Client Record Card in a Nail and Brow Salon - What It Must Include and How to Fill It In

A client record card is a legal document, not a box-ticking exercise. It is your primary defence when a client claims she never told you about an allergy, a pregnancy, or a reaction to a previous treatment. Without a card, you have your word against hers. With a properly completed card, you have a date, a signature, and documented facts. That difference matters enormously when a claim reaches your insurer or a court.

What a Client Card Must Include - Legal Minimum

A client record card for a nail and brow salon must cover several mandatory elements. Leaving any of them out weakens your position in any dispute.

Personal Data with GDPR Consent

• Client's full name
• Phone number or email address (for post-treatment follow-up)
• GDPR consent clause with explicit agreement to the processing of personal and health data
• Statement of purpose for data collection and the client's right to erasure

Health Information

• Known allergies to cosmetic ingredients, metals, or latex
• Skin conditions: psoriasis, atopic dermatitis, fungal infections
• Current medications, especially blood thinners (aspirin, warfarin) and immunosuppressants
• Pregnancy or breastfeeding
• Diabetes or blood clotting disorders

Pre-Treatment Consultation

• Date of the most recent treatment of the same type
• Products the client uses daily in the treatment area
• Any adverse reactions to previous treatments, whether at your salon or elsewhere

Patch Test Results

• Date of the patch test
• Product name and batch number (LOT)
• Location of test application
• Result: negative (no reaction) or positive (allergic reaction)
• Signature of the technician who performed the test

Informed Consent

• Description of the treatment and products used
• Information about risks and possible complications
• Client's legible signature, given in person at the appointment

Treatment History

• Date of each visit
• Type of treatment performed
• Product used and batch number
• Exposure time where applicable
• Notes (e.g. reaction after a previous treatment, special preferences)
• Technician's signature

How to Fill In the Card - Step by Step

Completing the card is a staged process. You do not fill in everything at once. Some information is gathered before the appointment, some during, and some is added after the treatment ends.

1. Step 1 - before the first appointment: You can conduct an initial consultation by phone, SMS, or WhatsApp. Ask about allergies, medications, and pregnancy. Note what you hear. But remember: the physical card must be created at the in-person appointment. Screenshots from WhatsApp are not a signed document.
2. Step 2 - at the appointment, client's section: The client fills in her own personal and health information herself. Not you, not a receptionist on her behalf. This matters in any dispute because it is very difficult to claim "I didn't know" when you wrote the answer yourself.
3. Step 3 - technician's section: You add the patch test results, date, batch number, and treatment record. Describe exactly what you did, which product you used, and for how long.
4. Step 4 - signatures: Both of you sign at the appointment. Not remotely, not via a photo, not via WhatsApp. The signature must be physical, or given via a qualified electronic signature (which is not a realistic option in most beauty salons).
5. Step 5 - storage: The card goes into a locked cabinet or a binder with a key. It does not sit on the reception desk. It is not visible to the next client walking in. This is a GDPR requirement.

Where and How Long to Keep Client Cards

Storing client cards correctly is not just good organisation. It is a legal obligation with real consequences for non-compliance.

• Locked cabinet or keyed binder: inaccessible to clients in the salon. If you have a reception desk, the card must not lie open where anyone standing at the counter can read it.
• Electronic format: permitted, but must be encrypted, password-protected, and accessible only to you or explicitly authorised staff.
• Retention period: minimum 3 years after the client's last visit. For cards containing medical information (allergies, skin conditions), 5 years is the safer choice. That matches the standard limitation period for civil claims in Poland.
• What to avoid: cards left in plain sight, on the counter, in an unlocked binder at reception, or in an unsecured bag you take to mobile appointments.

When the Card Protects You - and When It Does Not

A client card only protects you when it is properly completed, signed, and kept up to date. An empty or incorrectly filled card can be used against you.

The card protects you when:

• A client claims she never told you about her pregnancy: you have her own signed health questionnaire where the pregnancy question is answered.
• A client claims there was no patch test: you have the test date, the product batch number, and the result, signed by both of you.
• A client claims she was not informed of the risks: you have her signature beneath the informed consent section.

The card does NOT protect you when:

• It is blank or only partially completed (missing health data or signature).
• It is out of date: the client told you at her third visit that she was pregnant, but you did not update the card.
• The client's signature is missing from the consent section.
• The patch test entry has no batch number: you cannot prove which product was tested.

Electronic or Paper Card

There is no single correct answer. Both formats have advantages and drawbacks. Choose whichever one you will actually complete consistently for every visit.

• Paper card: inexpensive, straightforward, requires no IT infrastructure. Downside: hard to search when you have hundreds of clients, can be lost or damaged, and there is no automatic backup.
• Electronic card (salon software): easy to search and archive, supports reminders and sharing treatment history with the client. Requires GDPR-compliant security and regular backups. You need a contingency plan for system outages.
• Hybrid: a paper card signed at the appointment, scanned or photographed and stored in an encrypted cloud service. A good compromise: you have a physical signature and mobile access. Remember that encryption is mandatory. Storing images in an unprotected Google Drive folder is a GDPR breach.

Frequently Asked Questions

Does the client need to sign the card at every visit?

No. She signs at her first visit. At subsequent visits you check whether her health information has changed. If it has (new allergy, new medication, pregnancy), you update the card and both sign the amended section. You add a new entry to the treatment history at every visit: date, treatment, product used, any notes.

What do you do if the client refuses to sign?

You have two options: decline to perform the treatment, or clearly note the refusal on the card with the date and your own signature (for example: "Client declined to sign consent on [date] - technician's signature"). The first option is safer because it removes the risk entirely. Carrying out a treatment without signed consent means you bear the full liability yourself.

Can you use WhatsApp as a client record?

You can use WhatsApp to conduct the initial health consultation before the appointment. But screenshots of chat conversations are not a client record. They lack a signature, a consistent structure, patch test results, and a treatment history log. WhatsApp is a communication tool, not medical documentation. The client card must be a separate, complete document with a signature.

How long do you keep the card after a client stops coming?

At least 3 years from the date of her last visit. For cards containing medical data (allergies, skin conditions) 5 years is the safer choice, in line with the standard limitation period for civil claims in Poland. After that period you can destroy the card in a way that prevents data recovery - use a shredder, not the recycling bin.