Skip to main content

Last Updated: April 22nd, 2025


We at aemos Gmbh (“aemos”) and Revance Therapeutics, Inc. (“Revance”) (collectively, “we,” “us” or “our”) have created this Privacy Policy (this “Privacy Policy”) to let you know how information you provide to us is used and shared. This Privacy Policy related to our information collection and use practices in connection with the Revance by FaceReveal platform, made available to you at https://platform.face-reveal.com/ (“Platform”) and the Face/Reveal application which is accessible through iPad and other devices (“App”) (collectively, the “Services”), and when you interact with us in any other way.
By clicking “I ACCEPT,” or otherwise manifesting your assent to the Privacy Policy and accompanying Terms of Use, when you sign up to access and use the Services, you acknowledge that you have read, understood and agree to be legally bound by the terms of this Privacy Policy and the accompanying Terms of Use.
Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use. In the event of a conflict between the Privacy Policy and the Terms of Use, the Privacy Policy shall control.

Data Collection
We collect the following categories of information from our users:

  • Personal Identification information (Name, email address, phone number, company name) will be collected when you sign-up to use our Services, or voluntarily complete a customer survey or provide feedback on any of our message boards or via email. Personal identification information does not constitute Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
  • Pictures (face data) which are uploaded to our App, of you or your clients. When uploaded to our App using the App’s upload tool or camera roll access, pictures are sent to our servers in Amazon AWS Data Center Frankfurt, Germany, for processing. These pictures qualify as PHI under HIPAA.
  • Platform and App usage information will be collected anonymously when you access or use our Services, including but not limited to, your device’s IP address, browser type, browser version, type of device you use, your device’s unique ID, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data (collectively, the “Usage Data”).

We treat all non-PHI personal and usage data in accordance with applicable data protection laws, while any patient facial images or other PHI are collected and processed in strict compliance with HIPAA regulations to ensure the confidentiality, integrity, and security of all sensitive health information. All access and storage to the information collected through the Services is performed solely by aemos. Revance is not responsible for the collection and storage of such information.

Data Usage
We may use your data for the following purposes:
1. Personal Identifying Information & Usage Data:

  • Managing your account, which includes supporting functions, and processing your subscription.
    Provide, operate, and maintain our Services as well as understand and analyze how you use our Services.
  • Email you regarding new product features or special offers on other products or services.

2. PHI:

  • All PHI that we collect is used solely to provide our Services and facilitate patient care. For the purpose of analyzing images, PHI is securely transferred to our AWS servers in Frankfurt, Germany, where it remains in ephemeral storage and is not retained beyond the brief processing period, typically under one second. Immediately upon completion of the analysis, these images are not retained in our systems in accordance with HIPAA regulations, ensuring the privacy and confidentiality of all PHI at every stage.
  • By default, our App does not store photos locally or transmit the pictures taken other than as outlined above. However, the App does permit the user to store the pictures or transmit the pictures using other applications present on the device. Should you choose to store or transmit the pictures, you are solely responsible for such choice and represent that you have the proper consents and protections in place to do so. In the event that you do not obtain proper consent or experience a data breach or other event related to your choice to store or transmit the photos, aemos and Revance shall have no responsibility or liability associated therewith.

In addition, we may use your data:

  • To fulfill our legal and regulatory requirements;
  • To comply with applicable law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • To assess or complete a corporate sale, merger, reorganization, sale of assets, dissolution, investment, or similar corporate event where we expect that your data will be part of the transferred assets;
  • To audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • To prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft; and

Otherwise, with your consent. We do not sell your personal information, as set forth in the California Consumer Privacy Act (CCPA).

We may share your data in the following situations:

  • We may share your data with our third-party contractors and service providers that provide services to us in the operation of our business and assistance with the Services, specifically we will share your Personal Identification Information and Usage Data with Amazon Web Services Inc., Revance Inc., Alphabet Inc., aemos GmbH, Digital Ocean Holdings Inc. and Mixpanel Inc. and PHI with Amazon Web Services Inc.
  • We may share or transfer your data in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company.
  • We may share your data with our parent company, subsidiaries, affiliates and/or other companies under common control with us.
  • We may disclose data for any other purpose with your consent.

We maintain Business Associate Agreements (“BAAs”) with all partners and third-party contracts and service providers that receive or have access to PHI, in accordance with HIPAA regulations. These BAAs define each party’s responsibilities to protect PHI and ensure that data security, confidentiality, and regulatory obligations are upheld throughout all stages of data handling.

