Privacy Policy

Effective: June 01, 2026

At The Concierge Clinic, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.theconciergeclinic.com (the “Site”) or interact with our practice in any capacity. This Policy applies to all information collected through this Site, as well as related communications, booking platforms, and in-office interactions.

Please read this Policy carefully. By using this Site, you consent to the data practices described herein. If you do not agree with any part of this Policy, please discontinue use of the Site.

As a medical aesthetic practice, The Concierge Clinic is subject to the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws. This Privacy Policy supplements — and does not replace — our HIPAA Notice of Privacy Practices, which governs the use and disclosure of your Protected Health Information (PHI) in connection with your clinical care.

1. Information We Collect

We collect information in the following categories:

Information You Provide Directly

  • Contact information: name, email address, phone number, mailing address

  • Appointment and booking information submitted through our scheduling platform

  • Health and medical history provided through intake forms, consultation questionnaires, and in-office paperwork

  • Payment information processed through our third-party payment processor (we do not store full credit card numbers)

  • Communications you send to us via contact forms, email, or text message

  • Photographs submitted or taken in connection with your treatment (before & after documentation)

Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies, web beacons, and analytics tools, including:

  • IP address and general geographic location

  • Browser type, device type, and operating system

  • Pages visited, time spent on the Site, and referring URLs

  • Squarespace platform analytics data

Information from Third Parties

We may receive limited information from third-party scheduling, payment, or marketing platforms you interact with in connection with our services. This may include appointment confirmation data, payment status, and communication preferences.

2. How We Use Your Information

We use the information we collect for the following purposes:

Clinical & Practice Operations

  • Scheduling, confirming, and managing your appointments

  • Providing medical aesthetic services and coordinating your care

  • Maintaining accurate medical records in compliance with state licensing requirements

  • Communicating pre- and post-treatment instructions

  • Processing payments and managing billing

Communications & Marketing

  • Responding to your inquiries and requests

  • Sending appointment reminders and follow-up communications

  • Providing information about services, promotions, or events you have opted into

  • Sending our newsletter or practice updates (with your consent; you may opt out at any time)

Site Improvement & Analytics

  • Analyzing Site usage to improve functionality, content, and user experience

  • Monitoring for security threats or unauthorized access

  • Complying with legal obligations and professional licensing requirements

3. HIPAA & Protected Health Information

As a licensed healthcare provider, The Concierge Clinic is a HIPAA-covered entity. Any Protected Health Information (PHI) — including your name combined with health conditions, treatment records, photographs, or payment information related to your care — is governed by HIPAA and our Notice of Privacy Practices.

Under HIPAA, we are permitted to use and disclose your PHI without authorization for treatment, payment, and healthcare operations. All other uses or disclosures of PHI require your written authorization, except as otherwise required or permitted by law (e.g., mandatory reporting obligations, public health activities, or legal proceedings).

You have the following rights with respect to your PHI:

  • Right to access and receive a copy of your medical records

  • Right to request an amendment to your records if you believe they are inaccurate

  • Right to an accounting of certain disclosures of your PHI

  • Right to request restrictions on certain uses and disclosures

  • Right to request confidential communications

  • Right to receive a paper copy of our Notice of Privacy Practices upon request

To exercise any of these rights, please contact us directly in writing. We will respond within the timeframe required by applicable law.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

Service Providers & Business Associates

We work with carefully selected third-party vendors who assist us in operating our practice and Site, including:

  • Scheduling and electronic health record platforms

  • Payment processing services

  • Email and SMS communication platforms

  • Website hosting (Squarespace 7.1)

  • Accounting and business management software

Any vendor who may access your PHI is required to execute a Business Associate Agreement (BAA) in compliance with HIPAA before accessing such information.

Referral & Coordination of Care

With your consent, we may share relevant clinical information with referring physicians, dermatologists, or other healthcare providers involved in your coordinated care.

Legal Requirements

We may disclose your information if required by law, court order, subpoena, or government authority, or to protect the rights, safety, or property of The Concierge Clinic, our patients, or the public.

Business Transfers

In the event of a merger, acquisition, sale of assets, or practice transition, patient records and personal information may be transferred to a successor entity. You will be notified in accordance with applicable law and HIPAA requirements.

5. Cookies & Tracking Technologies

Our Site uses cookies and similar tracking technologies provided by Squarespace and integrated analytics tools. Cookies are small data files stored on your device that help us understand how visitors interact with our Site.

