RN Esthetics ("we," "our," "us") respects your privacy. This Privacy Policy explains what information we collect about you, how we use it, who we share it with, and the choices you have. It applies to information collected through our website, during your visits to our locations, and through our other interactions with you.
By using our website or services, you agree to the practices described here.
This Privacy Policy covers information collected through our website and general business operations. Protected health information collected during the course of treatment is separately governed by our Notice of Privacy Practices ("NPP") under the Health Insurance Portability and Accountability Act ("HIPAA"). Our NPP is provided at your first appointment and is available on request.
If a provision of this Privacy Policy conflicts with the NPP for matters involving protected health information, the NPP controls.
We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.
Your name, email, phone number, mailing address, and date of birth when you book a consultation, create a membership, sign up for our newsletter, or contact us.
Medical history, current medications, allergies, and treatment history, when relevant to a service you are receiving.
Payment information processed by our third-party payment processor [CONFIRM payment processor, e.g., Stripe, Square]. We do not store complete payment card numbers on our own systems.
Photographs of treatment areas where consent is provided.
Communications you send us, including emails, messages, and form submissions.
Information Collected Automatically
IP address, browser type, device identifiers, and approximate location based on IP.
Pages viewed, time spent on the site, and referring URLs.
Cookies and similar technologies as described in Section 6.
may share aggregated or specific information with us about your interactions with our marketing and booking flows.
If you connect with us through social media (Instagram, Facebook), the platform may share certain information based on their privacy practices.
We use your information to:
Provide consultations, treatments, and follow-up care.
Schedule appointments, send appointment reminders, and confirm bookings.
Process payments and manage memberships.
Communicate with you about your care, our services, and changes to our policies.
Send marketing communications when you have opted in. You can opt out at any time using the link in any marketing email.
Improve our website, services, and client experience.
Comply with legal obligations, including medical record retention, tax, and licensing requirements.
Protect against fraud, unauthorized access, and other security risks.
We do not sell your personal information.
We share information only as follows:
Service Providers. We work with vendors who help us run our business, including our scheduling platform NexTech, email service provider Go High Level, payment processor Stripe, and website hosting (Webflow). These vendors only access information they need to perform their services and are bound by confidentiality and security obligations.
Healthcare Partners. With your consent, we may share information with referring physicians, laboratories, or other healthcare providers involved in your care.
Legal and Safety Requirements. We may disclose information when required by law, court order, regulatory authority, or when necessary to protect the safety of our clients, employees, or the public.
Business Transfers. If our practice is acquired, merged, or otherwise transferred, your information may be transferred as part of that transaction. We will notify you in advance and ensure that the recipient honors this Privacy Policy.
With Your Consent. We may share information for any other purpose that you have specifically consented to.
You may receive emails, SMS messages, or postal mail from us about new treatments, seasonal offers, and educational content related to our services.
To opt out:
Click the unsubscribe link at the bottom of any marketing email.
Reply STOP to any marketing SMS.
Contact us using the information in Section 14.
Even if you opt out of marketing, we may still send you transactional messages such as appointment confirmations, treatment reminders, billing notices, and policy updates.
Our website uses cookies and similar technologies for the following purposes:
Essential cookies that make the website function, including remembering your session on member-restricted pages.
Analytics cookies that help us understand how visitors use the site.
Marketing cookies that allow us to show you relevant content on other websites you visit, when you have opted in.
You can manage cookies through your browser settings. If you opt out of analytics or marketing cookies, parts of the website may not function as intended.
We honor the Global Privacy Control (GPC) signal as a request to opt out of the sale or sharing of personal information.
Depending on where you live, you may have the following rights regarding your personal information:
Access. Request a copy of the personal information we hold about you.
Correction. Request that we correct inaccurate or incomplete information.
Deletion. Request that we delete your personal information, subject to legal retention requirements (medical records, in particular, are subject to mandatory retention periods).
Opt-Out. Stop receiving marketing communications at any time.
Restrict Processing. Ask us to limit how we use your information.
To exercise any of these rights, contact us using the information in Section 14. We will respond within the timeframe required by applicable law (typically 30 to 45 days). We may need to verify your identity before fulfilling a request.
We retain personal information for as long as reasonably necessary to provide our services, comply with legal obligations (including medical record retention required under Massachusetts law), resolve disputes, and enforce our agreements.
When information is no longer needed, we securely delete or anonymize it.
We use administrative, technical, and physical safeguards to protect your information. These include encryption of data in transit and at rest where applicable, restricted access controls, employee training, and security monitoring.
No system is completely secure. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.
Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.
For minors between 13 and 17 receiving treatment, we collect information with the consent of a parent or legal guardian and use it only for the purposes of providing care.
Our website may contain links to third-party sites, including social media platforms and partner manufacturers. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policies of any third party you interact with.
Our services are intended for users in the United States. If you access our website from outside the U.S., your information may be transferred to and processed in the U.S., where data protection laws may differ from those in your country.
We may update this Privacy Policy from time to time. The most current version will always be posted on this page with an updated effective date. Significant changes will be communicated through our website or, where appropriate, by email.
For questions about this Privacy Policy, to exercise your rights, or to request a copy of our Notice of Privacy Practices, contact:
RN Esthetics
