Privacy Policy

Last Updated: February 19, 2026

Overview

This Privacy Policy describes how Skin and Derm Theory Med Spa (“we,” “us,” or “our”) collects, uses, protects, and discloses your information when you visit our website, schedule treatments, opt into communications, or otherwise interact with our services.

Business Address:
Skin and Derm Theory Med Spa
2791 Green River Rd #103
Corona, California 92882

Email: [email protected] or [email protected]

Zero-Tolerance Privacy Clause

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.

Information We Collect

We may collect the following categories of information:

Personal Information

Full name

Email address

Phone number

Mailing address

Date of birth

Appointment and treatment history

Payment information (processed securely through third-party processors)

Health Information (If Applicable)

As a medical spa, we may collect limited health-related information necessary to:

Assess treatment eligibility

Perform aesthetic or medical services

Ensure client safety

Maintain treatment records

This information may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

Usage Data

When you access our website, we may automatically collect:

IP address

Browser type and version

Pages visited

Time and date of visit

Time spent on pages

Unique device identifiers

Diagnostic and technical data

HIPAA & Medical Privacy

Skin and Derm Theory Med Spa is committed to protecting the confidentiality and security of your medical information.

When applicable, we handle Protected Health Information (PHI) in accordance with HIPAA regulations and applicable state medical privacy laws.

We implement administrative, physical, and technical safeguards to protect medical records from unauthorized access, disclosure, alteration, or destruction.

Health-related information is used only for:

Treatment purposes

Payment processing

Healthcare operations

Legal or regulatory compliance

We do not sell Protected Health Information.

If required by law, we may disclose PHI:

To comply with legal obligations

For public health reporting

In response to lawful subpoenas or court orders

Patients may request access to their medical records or request corrections by contacting us at [email protected].

Tracking & Cookies Data

We use cookies and similar tracking technologies to monitor activity on our website and improve user experience.

Cookies are small files stored on your device that may include an anonymous unique identifier.

You may instruct your browser to refuse cookies. However, some portions of our website may not function properly without them.

Use of Data

We use collected information to:

Schedule and manage appointments

Provide aesthetic and medical services

Send appointment confirmations and reminders

Send service-related follow-ups

Provide customer support

Improve website functionality

Monitor usage and prevent fraud

Comply with legal obligations

We send marketing communications only if you have opted in.

SMS Messaging & 10DLC Compliance

By providing your mobile phone number and opting in, you consent to receive SMS messages related to:

Appointment confirmations

Appointment reminders

Treatment follow-ups

Billing notifications

Customer service communications

Message frequency may vary. Message and data rates may apply.

You may opt out at any time by replying STOP. For assistance, reply HELP or contact [email protected] or [email protected].

Your consent to receive SMS messages is voluntary and not a condition of purchase.

We comply with 10DLC messaging registration requirements. SMS communications are sent only to individuals who have provided express consent. We maintain opt-in and opt-out records as required by carrier regulations.

We do not sell, rent, or share SMS opt-in data.

Legal Basis for Processing (GDPR – If Applicable)

If you are located in the European Economic Area (EEA), we process Personal Data based on:

Your consent

Performance of a contract

Legitimate business interests

Legal compliance obligations

Retention of Data

We retain Personal Data and medical information only as long as necessary to:

Provide services

Comply with medical record retention laws

Resolve disputes

Enforce agreements

Meet regulatory obligations

Transfer of Data

Your information may be transferred to and stored on servers located outside your state or country. We take reasonable steps to ensure appropriate safeguards are in place to protect your data.

Disclosure of Data

We may disclose personal information when necessary to:

Comply with legal obligations

Protect our rights or property

Prevent fraud or wrongdoing

Protect public safety

Defend against legal claims

We do not sell personal information.

Service Providers

We may use trusted third-party providers for:

Payment processing

Appointment scheduling systems

Electronic medical records

Website hosting

Analytics

These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

Analytics

We may use Google Analytics or similar services to analyze website usage. You may opt out through available browser tools.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

Request disclosure of personal information collected

Request deletion of personal information

Request correction of inaccurate information

Opt out of the sale or sharing of personal information

Receive equal service regardless of exercising privacy rights

We do not sell personal information.

To exercise your rights, contact:
[email protected] or [email protected]

We may verify your identity before fulfilling certain requests.

Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware of such information being collected, we will delete it promptly.

Security of Data

We use commercially reasonable administrative, technical, and physical safeguards to protect your personal and medical information. However, no system can guarantee absolute security.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes become effective when posted. Continued use of our services constitutes acceptance of any updates.

Contact Information

Skin and Derm Theory Med Spa
2791 Green River Rd #103
Corona, California 92882
Email: [email protected]
[email protected]