Privacy Policy

Effective date: March 31, 2025

Welcome to On the Glow Med Spa ("we," "us," or "our"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and protect the personal information of our clients and website visitors ("you"). This policy applies to information collected through our services, our website ([Insert Your Website Address Here, if applicable]), and any other interactions you may have with us.

As a provider of medical spa services in Porter Ranch, California, we adhere to applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

1. Information We Collect

We may collect various types of personal information, including:

  • Contact Information: Name, email address, phone number, mailing address.
  • Demographic Information: Age, date of birth, gender.
  • Health and Medical Information: Medical history, treatment records, photographs (before/after), health conditions, allergies, medications relevant to the services you receive. This is considered Protected Health Information (PHI) under HIPAA.
  • Appointment Information: Dates, times, and types of services scheduled and received.
  • Payment Information: Credit card details or other payment method information (processed securely through our payment processor).
  • Website Usage Information: IP address, browser type, operating system, pages visited, time spent on site, referring URLs (if you visit our website).
  • Communication Information: Records of your communications with us (emails, phone calls, messages).

2. How We Use Your Information

We use your personal information for the following purposes:

  • Providing Services: To schedule appointments, provide requested treatments and services, and manage your care.
  • Communication: To communicate with you about appointments, services, promotions, and updates.
  • Billing and Payment: To process payments for services rendered.
  • Improving Services: To analyze trends, administer our website, track user movements, and gather demographic information to improve our offerings.
  • Marketing: With your explicit consent where required, to send you newsletters, special offers, or other marketing materials we believe may interest you. You can opt-out at any time.
  • Legal and Safety: To comply with legal obligations (including HIPAA), respond to legal requests, protect our rights and property, and ensure the safety of our clients and staff.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf, such as payment processing, appointment scheduling software, IT support, and marketing assistance. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
  • Healthcare Operations: As permitted or required by HIPAA, for treatment, payment, or healthcare operations.
  • Legal Requirements: If required by law, subpoena, court order, or other governmental request.
  • Business Transfers: In connection with a merger, acquisition, sale of assets, or other business transition, your information may be transferred as part of the transaction.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

4. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. This includes measures required by HIPAA to protect PHI. However, no method of transmission over the internet or electronic storage is 100% secure.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, provide you with services, comply with our legal obligations (including medical record retention requirements), resolve disputes, and enforce our agreements.

6. Your Privacy Rights (Including California Rights)

You have certain rights regarding your personal information:

  • Access: You have the right to request access to the personal information we hold about you.
  • Correction: You have the right to request correction of inaccurate personal information.
  • Deletion: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal or medical record retention requirements).
  • Opt-Out: You have the right to opt-out of marketing communications.
  • HIPAA Rights: You have specific rights regarding your PHI under HIPAA, including the right to access, amend, and receive an accounting of disclosures. We provide a separate HIPAA Notice of Privacy Practices detailing these rights.
  • California Residents (CCPA/CPRA):
    • Right to Know: Request details about the categories and specific pieces of personal information collected, sources, purposes, and categories of third parties shared with.
    • Right to Delete: Request deletion of your personal information (subject to exceptions).
    • Right to Correct: Request correction of inaccurate information.
    • Right to Opt-Out of Sale/Sharing: We do not "sell" personal information as commonly defined. We also do not "share" personal information for cross-context behavioral advertising.
    • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information (like health data) to that which is necessary to perform the services or provide the goods reasonably expected.
    • Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise any of these rights, please contact us using the information below. We will verify your request and respond within the timeframes required by law.

7. Cookies and Tracking Technologies

Our website [if applicable] may use cookies and similar technologies to enhance user experience, analyze site traffic, and personalize content. You can manage your cookie preferences through your browser settings.

8. Third-Party Links

Our website [if applicable] may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

Our services are generally not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

On The Glow Med Spa
11201 Tampa Ave
Porter Ranch, CA 91326

(747) 366-2524 | info@ontheglowmedicalspa.com