Privacy Policy

Effective Date: January 09, 2026

Touch & Glow Med Spa, LLC (“we,” “our,” or “us”) operates the website https://touchandglowskincare.com/home (the “Service”) and values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information, including protected health information (PHI), in compliance with federal and Arizona law, including HIPAA and TCPA. By using our Service or providing your personal information, you consent to the practices described in this Privacy Policy.

1. Definitions

  • Service: The website https://touchandglowskincare.com/home and related online services provided by Touch & Glow Med Spa.
  • Personal Data: Any information that identifies or can reasonably identify a living individual.
  • Protected Health Information (PHI): Information about your health, medical history, treatments, or procedures, protected under HIPAA.
  • Usage Data: Information collected automatically about how you access or interact with our Service (e.g., IP address, browser type, pages visited).
  • Cookies: Small data files stored on your device to help us improve the Service and track preferences.

2. Information We Collect

A. Personal Data
We may collect personal information including:

  • Name, email address, phone number, mailing address, city, state, ZIP code
  • Date of birth or other health-related information (PHI)
  • Payment information processed through Bank of America, Stripe, or Square
  • Appointment and treatment history stored in MangoMint EMR, Aesthetic Pro EMR
  • Cookies and Usage Data

B. Usage Data
Automatically collected information may include:

  • IP address, browser type, browser version
  • Pages visited, time spent on pages, links clicked
  • Device information and unique identifiers

C. Cookies & Tracking
We use cookies and similar technologies to improve and analyze our Service. Types include:

  • Session Cookies: Operate the Service
  • Preference Cookies: Remember settings and preferences
  • Security Cookies: Maintain security and prevent fraud
    You may configure your browser to block cookies, but some features may not function properly.

3. How We Use Your Information
We use collected information for purposes including:

  • To provide and maintain our services, appointments, and treatments
  • To communicate with you regarding appointments, treatment plans, and promotions
  • To provide personalized services and customer support
  • To monitor usage and improve our Service
  • To process payments securely via Bank of America, Stripe, or Square
  • To comply with legal obligations and protect our rights and property
  • To provide marketing communications (with your consent)

4. HIPAA Compliance
As a med spa, we handle Protected Health Information (PHI). Touch & Glow Med Spa, LLC:

  • Maintains PHI securely in compliance with HIPAA
  • Limits access to authorized personnel only
  • Allows patients to request access, corrections, or restrictions on their PHI
  • Uses secure EMR software (MangoMint and Aesthetics Pro) to store patient records

5. SMS/Text Messaging & TCPA
By providing your phone number, you consent to receive:

  • Appointment reminders
  • Treatment notifications
  • Promotions and marketing messages

You may opt-out at any time by replying “STOP” to text messages or contacting us directly.

6. Data Retention & Security
We retain personal and health information only as long as necessary to provide services and comply with legal obligations.

  • PHI is stored securely in MangoMint EMR and Aesthetics Pro Software
  • Payment information is processed securely and not stored longer than necessary
  • Obsolete information is securely deleted
  • While we use commercially reasonable measures to protect data, no electronic storage or transmission can be guaranteed 100% secure

7. Disclosure of Data
We may disclose personal information in the following situations:

  • Law enforcement or legal obligations
  • To protect rights, property, or safety of patients or the public
  • To prevent or investigate potential misconduct
  • To trusted service providers who perform functions on our behalf, including:

o MangoMint and Aesthetics Pro EMR (patient records & scheduling)
o Bank of America, Stripe, Square (payment processing)
o Analytics and marketing services, including Google Analytics

All service providers are bound to protect your information and may only use it as necessary to perform their services.

8. Third-Party Links
Our Service may include links to third-party websites. We are not responsible for their privacy practices and encourage you to review their policies before sharing personal information.

9. Telehealth & Virtual Consultations
Any virtual consultations or telehealth services are conducted using secure platforms, and your PHI is protected in accordance with HIPAA.

10. Children’s Privacy
Our Service is not directed to anyone under 18, and we do not knowingly collect information from children. If you believe we have collected PHI or Personal Data from a minor, please contact us immediately.

11. Your Rights (Arizona & Federal)
You have the right to:

  • Access, correct, or request restrictions on your PHI
  • Opt out of marketing communications
  • Contact regulatory authorities if you believe your privacy rights have been violated

12. International Transfers
If you provide information from outside the U.S., it may be transferred to the U.S. for processing. We take reasonable steps to ensure adequate safeguards are in place.

13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted here with a new effective date. You are encouraged to review this policy periodically.

14. Contact Us
For questions about this Privacy Policy, HIPAA, or your data: