Privacy Policy for Sculpted Medical Spa LLC

Effective Date: July 17, 2025

This Privacy Policy describes how Sculpted Medical Spa LLC ("Sculpted Medical Spa," "we," "us," or "our") collects, uses, and discloses your personal and health information. We are committed to protecting your privacy and complying with all applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA).

By using our services, accessing our website, or providing us with your information, you agree to the terms of this Privacy Policy.

Our Contact Information

Sculpted Medical Spa LLC 23 E Crawford St, Suite E Deer Park, WA 99006

Website: www.sculptedmedicalspa.com

Privacy Contact: Kenny Sager, Business Owner

Email: kenny@sculptedmedicalspa.com Phone: 509-342-6196

Information We Collect

We collect various types of information from and about you, which may include:

Personal Identifiable Information (PII): Your name, email address, phone number, and date of birth.
Financial Information: Credit card and debit card numbers for billing and payment processing.
Protected Health Information (PHI): Before and after photos, treatment history, known allergies, records of past procedures, and information about your current health conditions relevant to your treatments.
Technical and Usage Information: When you visit our website, we may automatically collect certain information about your device and Browse activity, including your IP address, browser type, operating system, and pages viewed. We use cookies (see Section 4) for this purpose.

How We Collect Information

We collect information in the following ways:

Directly from You: When you complete intake forms, consultation forms, consent forms, or communicate with us verbally during appointments or over the phone.
Through Our Booking and Practice Management System (Jane.app): When you book appointments online, provide your information, or make payments through our Jane.app portal. Jane.app also serves as our credit card processor.
Through Our Website: Via cookies and other tracking technologies when you visit www.sculptedmedicalspa.com.

We do not collect information about you from any other third-party sources.

Cookies and Tracking Technologies

Our website, www.sculptedmedicalspa.com, uses cookies to enhance your Browse experience and for other purposes. Cookies are small data files stored on your device.

Types of Cookies We Use: We use analytics cookies to understand how visitors interact with our website, performance cookies to monitor website efficiency, and advertising cookies to deliver relevant advertisements. We also use cookies to remember your login details for your convenience.
Third-Party Analytics and Advertising: We utilize services from Google and Facebook, which may place cookies on your device for analytics and advertising purposes.
Opting Out of Cookies: You have the ability to manage your cookie preferences directly on our website. You can also adjust your browser settings to refuse cookies or to alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of our website.

How We Use and Share Your Information

We use and share your information for the following purposes:

To Provide Services: To deliver the medical spa treatments and services you request, including managing your medical history, allergies, and current health conditions to ensure safe and effective care.
Appointment Management: To schedule, confirm, and remind you of your appointments.
Billing and Payments: To process payments for services rendered. Jane.app is our integrated credit card processor.
Client Communication: To communicate with you regarding your appointments, treatments, and other important information.
Medical Contraindications: To identify any medical contraindications that may affect your eligibility for certain treatments.
Internal Operations: For our internal business operations, including record-keeping, quality improvement, and business analysis.
Marketing Communications: With your consent, we use your name, address, and email to send you updates, promotions, and newsletters through Mailchimp. You may opt-out of these communications at any time by following the unsubscribe link in our emails.
Third-Party Service Providers (Business Associates): We share your information with our trusted third-party service providers who assist us in operating our business. These include:
- Jane.app: For scheduling, practice management, electronic health records, and payment processing.
- Mailchimp: For email marketing and client communications. We have entered into Business Associate Agreements (BAAs) with Jane.app and Mailchimp, which contractually obligate them to protect your Protected Health Information (PHI) in accordance with HIPAA.
Required by Law: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe such action is necessary to comply with legal process, protect our rights or property, or ensure the safety of our clients or others. We will comply with all lawful requests from law enforcement.

Data Security

We are committed to protecting the security of your information. We implement a variety of security measures, including:

Secure Systems: Your personal and health information is primarily stored and processed within Jane.app, which maintains robust security protocols.
Internal Access Controls: Our staff are trained on privacy and security best practices and adhere to strict rules regarding not sharing Jane.app login information.
No Paper Records: We maintain a paperless office, eliminating the risk of physical record breaches.

While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

Data Retention

We retain all patient and client records for a minimum of 10 years from the date of your last visit or service, as required by Washington state medical record retention guidelines. We also retain HIPAA-related documentation (such as policies, security incident reports, and Business Associate Agreements) for six years from the date of their creation or when they were last in effect.

Your Privacy Rights

You have the following rights regarding your personal and health information:

Right to Access: You have the right to request access to your medical records and other personal information we hold about you.
- How to Request Access: You may make a direct request for your information by emailing kenny@sculptedmedicalspa.com. We will respond to your request within 30 days, with a possible 30-day extension if necessary, as permitted by HIPAA.
Right to Amend: You have the right to request an amendment or correction to your medical records if you believe they are inaccurate or incomplete.
Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your health information.
Right to Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your health information made by us.
Right to Opt-Out of Marketing: You can opt out of receiving promotional emails from us by following the unsubscribe link provided in those emails.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor without appropriate parental consent, we will take steps to delete that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make changes, we will revise the "Effective Date" at the top of this policy. We will notify you of any material changes by prominently posting the updated policy on our website, www.sculptedmedicalspa.com. We encourage you to review this Privacy Policy periodically for any updates.

Questions and Complaints

If you have any questions about this Privacy Policy or our privacy practices, or if you believe your privacy rights have been violated, please contact us at:

Kenny Sager, Business Owner Sculpted Medical Spa LLC