PRIVACY POLICY
Effective Date: June 14, 2026 | Last Updated: June 23, 2026
This Privacy Policy (“Policy”) describes how DERMAFIX SPA CENTER LLC and its affiliated medical spa locations and brands (collectively, “DermaFix,” “Company,” “we,” “our,” or “us”) collect, use, disclose, retain, and protect your information when you visit our websites, landing pages, and digital properties; submit a form; book or inquire about an appointment or consultation; apply for employment; communicate with us by phone, text message (SMS/MMS), email, or chat; or otherwise interact with us (collectively, the “Services”).
Please read this Policy carefully. By accessing or using our Services, submitting information to us, or consenting where consent is requested, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use our Services or submit information to us.
Important note regarding text messaging: Mobile information, phone numbers, and consent obtained for text messaging (SMS/MMS) purposes will NOT be sold, rented, or shared with any third parties or affiliates for their own marketing or promotional purposes. See Section 6 (Text Messaging / SMS Program) for full details.
1. Scope of This Policy
This Policy applies to information we collect through our Services and through offline interactions associated with those Services. It applies to prospective, current, and former clients; website and landing-page visitors; individuals who respond to our advertisements (including on Meta/Facebook, Instagram, TikTok, Google, and other platforms); job applicants; and other individuals who interact with us.
Relationship to medical records and HIPAA: DermaFix provides aesthetic and cosmetic, non-invasive spa services. To the extent any of our services or locations are subject to the Health Insurance Portability and Accountability Act (“HIPAA”), protected health information governed by HIPAA is handled in accordance with our separate HIPAA Notice of Privacy Practices, which controls over this Policy with respect to that information. This Policy governs information that is not protected health information under HIPAA, including marketing, website, advertising, scheduling-inquiry, and employment information.
2. Notice at Collection
At or before the point of collection, we collect the categories of personal information described below for the purposes described in Section 4. We retain each category for the periods described in Section 9. We do not “sell” personal information for money. We may “share” or process certain identifiers and internet-activity information for cross-context behavioral (targeted) advertising as described in Sections 7 and 8, and you may opt out as described in Section 10.
Category of Personal Information | Collected | Used for Targeted Ads / “Sharing” |
|---|---|---|
Identifiers (name, email, phone, postal address, IP address, device/online identifiers, cookie IDs) | Yes | Yes (identifiers & online identifiers) |
Customer records (booking details, appointment history, inquiry contents) | Yes | No |
Commercial information (services inquired about or purchased, deposit/transaction records) | Yes | No |
Internet/network activity (browsing, landing-page interaction, ad click data, usage analytics) | Yes | Yes |
Geolocation data (general, IP-derived) | Yes | Limited (analytics/ads) |
Professional/employment information (job applicants) | Yes | No |
Sensitive information (see Section 5: certain health-related interest data, date of birth) | Yes | No |
Inferences (preferences, interest in services) drawn from the above | Yes | Limited (ads) |
3. Information We Collect
3.1 Information You Provide Directly
- Contact and identity information — full name, email address, phone number, mailing/postal address, and date of birth (where applicable).
- Appointment and inquiry information — the service(s) you are interested in, preferred location, preferred date and time, and any details you include in a form, message, survey, or inquiry.
- Transaction and deposit information — records relating to deposits, payments, and bookings. Payment card details are collected and processed directly by our third-party payment processors (e.g., Stripe); we do not store full payment card numbers.
- Employment information — for job applicants, information in your application, resume, work history, licensure/certification information, and related communications.
- Communications — the contents of and metadata about your communications with us by phone, SMS/MMS, email, chat, or social media.
3.2 Information Collected Automatically
When you interact with our websites, landing pages, and digital ads, we and our service providers and advertising partners may automatically collect:
- IP address and general (IP-derived) geolocation;
- browser type, language, operating system, and device information;
- pages and landing pages viewed, referring/exit pages, links and buttons clicked, ad interactions, and timestamps;
- information collected through cookies, pixels, tags, software development kits (SDKs), and similar technologies (see Section 7).
