Patient Photo Consent

This page explains what you agreed to when your practitioner took your photo in the Phiusion application. Your practitioner ticked the consent box on your behalf during your visit, after walking you through the points below. You can read it again or withdraw at any time (§7). For the broader picture of what Phiusion collects and where it goes, see the Patient Privacy Notice.

1. What you are agreeing to

You are agreeing to let your practitioner take two photographs of your face — frontal and profile — and store them inside Phiusion as part of your skin wellness record. Your practitioner uses them together with a skin assessment to have a more informed conversation with you. This is not the consent that lets Universkin SAS use your photographs to improve its AI model — that is a separate, optional consent (§3).

Phiusion is general wellness software. It is not a medical device, and the skin assessment it produces is not a diagnosis. Your practitioner reviews everything the application shows and applies professional judgment before recommending anything.

2. What we collect with this consent

• A frontal photograph and a profile photograph of your face. Background pixels are removed automatically by remove.bg, so only your face is stored.
• The timestamp of capture.
• The practitioner who recorded the session.
• The encounter location — where your practitioner is when the photograph is taken (relevant to the state-law floor in §6; not your home address).

Anything else in your record — name, health background, skin concerns, contact details — is covered by your practitioner's intake forms and Patient Privacy Notice §2.

3. How your photographs are used

• Your skin wellness record. Your practitioner saves them so the two of you can compare visits over time.
• Skin assessment by SkinXS. They are sent to SkinXS, operated by Universkin SAS in France, which returns structured skin-condition indicators (hydration, redness, oiliness, fine lines, etc.). SkinXS also computes a transient face-geometry vector to derive those indicators (§4).
• Your practitioner's regimen recommendations. Your practitioner combines the photographs, indicators, and your skin concerns into a regimen recommendation. The recommendation is your practitioner's; the application's role is professional curation.

All three uses are treatment under HIPAA — qualifying as treatment use and disclosure under 45 CFR §§ 164.502 and 164.506, so no §164.508 authorization is required. The §164.508 authorization sits in the Patient AI Improvement Consent and applies only if you opt in to AI-model improvement; saying no has no effect on your care.

We never use your photographs for advertising, never sell them, and never share them with social-media platforms or data brokers.

4. Biometric face-geometry vectors

When SkinXS analyses your photograph it temporarily computes a face-geometry vector — a numerical representation of your face — to derive the skin-assessment indicators. Under Illinois BIPA, Texas CUBI, and Washington RCW 19.375 this vector is treated as a regulated "biometric identifier" at the moment of capture, keyed to your practitioner's location at the encounter (§2), even though Phiusion does not use it to identify you or match it against any database.

By default the vector is ephemeral: it exists in memory only for the SkinXS request and is discarded once the assessment returns. It is not persisted on this consent. Full retention and destruction rules — including what happens if you opt in to AI-model improvement — are at the Biometric Retention & Destruction Policy. See also Patient Privacy Notice §8.

5. Who can see your photographs

• You, on request through your practitioner or the Privacy Officer.
• Your treating practitioner and clinic staff acting under their instructions.
• Phiusion Labs personnel under role-based access controls, only to support your practitioner or investigate a security incident. Access is logged on every read.
• A small set of named sub-processors. Services that touch your photograph: SkinXS / Universkin SAS, Supabase (storage), Vercel (hosting), remove.bg (background removal). Other vendors in Patient Privacy Notice §5 — Anthropic, Stripe, SendGrid, AfterShip, Google Maps, Sentry — do not receive photographs. Sentry receives error metadata only; photograph bytes and storage URLs are excluded by configuration. Canonical list: Sub-Processors.

No one else sees your photographs without your written authorization or a legal instrument compelling disclosure (subpoena, court order).

6. Where this consent applies

Several US states have biometric or consumer-health laws beyond HIPAA (IL, TX, WA, CA, CT, CO, NV, OR, MD). Several Canadian provinces have health-information custodian or trustee laws beyond PIPEDA (ON, AB, MB, NB, NL, NS, PE, SK); BC and QC have their own private-sector regimes.

