A patch test that was skipped. A client who swears she mentioned her retinoid use but cannot prove it. A microblading touch-up that reacted badly, and a dispute about what was agreed beforehand. Every aesthetic practitioner knows the shape of these stories, and they all share one weakness: the consent was real, but it was verbal, or scribbled on a page in a drawer, or simply assumed. For chemical and aesthetic treatments — colour, peels, lash and brow chemistry, microblading, IPL — consent is not a courtesy. It is the document that protects both the client and the practitioner, and it is only worth as much as your ability to prove, later, exactly what was agreed and by whom. This post explains why these treatments need traceable consent and how F9.contact captures it as a signed, independently verifiable record.
Why these treatments are different
A haircut leaves no residue and reverses by growing out. A chemical or aesthetic treatment introduces an active substance to skin or hair, or makes a semi-permanent change, and carries a real possibility of an allergic reaction, a chemical burn, or an outcome the client did not expect. That changes the nature of consent in two ways.
First, the consent has to be informed. The client should understand the procedure, its risks, the aftercare, and any contraindications — pregnancy, certain medications, recent treatments — that make the procedure inadvisable. Second, and from a record-keeping point of view just as important, the consent has to be provable after the fact. If something goes wrong months later, the question is never "did you get consent?" in the abstract. It is "can you produce the exact form this client agreed to, with their identity attached, on this date?" A verbal yes and a good memory do not answer that question.
Consent and the medical-history intake are two different documents
It helps to separate two things that often get blurred at the front desk. The clinical consultation — the intake questionnaire that captures medical history, allergies, medications, and contraindications — is how you gather the information that makes consent informed. The consent itself is the client's agreement, having been informed, to proceed. F9 treats these as distinct surfaces precisely because they answer different questions: one is "is this client a suitable candidate?" and the other is "did this client agree to the specific procedure?" Both are versioned, both are signed, and both become part of the legal record.
What "eIDAS-signed" actually means here
When we say a consent is signed, we mean something specific and legally grounded. eIDAS is the EU regulation governing electronic signatures across the Union, and it recognises a tier called the simple electronic signature (SES). Under Article 25, an electronic signature cannot be denied legal effect simply for being electronic — and under the generic e-signature principles an SES is appropriate where the parties and the context make a typed affirmation a reasonable expression of intent. For a known client agreeing to a treatment they have come in for, in a portal they have authenticated into, that bar is met.
What F9 captures when a client signs a consent is more than a checkbox. The client types their name, ticks an explicit agreement, and the system records — server-side, not from anything the client could tamper with — their IP address, their browser's user agent, the unique identifier of their authenticated session, the locale they signed in, and the timestamp. All of that is sealed into a canonical record protected by an HMAC-SHA256 cryptographic seal, keyed by a dedicated secret held only by the platform.
Why the cryptographic seal matters
The seal is the part that turns a stored record into a provable one. Because the signed record is sealed with HMAC-SHA256, the entire envelope — the consent text, the client's typed name, the captured metadata — can be re-verified independently at any time. If anyone, including a database administrator, were to alter so much as one character of a signed consent after the fact, the recomputed seal would no longer match and the tampering would be exposed. You are not asking a court to trust your word that the record is unchanged; you are able to demonstrate it mathematically.
Two further design choices reinforce this. Each signed consent stores a snapshot of the consent text as it was at signing time, so if you later archive or revise the template, what the client actually agreed to is preserved exactly. And re-signing a newer version of the same consent does not overwrite the old one — it supersedes it, while both remain on file as legally binding artifacts. Your audit trail shows the evolution, not just the latest state.
Making consent unskippable: the booking gate
The most common failure mode is not bad consent; it is missing consent — the form that never got signed because the day was busy. F9 closes that gap by wiring consent to the booking itself. When you connect a published consent template to the service categories on a treatment, a booking for that service cannot be confirmed until the client has an active signature on file.
When a required consent is missing, the booking confirmation is refused with a clear, specific message naming the outstanding form, the client's portal surfaces it as a pending item, and the booking-detail page shows an amber banner with a deep link straight to the signing page — so after signing, the client lands back on their booking. From the management side, staff can send a sign link to the client at any time. That link carries a one-time, revocable token that can be used exactly once: clicking it lets the client sign, the act of signing consumes the token atomically, and a second click shows a clear "already used" message. The token survives platform secret rotation and can be revoked on demand, and the whole chain — link issued, link verified, link consumed, consent signed — is written to an audit log.
Aftercare for the record itself
A consent record is only useful if you can produce it. F9 renders any signed consent as an A4 PDF on demand — your salon header and tax number, the consent body in the client's own language, and a forensic footer carrying the typed name, the captured metadata, and the seal — exactly the document you would hand to a lawyer or an insurer. Staff can browse and download a client's signed consents from the client's detail page, and every view and download is logged.
GDPR erasure is handled without breaking the legal trail. When a client exercises their right to be forgotten, the personal content of the consent — the typed name and the captured envelope — is wiped, but the row and its audit history survive as the compliance artifact. The fact that consent was given, and when, remains provable; the personal data inside it does not linger.
The bottom line for an aesthetics practice
Chemical and aesthetic treatments demand consent that is informed before the procedure and provable long after it. Verbal agreements and paper in a drawer fail the second test exactly when you need them most. By capturing consent as an eIDAS simple electronic signature — sealed, re-verifiable, snapshotted at signing time, and wired so a booking cannot be confirmed without it — F9.contact turns the riskiest part of an aesthetics practice into a quiet, automatic, defensible record. The client signs once, from their phone, and you never again have to wonder whether the form exists.