FACE Secrets Florida

Effective Date: June 1, 2026
Last Updated:  June 1, 2026

1. INTRODUCTION

FACE Secrets Florida (“FACE Secrets,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal information with care and respect.

This Privacy Policy explains:

• What information we collect
• How we use your information
• How we protect your information
• Your rights and choices
• How to contact us with questions

By using our website (facesecretsflorida.com), scheduling appointments, or receiving services, you consent to the practices described in this Privacy Policy.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• Our website at facesecretsflorida.com
• Information collected when you book appointments
• Information collected during consultations and treatments
• Newsletter and marketing communications
• Our Petal Program loyalty rewards program
• Any interactions with FACE Secrets Florida

This policy does NOT apply to:

• Third-party websites we link to (they have their own privacy policies)
• Information collected by Cherry (our financing partner – see their privacy policy)
• Information shared with your insurance company (if applicable)

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide

When you use our website, book appointments, or receive services, we may collect:

Contact Information:

• Full name
• Email address
• Phone number (mobile and/or home)
• Mailing address
• Preferred contact method

Account Information (if you create an account):

• Username and password
• Petal Program membership details
• Communication preferences

Appointment & Service Information:

• Appointment date, time, and location
• Services requested or received
• Payment information (credit card details processed securely)
• Deposit and payment history

Medical & Health Information (Protected Health Information – PHI):

• Medical history questionnaire responses
• Current medications and supplements
• Allergies and adverse reactions
• Past aesthetic treatments
• Photos (before-and-after treatment photos)
• Treatment notes and records
• Health conditions relevant to treatment safety

Marketing & Communication Preferences:

• Newsletter subscription status
• Marketing consent (email, SMS, phone)
• Interests and preferences for personalized offers

Feedback & Communications:

• Customer service inquiries
• Testimonials and reviews
• Social media interactions
• Survey responses

3.2 Information We Collect Automatically

When you visit our website, we automatically collect:

Device & Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution

Usage Data:

• Pages visited
• Time spent on pages
• Referring website (how you found us)
• Links clicked
• Search queries within our site

Cookies & Tracking Technologies:

• Session cookies (expire when you close your browser)
• Persistent cookies (remain until deleted or expired)
• Analytics cookies (Google Analytics, etc.)
• Marketing cookies (for retargeting ads)

See Section 10 for details on cookies and how to manage them.

3.3 Information from Third Parties

We may receive information about you from:

Cherry (Financing Partner):

• Application status
• Approval/denial information
• Account status (if you finance through Cherry)

Social Media Platforms:

• If you interact with us on Instagram, Facebook, etc.
• Publicly available profile information (if you tag us or comment)

Analytics & Marketing Tools:

• Google Analytics
• Facebook Pixel
• Email marketing platforms (Mailchimp, Klaviyo, etc.)

4. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

4.1 To Provide Services

• Schedule and confirm appointments
• Perform consultations and treatments
• Process payments and manage your account
• Administer the Petal Program (loyalty rewards)
• Provide post-treatment care and follow-up
• Respond to your questions and requests

4.2 For Medical Treatment & Safety

• Assess your suitability for treatments
• Document your medical history
• Track treatment outcomes
• Identify contraindications or risks
• Ensure continuity of care
• Comply with medical record-keeping requirements

4.3 For Marketing & Communications (With Your Consent)

• Send newsletters and promotional emails
• Send SMS/text message offers (if you opt in)
• Provide personalized treatment recommendations
• Inform you about new services or special offers
• Send Petal Program updates and milestone notifications

You can opt out of marketing communications at any time (see Section 8).