3.3 Information From Third Parties
We may receive information about you from advertising platforms (such as Meta, TikTok, and Google), analytics providers, our CRM and scheduling providers, lead-generation forms hosted on advertising platforms, referral sources, and publicly available sources.
4. How We Use Your Information
We use your information for the following business and commercial purposes:
- to respond to your inquiries, requests, and consultations;
- to schedule, confirm, remind, reschedule, and follow up regarding appointments and consultations;
- to process deposits and payments and to reduce cancellations and no-shows;
- to send transactional and service communications by phone, SMS/MMS, and email;
- to send marketing, promotional, and re-engagement communications where permitted and consistent with your consent and opt-out choices;
- to operate, evaluate, measure, and improve our Services, websites, landing pages, and advertising campaigns;
- to conduct advertising and remarketing, including measuring ad performance and building audiences on platforms such as Meta, TikTok, and Google (see Sections 7 and 8);
- to evaluate and process employment applications;
- to detect, prevent, and address fraud, security incidents, and prohibited or illegal activity;
- to establish, exercise, or defend legal claims and to comply with our legal obligations.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
5. Sensitive Information
Some information we collect may be considered “sensitive” under certain state privacy laws — for example, your date of birth or information indicating interest in particular aesthetic or wellness services. Where required by applicable law, we will obtain your consent before processing sensitive information for purposes that require consent, and we limit our use of sensitive information to what is necessary to provide the Services you request, to communicate with you, and for the purposes otherwise permitted by law. We do not use or disclose sensitive information for the purpose of inferring characteristics about you. Residents of certain states may have the right to limit our use of sensitive information (see Sections 10 and 11).
6. Text Messaging (SMS/MMS) Program
This Section governs our text messaging program and is designed to comply with the Telephone Consumer Protection Act (“TCPA”), the CTIA Messaging Principles and Best Practices, and the messaging (A2P 10DLC) requirements of wireless carriers and The Campaign Registry.
6.1 Consent to Receive Text Messages
By providing your mobile phone number to us and opting in (for example, by submitting a form that includes SMS consent language, by checking an SMS consent box, or by texting us), you expressly consent to receive recurring informational and promotional text messages (SMS/MMS) from DermaFix at the number provided, which may be sent using an automatic telephone dialing system or other technology. Consent is not a condition of purchase or of receiving any service. Message frequency varies. Message and data rates may apply.
6.2 Types of Messages
Messages may include appointment confirmations and reminders, scheduling and rescheduling messages, deposit and payment-related messages, follow-up and aftercare messages, customer-care responses, and promotional offers and updates where you have consented to receive them.
6.3 Opting Out and Help
You may opt out of text messages at any time by replying STOP to any message. After you reply STOP, we will send a single confirmation message and will not send you further marketing text messages unless you opt in again. For help, reply HELP or contact us using the details in Section 16. Carriers are not liable for delayed or undelivered messages.
6.4 No Sharing of SMS Consent or Mobile Data
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties for their marketing or promotional purposes. Information may be shared with subcontractors solely in support services, such as customer service and our messaging platform provider, to operate the messaging program on our behalf.
6.5 Supported Carriers
Our messaging program is supported by major U.S. wireless carriers. Carriers are not liable for delayed or undelivered messages. Standard message and data rates apply per your mobile plan.
7. Cookies, Pixels, and Tracking Technologies
We and our advertising and analytics partners use cookies, pixels (also called tags), web beacons, SDKs, local storage, and similar technologies to operate our Services, remember your preferences, analyze performance, measure and optimize advertising, and deliver and attribute ads across websites and apps.