Types of cookies we use:

  • Essential cookies: Required for basic Site functionality and security

  • Analytics cookies: Help us understand Site traffic and usage patterns (e.g., Squarespace Analytics, Google Analytics if enabled)

  • Preference cookies: Remember your settings and choices

You may disable cookies through your browser settings; however, doing so may affect certain Site functionality. Squarespace’s cookie practices are governed by Squarespace’s own privacy policy at www.squarespace.com/privacy.

6. Photography & Before/After Images

Photographs taken in connection with your treatment are clinical records and are protected under HIPAA. We obtain separate written authorization before using any patient photographs for marketing, social media, website display, or educational purposes.

You have the right to:

  • Decline photography at any time without affecting the quality of your care

  • Revoke previously granted photo authorization in writing at any time (revocation does not apply to materials already published)

  • Request removal of your images from our digital platforms, subject to operational limitations

Photographs displayed on this Site and our social media platforms are used pursuant to signed patient authorization. Identities are protected; images are never published with identifying information unless you have explicitly consented.

7. Email, Text & Marketing Communications

If you provide your email address or mobile number, you may receive appointment reminders, post-treatment follow-up communications, and — if you opt in — promotional content about services and special offers.

You may opt out of marketing communications at any time by:

  • Clicking the “Unsubscribe” link in any marketing email

  • Replying STOP to any marketing text message

  • Contacting us directly in writing

Please note that opting out of marketing communications does not opt you out of transactional or clinical communications (appointment confirmations, pre/post-care instructions, billing notices), which are necessary for your care.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information and PHI from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encrypted data transmission (SSL/TLS) on our Site

  • Password-protected and role-based access to patient records

  • Business Associate Agreements with all HIPAA-covered vendors

  • Secure, compliant electronic health record systems

  • Staff training on HIPAA and data privacy obligations

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach affecting your PHI, we will notify you as required by HIPAA and applicable state law.

IMPORTANT: Please do not transmit sensitive health information, Social Security numbers, or financial data through our website contact forms or general email. These channels are not encrypted for PHI transmission.

9. Data Retention

We retain your personal information and medical records for the minimum period required by applicable law and professional licensing standards. In most states, medical records for adult patients must be retained for a minimum of 7–10 years from the date of the last patient encounter, or longer if required by state law.

Non-clinical personal data (e.g., marketing email lists, website analytics) is retained only as long as necessary for the purpose for which it was collected and is deleted or anonymized when no longer needed.

10. Children’s Privacy

This Site is intended for individuals 18 years of age and older. We do not knowingly collect personal information from individuals under the age of 18 through this website without verifiable parental or guardian consent. Patients under 18 seeking services will be required to have a parent or legal guardian present and provide written consent.

If we become aware that we have inadvertently collected personal information from a minor without appropriate consent, we will take prompt steps to delete that information.

11. Your Privacy Rights

Depending on your state of residence, you may have additional privacy rights beyond those afforded by HIPAA. Many states have enacted comprehensive consumer privacy laws that provide residents with rights including:

  • The right to know what personal information we collect and how it is used

  • The right to request deletion of personal information (subject to legal retention requirements)

  • The right to correct inaccurate personal information

  • The right to opt out of the sale of personal information (we do not sell personal information)

  • The right to non-discrimination for exercising your privacy rights

To submit a privacy rights request, please contact us in writing at the contact information provided in Section 15. We will verify your identity before processing any request and respond within the timeframe required by applicable law.

12. Third-Party Links & Embedded Content

Our Site may contain links to third-party websites, social media platforms, or embedded content (such as Instagram feeds or booking widgets). This Privacy Policy applies only to information collected by The Concierge Clinic through this Site. Third-party platforms operate under their own privacy policies, which we encourage you to review.

We are not responsible for the privacy practices or content of any third-party websites, including social media platforms where our practice maintains a presence.

13. Squarespace Platform

This Site is hosted on Squarespace 7.1. Squarespace collects certain technical and analytics data in connection with Site operation. Squarespace’s data practices are governed by its own Privacy Policy, available at www.squarespace.com/privacy. The Concierge Clinic does not control Squarespace’s data collection practices, which may include cookies, usage data, and server logs.

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or platform updates. When we make material changes, we will update the Effective Date at the top of this page. We encourage you to review this Policy periodically.

For changes that materially affect the use of your PHI, we will provide additional notice as required by HIPAA, which may include direct notification to active patients.

15. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact:

The Concierge Clinic
8869 Brecksville Rd, Suite B
Brecksville, OH 44141

Email: privacy@theconciergeclinic.com
Phone: 440-792-4011
Website: www.theconciergeclinic.com

For HIPAA-related requests, medical record requests, or to receive a copy of our Notice of Privacy Practices, please contact us directly by phone or in writing at your next appointment. Do not submit PHI or medical record requests through the website contact form.