Rather than route this consent through a state- or province-specific variant, Phiusion applies the strictest of those laws to every patient, universally. Everyone gets ephemeral-by-default biometric handling, opt-in for any sharing beyond direct care, no sale of consumer health data, no geofencing of health-care facilities, and recognition of the Global Privacy Control browser signal. Province- and state-by-state detail: Patient Privacy Notice §8 and §9.

State- and province-specific rights are keyed to your residence. To exercise them, write to the Privacy Officer and tell us where you live (§7).

Quebec patients (Law 25). This consent is prepared for Quebec, but no Quebec patient is invited under it until three Phase 4 launch-gate items are complete: (a) a French-language version is published per Patient Privacy Notice §17, (b) the Law 25 art. 12 / CAI 60-day pre-notification is filed, and (c) the Law 25 art. 17 PIA is complete. Until then Quebec is out of scope (tracked in docs/legal/internal/phase-3-followups.md).

EU, EEA, UK, and Swiss patients. Photographs are processed by Universkin SAS in France via SkinXS (§3). For the GDPR / UK GDPR / Swiss nFADP framing — transfer mechanism, lawful basis, supervisory authority — see Patient Privacy Notice §10 and §16.

7. Your rights, and how to withdraw

You can withdraw this consent, and you can ask to see, correct, port, or delete what is in your record, at any time. Withdrawal stops new photographs from being taken; photographs already in your record remain part of your wellness documentation, but you can separately ask for them to be deleted under your right to erasure. We honour deletion requests unless a specific law requires us to retain the record — we will tell you why and for how long. Full procedure: Patient Privacy Notice §11.

Two ways to withdraw:

1. In-clinic, through your practitioner. Tell your practitioner at your next visit, or call the clinic. They record the withdrawal and confirm back to you.
2. Directly to Phiusion. Email privacy@phiusionlabs.app, or use the in-app withdrawal flow when you have a patient-surface account.

Step-by-step mechanics: Consent Withdrawal. Withdrawing this consent does not affect the care you receive.

8. How long your photographs are kept

Retention is set by your practitioner as the custodian of your skin wellness record, in line with the record-retention laws where they practise. The default rule, in the absence of a longer statutory period, is seven years from your last interaction, after which the photographs are securely destroyed.

Face-geometry vectors follow the Biometric Retention & Destruction Policy — ephemeral by default; retained only on the AI-improvement-consent leg.

A full retention schedule lands in Phase 4. Until then, ask the Privacy Officer for the period that applies to your record.

9. Contact and supervisory authorities

To exercise any right in §7, or to raise a question about this consent:

• Privacy Officer (Phiusion Labs): Jonathan Garbutt, privacy@phiusionlabs.app.
• Data Protection Officer (Universkin SAS, France): Maître Eric ELABD, +33 (4) 93.00.11.96, dpo@universkin.com.

If we (or your practitioner) cannot resolve your concern, Patient Privacy Notice §16 lists every supervisory authority Phiusion supports — US federal (HHS-OCR, FTC), each Canadian provincial commissioner, and the EU / UK / Swiss authorities that apply to the Universkin leg.

10. Updates to this consent

We follow semantic versioning. A major bump (X.0.0) signals a material change: your practitioner walks you through the new version at your next visit and records your acknowledgment again. A minor bump (1.X.0) covers clarifications, new sub-processors that do not change processing categories, and new statutory anchors — practitioner banner; changelog at your own pace. A patch bump (1.0.X) covers typos, formatting, and broken links — no re-prompt. Full changelog at /legal/changelog.

Appendix A — Delivery evidence

When your practitioner first took your photograph, the application recorded the version of this consent shown, the timestamp of acknowledgment, the capture method (doctor-proxy), and an immutable PDF snapshot of the page. Ask your practitioner or the Privacy Officer for a copy at any time.