Data Storage
Personal Identifying Information and Usage Data are stored on Digital Ocean servers in Frankfurt, Germany, protected by industry-standard security measures. We will keep your Personal Identification Information beyond the duration of your subscription for the required statutory period. Once this period has expired, we will delete your data by removing it from our servers.
 
PHI resides only in ephemeral storage and is typically retained for no longer than one second for the purpose of processing. All PHI is handled in strict accordance with HIPAA regulations to ensure its confidentiality, integrity, and security at all times and is never stored.

Your Choices

Update Information: If the personal information we have for you changes, you may correct, update, or delete it by contacting us as set forth in Section XII of this Privacy Policy. You may correct, update, or delete some of their personal information directly in your account on the App. We will use commercially reasonable efforts to process all such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our databases.  Additionally, we will retain and use your information (or copies thereof) as necessary to comply with our legal and/or regulatory obligations, resolve disputes, and enforce our agreements.

Marketing Communications: You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any of our marketing emails. Please note that you cannot opt out of receiving transactional e-mails.

Cookie Management: Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies or other Tracking Technologies, the App may not work properly.  For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
You will need to apply these opt-out settings on each device from which you wish to opt-out.  We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you access or use our Services, we may collect information from you automatically through cookies or similar technologies. For further information please visit allaboutcookies.org.

aemos GmbH uses cookies in a range of ways to improve your experience on our website, including:

  • Understanding how you use our website.

There are several different types of cookies our website uses:

  • Functionality – Our company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  • Advertising – Our company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our company shares some limited aspects of this data with third parties for our own advertising purposes.

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

HIPAA – Health Insurance Portability and Accountability Act
aemos employs comprehensive administrative, physical, and technical safeguards to protect PHI and maintain HIPAA compliance.

Aemos is committed to protecting the privacy and security of all PHI shared with our application. We limit the collection and storage of PHI by processing patient images exclusively in memory on the iPad and within secure AWS cloud servers. Images are never stored in any persistent storage—once processing is complete, only non-identifiable results are retained. All data transfers occur over encrypted connections (TLS), and our servers employ strict access controls, including two-factor authentication and SSH key-based access, to guard against unauthorized intrusion. Additionally, we maintain a Business Associate Agreement (BAA) with AWS to ensure their physical and technical safeguards meet HIPAA requirements. In the unlikely event of a breach of unsecured PHI, Aemos will promptly investigate the incident, notify all affected individuals, alert the U.S. Department of Health and Human Services (HHS), and inform the media when required, in accordance with the HIPAA Breach Notification Rule.

By default, our application does not store photos locally or transmit the photo(s) taken other than as outlined above. However, the application does permit the user to store the photo or transmit the photo(s) using other applications present on the device. Should you choose to store or transmit the photos, you are solely responsible for such choice and represent that you have the proper consents and protections in place to do so. In the event that you do not obtain proper consent or experience a data breach or other event related to your choice to store or transmit the photos, aemos GmbH and Revance shall have no responsibility or liability associated therewith.

Children’s Information
We do not knowingly collect personal information from children under the age of 18 through our Services. If you are under 18, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information through the Services without their permission.  If you have reason to believe that a child under the age of 18 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Important Notice to Non-U.S. Residents
The Services are operated in the United States, but its servers are operated in various countries, including the United States. If you are located outside of the United States, please be aware that your information, including your personal information, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your country of origin. If you are located outside the United States and choose to use the Services, you consent to any transfer and processing of your personal information in accordance with this Privacy Policy, and you do so at your own risk.

DO  NOT TRACK
As discussed above, third parties such as analytics providers may collect information about your online activities over time and across different websites when you access or use the Services. Currently, various browsers offer a “Do Not Track” option, but there is no standard for commercial websites. At this time, we do not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

Notice to California Residents
If you are a resident of California, you may have additional rights regarding your personal information under the California Privacy Rights Act (the “CPRA”). Please review the CPRA Privacy Notice.

Notice to Nevada Residents
We do not sell your personal information as defined under Nevada law. Nonetheless, if you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties. You can exercise this right by contacting us at [insert email address] with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.

