Privacy Policy

01Information We Collect

When you visit our studio, book an appointment, or use our website, we collect information to schedule your care, communicate with you, and operate our practice. The categories of information we collect include:

Information You Provide Directly

• Identifying details such as name, date of birth, mailing address, email address, and phone number
• Medical and health history relevant to the treatments you are considering, including allergies, medications, prior procedures, skin concerns, and consent forms you complete in person
• Photographs taken before, during, or after treatments for clinical documentation, with your written consent
• Payment information processed securely through our third-party payment processors (we do not store full card numbers on our systems)
• Communications you send us through forms, email, text, or social media

Information Collected Automatically

• Device and browser information, IP address, pages viewed, referring URLs, and time spent on the site
• Cookies, pixels, and similar technologies described in the Cookies section below

Information from Third Parties

We may receive information from our booking platform (GlossGenius), our practice-management software, payment processors, advertising partners, and analytics providers in connection with services they perform on our behalf.

02How We Use Your Information

We use the information we collect to:

• Schedule, confirm, and manage your consultations and treatments
• Provide medical aesthetic services and follow-up care that is appropriate for you
• Send appointment reminders, post-treatment care instructions, and important practice updates
• Process payments and maintain accurate financial records
• Respond to inquiries, requests, and feedback
• Personalize the website, improve our services, and analyze usage trends
• Send marketing communications, promotions, and educational content where you have opted in (you may unsubscribe at any time)
• Comply with legal obligations, including tax, recordkeeping, and applicable healthcare regulations
• Protect the rights, safety, and property of our patients, staff, and practice

03HIPAA & Protected Health Information

As a medical practice in the United States, certain health information you share with our providers is considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). PHI is handled under our separate Notice of Privacy Practices, which is provided to every patient at intake and available upon request.

The information collected through this website (such as name and email submitted on contact forms) is generally not PHI unless you specifically provide medical information. Once you become a patient and clinical records are created, those records are protected under HIPAA, our Notice of Privacy Practices, and applicable state law.

If you would like a copy of our Notice of Privacy Practices, contact us using the details at the end of this policy.

04Sharing & Disclosure

We do not sell your personal information. We share information only as necessary to provide care, operate our practice, or comply with the law. Categories of recipients may include:

• Service providers: booking and scheduling platforms, payment processors, secure cloud storage, email and SMS providers, website hosts, and analytics vendors who are bound to use the information only as we instruct
• Healthcare partners: consulting physicians or specialists, with your consent, when coordinating care
• Legal and regulatory authorities: when required by subpoena, court order, public-health request, or applicable law
• Business successors: in the event of a merger, acquisition, or sale of assets, in which case we will notify affected patients

Photographs are never shared publicly (including on social media) without your specific written authorization.

05Cookies & Tracking Technologies

Our website uses cookies, pixels, and similar tools to operate the site, remember your preferences, measure traffic, and improve performance. We use:

• Strictly necessary cookies required for the site to function
• Analytics cookies (such as Google Analytics) that help us understand how visitors use the site in aggregate
• Marketing cookies that may be used by advertising partners to deliver relevant ads on third-party platforms

Most browsers allow you to refuse or delete cookies through their settings. Doing so may limit some features of the site.

06Your Rights & Choices

Depending on where you live, you may have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your information, subject to legal and recordkeeping obligations that apply to medical records
• Opt out of marketing emails by clicking unsubscribe in any message we send, or by contacting us directly
• Receive a copy of your medical records as outlined in our Notice of Privacy Practices

To exercise any of these rights, contact us using the details below. We will respond within the timeframe required by applicable law.

07Data Security

We use reasonable administrative, technical, and physical safeguards to protect the information we collect and store. Our practice-management and electronic health record systems are designed to meet HIPAA security standards. Payment data is processed by PCI-DSS compliant providers and is not stored on our servers.

No system is completely secure. While we work hard to protect your information, we cannot guarantee that unauthorized access, disclosure, or misuse will never occur. If we become aware of a security breach affecting your information, we will notify you as required by law.

08Children’s Privacy

Our website and services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us so we can promptly delete it.

09Third-Party Links

Our website and emails may contain links to third-party sites such as our booking platform, social media accounts, or partner brands. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before sharing information.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The “Last Updated” date at the top of this page indicates when the policy was last revised. Material changes will be communicated in advance where required by law. We encourage you to review this page periodically.