operated by Global Mart Ltd, a company registered in the United Kingdom. We are the data controller for personal data processed through this site.

For any privacy-related question or request, please use our contact form.

• Account data: name and email address used to create your login.
• Member profile data (practitioners only): business name, contact details, location/postcode, biography, qualifications, specialties and (for Accredited/Advanced tiers) logo and portfolio images.
• Verification documents: insurance certificates, qualification certificates and identity documents you upload as part of a membership application.
• Application data: the requested membership tier, application notes and reviewer notes.
• Usage analytics: aggregated counts of profile views and clicks, with viewer IP addresses one-way hashed to deduplicate visits. We do not record raw IP addresses against profile views.
• Contact messages: messages you send via the contact form (name, email, topic, message).

• To operate the practitioner directory and let clients find verified practitioners.
• To verify practitioner credentials and maintain professional standards.
• To communicate with you about your account, application or membership.
• To prevent fraud and abuse of the platform.
• To produce anonymous, aggregated usage analytics that help us improve the service.

Documents you upload as part of an application are stored in a private, access-restricted location. They are reviewed only by SCN administrators for the purpose of verifying your identity, qualifications and insurance. They are never displayed publicly, shared with third parties, or used for any other purpose.

• Verification documents: automatically purged from storage after the defined retention window — 90 days after a rejected application, 180 days for stale-pending applications, and retained while a membership remains active.
• Application records (name, email, status history, reviewer notes):retained as part of our audit trail and operational history, even after documents have been purged.
• Account data: retained until you delete your account (see below) or until an administrator removes it on request.
• Contact messages and email logs: retained for operational and audit purposes.

We process personal data on the following bases under UK GDPR:

• Legitimate interest — operating the directory, fraud prevention, internal analytics.
• Consent — for public listing of your practitioner profile in the directory.
• Contract — providing the services you sign up for.

We do not sell your personal data. We share data only with the service providers needed to run the platform:

• Lovable Cloud (hosting, database and file storage).
• Resend (transactional email delivery).
• Mapbox (map tiles for the practitioner map).

We use local storage only to keep you signed in. We do not use marketing or advertising cookies and do not run third-party trackers.

You have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data erased — you can self-serve this from My account → Danger zone → Delete my account, which removes your login, profile, member/partner records, applications and uploaded documents.
• Restrict or object to processing.
• Data portability.
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of the rights above, or to ask anything about how your data is handled, please use our contact form and select a relevant topic. We aim to respond to all privacy requests within 30 days.

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent change.