Privacy policies of other websites
The Services may contain links to other third-party websites or apps (“External Websites”). Our privacy policy applies only to our Services, so if you click on a link to any External Website, you should read their privacy policy. We have no control over the privacy practices or the content of any such External Websites. As such, we are not responsible for the content or the privacy policies of those External Websites.

Changes to our Privacy Policy
This Privacy Policy is effective as of the date stated at the top of this Privacy Policy.  We may change this Privacy Policy from time to time with or without notice to you. Any such changes will be posted on the Services. By accessing and/or using the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of your information is governed by the Privacy Policy in effect at the time we collect the Information.  Please refer to this Privacy Policy on a regular basis.

How to contact us
If you have any questions about this Privacy Policy, the data we hold on to you, or you would like to exercise your data protection rights, please do not hesitate to contact us. Email us at info@aemos.at.

 

California Privacy Rights Act Notice to California Residents

Last Updated: April 22, 2025
 
The California Privacy Rights Act (“CPRA”) grants residents of the State of California (“consumers”) and households located in California certain rights regarding their Personal Information. This Notice (the “CPRA Notice”) applies to the Personal Information of consumers and/or households that is collected and/or processed (online and/or off-line) by or on behalf of aemos GmbH (“aemos”) or Revance Therapeutics, Inc. (“Revance”) (collectively “we,” “us,” or “our”) and supplements our Privacy Policy. All capitalized terms herein have the meanings given in the CPRA or the Privacy Policy. We address Personal Information associated with our employees and job applicants separately. In the event of any conflict between this CPRA Notice and terms in the Privacy Policy, the provision that is more protective of your Personal Information shall control to the extent of such conflict.
 
If you have any questions about this CPRA Notice or whether any of the following rights apply to you, please contact us at info@aemos.at. If you are located outside of the State of California, this CPRA Notice does not apply to you, and you should refer to our Privacy Policy.
 
I. The Personal Information We Collect, Why We Collect it, and How Long We Keep it
We may collect the categories of Personal Information (including sensitive information) listed in the tables below for the specific business purposes listed next to them.
 
We determine the retention periods of each category of Personal Information based on the following criteria:

  • The purposes for which we process the Personal Information (we need to retain the data as long as necessary to complete such purposes); and
  • Tax, legal and regulatory obligations and requirements (laws or regulation may set, or recommend, a minimum period for retention of your Personal Information).
Personal Information CategoryBusiness Purpose
Identifiers, such as your full name, mailing address, telephone numbers, email address, online identifier, IP address– Provide the Services and respond to inquiries, solicit your feedback and inform you about our products and services;
– Provide newsletters and send email alerts (including marketing emails);
– Administer and maintain our operations, including for safety purposes;
Comply with applicable laws and regulations;
– Respond to law enforcement requests and as required by applicable law or court order;
– For verifying your identity and managing your account including any transactions
– For order processing and fulfillment;
– For analytics purposes;
– To investigate and to manage enquiries, disputes and legal proceedings;
– To evaluate or consummate a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company as
Commercial information, including records of Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Same as above
Information you share during communications and interactions with us, such as the content of email messages, and phone calls.Same as above
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an advertisementSame as above

II. How We Obtain Your Personal Information
We receive your Personal Information directly from you, as well as from the following categories of sources:

  • Directly from you; and
  • Internet or other electronic network activity;

III. What Kind of Personal Information We Disclose to Others
 
We may disclose the following categories of Personal Information to the following categories of service providers and/or contractors for a business purpose.
 

Personal Information CategoryCategory of Service Provider/Contractor
– Identifiers
– Commercial information
– Information you share during communications and interactions with us
– Internet or other electronic network activity information  		Third-party contractors and service providers that provide services to us in the operation of our business and assistance with our Services. The list of such service providers is set forth in our Privacy Policy.
All categories of Personal Information mentioned aboveOur parent companies, subsidiaries, affiliates and/or other companies under common control with us.