4.4 To Improve Our Services

• Analyze website usage and user behavior
• Conduct customer satisfaction surveys
• Improve our website, booking process, and services
• Develop new treatments and offerings
• Train staff and improve quality of care

4.5 For Legal & Compliance Purposes

• Comply with HIPAA and other healthcare regulations
• Comply with tax, accounting, and legal requirements
• Respond to legal requests (subpoenas, court orders)
• Protect our legal rights and defend against claims
• Prevent fraud, abuse, or misuse of our services

5. LEGAL BASIS FOR PROCESSING (GDPR/CCPA COMPLIANCE)

If you are located in the European Union, United Kingdom, or California, we process your information based on the following legal grounds:

Consent:

• Newsletter subscriptions
• Marketing communications
• Before-and-after photos for marketing use

Contract Performance:

• Providing treatments and services you requested
• Processing payments
• Administering the Petal Program

Legitimate Interests:

• Improving our services
• Preventing fraud
• Analyzing website usage

Legal Obligation:

• HIPAA compliance
• Tax and accounting requirements
• Responding to legal requests

6. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties.

We may share your information with:

6.1 Service Providers & Business Partners

• Payment processors (credit card companies, Cherry)
• Email marketing platforms (Mailchimp, SendFox, etc.)
• Analytics providers (Google Analytics)
• Website hosting and IT services
• CRM and scheduling platforms (Pabau, Acuity, etc.)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2 Legal & Regulatory Authorities

We may disclose your information if required by law:

• In response to subpoenas, court orders, or legal process
• To comply with HIPAA, FDA, or other healthcare regulations
• To protect our legal rights or defend against claims
• To prevent fraud or criminal activity

6.3 Business Transfers

If FACE Secrets is acquired, merged, or sold, your information may be transferred to the new owner. You will be notified of any such change.

6.4 With Your Consent

We may share your information with third parties if you explicitly consent (e.g., allowing us to share before-and-after photos publicly).

7. NEWSLETTER & MARKETING OPT-IN

7.1 How We Collect Newsletter Opt-Ins

We collect email addresses and phone numbers for marketing purposes when you:

• Subscribe via a form on our website (“Join Our Newsletter,” “Get Offers,” etc.)
• Check a box during appointment booking (e.g., “Yes, send me updates and offers”)
• Provide consent during an in-person consultation
• Participate in a contest, giveaway, or promotion

We use “opt-in” consent, meaning:

• You must actively consent (check a box, click “Subscribe,” etc.)
• Pre-checked boxes are not used
• Consent is clear, specific, and informed

7.2 What Information We Collect for Newsletters

When you subscribe to our newsletter or marketing communications, we collect:

• Name (first and last)
• Email address
• Phone number (optional, for SMS marketing)
• Preferences (types of offers you’re interested in)

7.3 How We Use Newsletter Data

We use this information to:

• Send periodic newsletters with tips, educational content, and updates
• Send promotional offers and discounts
• Announce new treatments or services
• Send Petal Program updates and rewards notifications
• Provide personalized recommendations based on your interests

Email frequency: Typically 1-4 emails per month (may vary based on promotions).

SMS frequency: Varies; typically appointment reminders and time-sensitive offers.

7.4 Third-Party Email/SMS Platforms

We use third-party platforms to manage and send newsletters and marketing communications, including but not limited to:

• Mailchimp
• SendFox
• Constant Contact
• Twilio (for SMS)

These platforms may collect additional data (open rates, click rates, device type) to help us improve our communications.

These platforms are GDPR and CAN-SPAM compliant and are contractually required to protect your information.

7.5 Your Rights Regarding Marketing

You can opt out of marketing communications at any time:

• Click “Unsubscribe” at the bottom of any email
• Reply “STOP” to any SMS message
• Contact us atadmin@facesecretsflorida.com to request removal
• Update your preferences in your account settings (if applicable)

Opting out does NOT affect:

• Transactional emails (appointment confirmations, receipts, etc.)
• Important service updates
• Your ability to receive treatments or use our services

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

8.1 Access & Portability

Right to access: You can request a copy of the personal information we hold about you.

Right to data portability: You can request your information in a portable format (e.g., PDF, CSV).

8.2 Correction & Update

Right to correct: You can update or correct inaccurate or incomplete information.

8.3 Deletion (Right to be Forgotten)

Right to deletion: You can request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, medical record retention).

Note: Medical records must be retained for 7 years in Florida to comply with healthcare regulations, even if you request deletion.