These technologies may collect online identifiers, IP address, device and browser information, and information about your interactions with our landing pages and ads. Advertising partners whose technologies we may use include:
- Meta Platforms, Inc. (Facebook/Instagram) — Meta Pixel and Conversions API, used for ad delivery, measurement, attribution, and audience building.
- TikTok — TikTok Pixel and Events API, used for ad delivery, measurement, and attribution of campaigns originating on TikTok.
- Google LLC — Google Analytics, Google Ads, and related tags, used for analytics, conversion measurement, and remarketing.
- Other marketing and analytics partners — used to support and measure our campaigns and website performance.
Where we use advertising tools that match information (such as a hashed email or phone number) to a platform account for measurement or audience purposes, we do so in accordance with the platform’s business-tool terms and applicable law, and we honor applicable opt-out signals as described in Section 10.
Your choices: You can adjust your browser settings to refuse or delete cookies; use platform-level ad settings on Meta, TikTok, and Google; install browser opt-out tools; and, where supported, use a recognized opt-out preference signal (such as Global Privacy Control). Disabling cookies may affect the functionality of our Services.
8. How We Disclose Your Information
We do not sell your personal information for monetary consideration. We may disclose your information as follows:
Recipient Category | Purpose of Disclosure |
|---|---|
Service providers and processors | Hosting, CRM, scheduling, communications, IT, and analytics performed on our behalf under contract. |
Payment processors (e.g., Stripe) | To process deposits and payments. These providers handle card data under their own terms. |
Messaging and communications platforms | To deliver SMS/MMS, email, and calls on our behalf (limited use; see Section 6.4). |
Advertising platforms (Meta, TikTok, Google) | Ad delivery, measurement, attribution, and audience building (identifiers and online activity). |
Professional advisors | Legal, accounting, and compliance advisors, under duties of confidentiality. |
Government / legal | When required by law, subpoena, court order, or to protect rights, safety, and property. |
Business transfers | In connection with a merger, acquisition, financing, reorganization, or sale of assets. |
Where we disclose personal information to service providers and processors, we do so under written contracts that limit their use of the information to the purposes of providing services to us.
9. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to provide the Services, maintain business records, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context — for example, inquiry and appointment information, transaction and deposit records, marketing and consent records (including SMS opt-in and opt-out records), and employment-application records are each retained for the period required for their respective purposes and applicable legal requirements. When information is no longer needed, we take reasonable steps to delete, de-identify, or anonymize it.
10. Your Privacy Rights and Choices
Depending on your state of residence and applicable law, you may have some or all of the following rights with respect to your personal information:
- Right to know/access — to request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties to whom we disclose it.
- Right to delete — to request deletion of personal information we have collected from you, subject to legal exceptions.
- Right to correct — to request correction of inaccurate personal information.
- Right to data portability — to receive a copy of certain information in a portable format.
- Right to opt out of targeted advertising and “sharing”/“sale” — to opt out of the processing of your personal information for cross-context behavioral/targeted advertising.
- Right to limit use of sensitive information — where applicable, to limit our use of sensitive information to permitted purposes.
- Right to opt out of profiling — where applicable, in furtherance of decisions producing legal or similarly significant effects.
- Right to withdraw consent — to withdraw previously given consent, including consent to marketing emails (via the unsubscribe link) and SMS (by replying STOP).
- Right to non-discrimination / no retaliation — we will not discriminate or retaliate against you for exercising your rights.
- Right to appeal — where applicable, to appeal a decision we make regarding a rights request (see Section 12).
10.1 How to Submit a Request
To exercise your rights, contact us using the information in Section 16 (email, phone, or mail). To opt out of marketing emails, use the “unsubscribe” link in any marketing email. To opt out of SMS, reply STOP. To opt out of cookie-based targeted advertising, adjust your browser settings, use platform ad-settings on Meta, TikTok, and Google, or, where supported, enable a recognized opt-out preference signal such as Global Privacy Control.