IV. Your Rights and Choices

The CPRA provides consumers and households with specific rights regarding their Personal Information. We will usually be the business processing your Personal Information. If we are acting as a service provider or contractor on behalf of another business, please contact the business that collected your Personal Information in the first instance to address your rights with respect to such data.

a. Right to Know About Your Personal Information

You have the right to request that we disclose the following kinds of information to you about our collection, disclosure, sale, sharing, and use of your Personal Information:

  • Categories of Personal Information, sources, business or commercial purposes, and to whom the information was disclosed. Please see for this information Sections I-III of this CPRA Notice.
  • Specific Pieces of Personal Information: If you would like to know and access the specific pieces of Personal Information that we have collected about you, please contact us as described in Section VIII below. You may exercise this right up to two times in any 12-month period.
  • Categories of Personal Information Sold: We do not sell any Personal Information obtained about you, nor have we done so in the past.
  • Categories of Personal Information Shared: The categories of Personal Information shared for the purpose of cross-context behavioral advertising in the last twelve months are: None.

b. Right to Request Deletion

You have the right to request deletion of your Personal Information. We will honor such request but might not be able to fulfill your request if we (or our service providers) are required to retain your Personal Information. Examples of such exceptions are:

  • Completing a transaction or performing a contract we have with you;
  • Detecting and addressing data security incidents and repairing or upkeep of our IT systems.
  • Protecting against fraud or other illegal activity;
  • Complying with applicable law or a legal obligation, or to exercise rights under the law (e.g., the right to free speech); or
  • Using your Personal Information internally to improve our Website, Products, Digital Content and Services.

c. Right to Request Correction

You have the right to request that we correct inaccurate Personal Information that we maintain about you. We will honor such request but might not be able to fulfill your request if it is impossible to do so or would involve disproportionate effort, or if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive.

d. Right to Opt-Out of the Sale and/or Sharing of Personal Information.

You have the right to opt-out of the sale and/or sharing of your Personal Information. Please exercise your rights as set forth in Section V below.

e. Right to Limit the Use and Disclosure of Sensitive Personal Information

You have the right to limit certain ways in which a business uses and discloses sensitive Personal Information. Please note, however, that we only collect the information mentioned in this CPRA Notice, and do not use or disclose it for any purposes that are covered by this right (nor have we done so in the past).

f. Right to Designate an Authorized Agent

You have the right to submit a request with an authorized agent. If you choose to do so, we may require that you (i) provide the authorized agent written permission to act on your behalf, and (ii) verify their identity directly with us. We may deny a request from an authorized agent that does not submit proof of authorization.

g. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights. We will not (i) deny you products or services, (ii) charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of products or services, and (iv) suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.

V. Exercising Your Privacy Rights

Rights to Know, to Request Deletion, and to Request Correction of Personal Information

To exercise these rights, please submit a verifiable consumer request to us entitled “California Privacy Request,” by using the following methods:

What we need to know to fulfill your request

The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information related to you. Making a verifiable consumer request does not require you to create an account with us.

How you will hear back from us

We will confirm receipt of a verifiable consumer request within ten (10) business days of its receipt. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) calendar days of receipt of the request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We may charge a reasonable fee to process or respond to your verifiable consumer requests if they are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for this decision and provide you with a cost estimate before completing your request.

Right to Opt-Out of the Sale and/or Sharing of Personal Information

If you are 16 years of age or older, you have the right, at any time, to direct us to not sell/share your Personal Information (the “right to opt-out”). We do not knowingly sell/share the Personal Information of children under the age of 16, unless we receive affirmative authorization (the “right to opt-in”) from either (i) the consumer who is between 13 and 16 years of age, or (ii) the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales/sharing may opt-out of future sales/sharing at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link: https://face-reveal.com/contact/.

Once you make an opt-out request, we will not ask you to reauthorize Personal Information sales/sharing for at least twelve (12) months. However, you may change your mind and opt back in to Personal Information sales/sharing at any time by contacting us at info@aemos.at.

You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and comply with the request.

VI. Other California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of Personal Information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. In order to submit such a request, please contact us at support or write us at:Cobenzlgasse 46, 1190 Vienna Austria.

  1. Changes to this CPRA Notice

This CPRA Notice is effective as of the date of the Last Update stated at the top of this CPRA Notice. We may change this CPRA Notice from time to time with or without notice to you. By visiting or accessing the Services or otherwise engaging or interacting with us after we make any such changes to this CPRA Notice, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your Personal Information is governed by the CPRA Notice in current effect. Please refer to this CPRA Notice on a regular basis.

  1. How to Contact Us

If you have any questions or comments about this CPRA Notice, the ways in which we collect and use your information, or your choices and rights regarding such use, please do not hesitate to contact us at:

  • Email: info@aemos.at
  • Mail: Cobenzlgasse 46, 1190 Vienna Austria