Privacy Policy

Med Spas

Last Updated: 03.11.2026.

Med Spas

This Privacy Policy describes how [Your Med Spa Name] (“we,” “us,” or “our”) collects, uses, and protects your personal information when you visit our website, book appointments, receive treatments, or otherwise interact with our services. We are committed to protecting your privacy and handling your information with the care it deserves.

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services or website.

1. Information We Collect

1.1 Information You Provide Directly

When you interact with us, you may provide us with the following types of personal information:

  • Contact information — your full name, email address, phone number, and mailing address
  • Appointment and booking information — preferred dates, treatment interests, and referral source
  • Medical and health history — relevant health conditions, medications, allergies, and prior cosmetic treatments, as required to safely administer services
  • Consent forms — signed intake forms, informed consent documents, and pre/post-treatment instructions
  • Payment information — billing address and payment method details (processed securely through our payment provider; we do not store full card numbers)
  • Communications — messages, inquiries, feedback, or complaints you send to us via email, contact forms, or phone

1.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • Device and browser information — operating system, browser type and version
  • IP address and approximate location
  • Pages visited, time spent on pages, and referring website
  • Cookie and tracking data (see Section 5 for details)

1.3 Information from Third Parties

We may receive information about you from third parties such as:

  • Online booking platforms (e.g., Vagaro, Mindbody, Jane App) used to schedule your appointments
  • Payment processors used to complete transactions
  • Review platforms (e.g., Google, Yelp, RealSelf) if you leave a public review that references our services
  • Referring healthcare providers, if applicable

2. How We Use Your Information

We use your personal information for the following purposes:

  • Providing Services — scheduling and delivering aesthetic treatments, conducting consultations, and following up after appointments
  • Medical Safety — reviewing your health history to determine appropriate treatments, contraindications, and aftercare instructions
  • Communication — sending appointment confirmations, reminders, pre-care and post-care instructions, and responding to your inquiries
  • Billing & Payments — processing payments, issuing receipts, and managing refunds when applicable
  • Marketing & Promotions — sending newsletters, promotional offers, seasonal specials, or new service announcements (only with your consent; you may opt out at any time)
  • Legal & Compliance — fulfilling our obligations under applicable law, including HIPAA where applicable, state medical recordkeeping requirements, and consumer protection regulations
  • Business Improvement — analyzing how our services are used to improve our offerings, website, and client experience

3. Health Information & HIPAA

If our med spa qualifies as a HIPAA-covered entity or business associate, any Protected Health Information (PHI) you provide — including medical history, treatment records, and health conditions — is governed by our separate HIPAA Notice of Privacy Practices, which is provided to you upon your first visit and is available upon request.

Even where HIPAA does not strictly apply, we treat all health and treatment-related information with the highest level of confidentiality. We do not sell, rent, or share your health or treatment information with third parties for marketing purposes.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

  • Service Providers — trusted vendors who help us operate our business, including booking software providers, payment processors, email marketing platforms, and IT support. These parties are contractually required to protect your information.
  • Healthcare Professionals — with your explicit consent, we may share relevant health information with referring physicians or other licensed practitioners involved in your care.
  • Legal Requirements — when required by law, regulation, court order, or to respond to a valid legal request from government authorities.
  • Business Transfers — in the event of a sale, merger, or acquisition of our business, your information may be transferred to the successor entity. We will notify you of any such change.
  • With Your Consent — for any other purpose with your explicit prior consent.

5. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience and understand how visitors use our site. Types of cookies we may use include:

  • Essential Cookies — necessary for the website to function properly (e.g., maintaining session state during booking)
  • Analytics Cookies — help us understand website traffic and user behavior (e.g., Google Analytics)
  • Marketing Cookies — used to show you relevant advertisements on other websites, if applicable

You can control or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website and online booking features.

6. Data Retention

We retain your personal information for as long as necessary to provide our services, maintain your client record, fulfill legal and regulatory requirements (including medical recordkeeping obligations, which vary by state but are typically 7–10 years for treatment records), and resolve any disputes.

When your information is no longer needed, we will securely delete or de-identify it in accordance with applicable law.

7. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect your personal information against unauthorized access, loss, misuse, or disclosure. These measures include encrypted data storage, secure HTTPS connections, restricted staff access, and regular security assessments.

While we take security seriously, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and we encourage you to use caution when submitting sensitive information online.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Right to Access — request a copy of the personal information we hold about you
  • Right to Correct — request corrections to inaccurate or incomplete information
  • Right to Delete — request deletion of your personal information, subject to legal retention requirements
  • Right to Opt Out of Marketing — unsubscribe from promotional emails or text messages at any time using the opt-out link in our communications or by contacting us directly
  • Right to Data Portability — receive your information in a portable format where technically feasible
  • Right to Restrict Processing — ask us to limit how we use your information in certain circumstances
  • Right to Withdraw Consent — where processing is based on your consent, you may withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 11. We will respond to verified requests within the timeframe required by applicable law (typically 30–45 days). We will not discriminate against you for exercising your privacy rights.

9. Children’s Privacy

Our services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental or guardian consent. If a minor requires treatment, a parent or legal guardian must be present and must provide consent on behalf of the minor.

If you believe we have inadvertently collected information from a minor without proper consent, please contact us immediately and we will take prompt steps to delete such information.

10. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or booking portals. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before submitting any personal information. The inclusion of a link does not imply our endorsement of the linked site.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Med Spas

Attn: Privacy Officer

Email: [email protected]

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this document and, where appropriate, notify you by email or a prominent notice on our website.

Your continued use of our services after any changes take effect constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

Scroll to Top