10.2 Verification and Authorized Agents
For your protection, we may need to verify your identity before responding to a request, typically by matching information you provide against information in our records. You may use an authorized agent to submit a request on your behalf; we may require the agent to provide proof of authorization and may require you to verify your identity directly with us. We will respond to verifiable requests within the timeframes required by applicable law.
11. State-Specific Disclosures
This Section provides additional disclosures for residents of states with comprehensive privacy laws. To the extent of any conflict, the law applicable to your state of residence controls.
11.1 California (CCPA/CPRA)
California residents have the rights to know, access, delete, correct, opt out of the sale/sharing of personal information, and limit the use of sensitive personal information, and the right to non-discrimination. We do not sell personal information for monetary consideration. We may “share” identifiers and internet-activity information for cross-context behavioral advertising; you may opt out as described in Section 10. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sharing/sale for the browser on which it is enabled. We do not knowingly sell or share the personal information of consumers under 16 years of age.
11.2 Texas (TDPSA)
Texas residents have the rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, the sale of personal data, and certain profiling. We do not sell personal data for monetary consideration. You may opt out of targeted advertising as described in Section 10, including via a recognized universal opt-out mechanism. Texas residents may appeal a decision regarding a rights request as described in Section 12.
11.3 Florida (Florida Digital Bill of Rights)
Where applicable, Florida residents have the rights to access, correct, delete, obtain a portable copy of, and opt out of the sale of personal data and targeted advertising, and to opt out of certain profiling. You may exercise these rights as described in Section 10.
11.4 Virginia, Colorado, Connecticut, and Other States
Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have rights to access, correct, delete, obtain a portable copy, opt out of targeted advertising and sale, and (where applicable) opt out of certain profiling, and the right to appeal. Colorado and Connecticut residents may exercise opt-out rights via a recognized universal opt-out mechanism. To exercise any of these rights, see Section 10; to appeal, see Section 12.
11.5 Consumer Health Data
If you are a resident of a state with a consumer-health-data law (such as Washington or Nevada), additional rights and protections may apply to certain health-related information, and we will honor those rights to the extent applicable. Such information is processed consistent with your consent and the purposes described in this Policy.
12. Right to Appeal
If we decline to act on your privacy-rights request, you may appeal our decision within a reasonable period by contacting us using the details in Section 16 with the subject line “Privacy Rights Appeal.” We will respond to your appeal within the timeframe required by applicable law and will explain the reasons for our decision. If your appeal is denied, you may contact your state Attorney General to submit a complaint where that right is provided by law.
13. Email Communications (CAN-SPAM)
By providing your email address, you consent to receive transactional and, where applicable, marketing emails from us. Every marketing email includes an “unsubscribe” link and our physical mailing address, consistent with the CAN-SPAM Act. You may opt out of marketing emails at any time by using the unsubscribe link; we may still send you transactional or service-related emails (such as appointment confirmations).
14. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, and disclosure. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account and contact information accurate and for safeguarding any credentials. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.
15. Additional Provisions
15.1 Children’s Privacy
Our Services are intended for individuals 18 years of age and older and are not directed to children under 18. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a person under 18 without appropriate consent, we will take steps to delete it. If you believe a minor has provided us personal information, please contact us using the details in Section 16.
15.2 Third-Party Websites and Platforms
Our Services may contain links to, or be accessed from, third-party websites, platforms, and advertisements (including Meta, TikTok, and Google properties). We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you use.
15.3 Out-of-State and International Users
Our Services are intended for users located in the United States. If you access our Services from outside the United States, you do so on your own initiative and are responsible for compliance with local laws, and you understand your information will be processed in the United States.
15.4 Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Last Updated” date above and post the updated Policy on this page. Material changes may be communicated through additional notice where required by law. Your continued use of the Services after an update constitutes acceptance of the revised Policy.
Bracketed items above must be completed before publication. This document is a template prepared to support compliance and is not legal advice; have it reviewed by licensed counsel in your operating states before going live.