8.4 Opt-Out of Marketing

Right to opt out: You can opt out of marketing communications at any time (see Section 7.5).

8.5 Restrict Processing

Right to restrict: You can request that we limit how we use your information in certain circumstances.

8.6 Object to Processing

Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Withdraw Consent

Right to withdraw consent: If we process your information based on consent, you can withdraw consent at any time.

8.8 File a Complaint

Right to complain: You can file a complaint with a data protection authority if you believe your rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: admin@facesecretsflorida.com
Phone: 866-573-2728
Mail: 14846 Tamiami Trail, North Port, Florida 34287, United States 

We will respond within 30 days (or as required by applicable law).

Verification: We may ask for identifying information to verify your identity before fulfilling your request.

9. HIPAA COMPLIANCE & PROTECTED HEALTH INFORMATION (PHI)

FACE Secrets is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and is committed to protecting your Protected Health Information (PHI).

9.1 What is PHI?

PHI includes any health information that can identify you, such as:

• Medical history
• Treatment records
• Diagnosis and health conditions
• Medications and allergies
• Before-and-after photos (when linked to your identity)

9.2 How We Use & Disclose PHI

We use and disclose PHI only for:

Treatment: To provide, coordinate, and manage your care

Payment: To bill you, process payments, or work with financing partners

Healthcare Operations: To improve quality of care, train staff, and conduct business operations

With Your Authorization: For marketing, research, or sharing with third parties (requires written consent)

As Required by Law: To comply with legal obligations, public health reporting, or court orders

9.3 Your HIPAA Rights

Under HIPAA, you have the right to:

• Access and obtain copies of your medical records
• Request corrections to your medical records
• Receive an accounting of disclosures (who we shared your PHI with)
• Request restrictions on how we use or share your PHI
• Request confidential communications (e.g., only contact you by email)
• File a complaint if you believe your privacy rights were violated

For full details, see our HIPAA Notice of Privacy Practices [INSERT LINK IF SEPARATE DOCUMENT].

10. COOKIES & TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and improve your experience.

10.2 Types of Cookies We Use

Essential Cookies:

• Required for website functionality
• Enable appointment booking, payment processing, and account login
• Cannot be disabled without breaking the site

Analytics Cookies:

• Google Analytics (tracks page views, time on site, user behavior)
• Help us understand how visitors use our site
• Data is anonymized and aggregated

Marketing Cookies:

• Facebook Pixel, Google Ads
• Enable retargeting ads (showing you FACE Secrets ads after you leave our site)
• Track ad performance and conversions

Preference Cookies:

• Remember your language, location, or display preferences
• Improve user experience on repeat visits

10.3 Managing Cookies

You can control cookies through:

• Browser settings: Most browsers allow you to block or delete cookies
• Opt-out tools: Google Analytics Opt-Out, Facebook Ad Preferences
• Cookie consent banner: Click “Manage Preferences” on our website (if applicable)

Note: Disabling essential cookies may prevent you from using parts of our website (e.g., booking appointments).

11. DATA SECURITY

We take data security seriously and implement reasonable safeguards to protect your information:

11.1 Technical Safeguards

• Encryption: Data transmitted via SSL/TLS encryption (https)
• Secure servers: Data stored on secure, access-controlled servers
• Firewalls and antivirus: Protection against unauthorized access and malware
• Regular backups: To prevent data loss

11.2 Administrative Safeguards

• Access controls: Only authorized personnel can access PHI and personal data
• HIPAA training: Staff trained on privacy and security best practices
• Confidentiality agreements: All staff sign confidentiality agreements
• Regular audits: Periodic reviews of security practices

11.3 Physical Safeguards

• Locked facilities: Physical records stored in secure, locked locations
• Device security: Mobile devices used for treatment are password-protected and encrypted

11.4 Limitations

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You use our services at your own risk.

Your responsibility: Protect your account password and notify us immediately if you suspect unauthorized access.

12. DATA RETENTION

12.1 How Long We Keep Your Information

Medical Records (PHI):

• Retained for [INSERT STATE REQUIREMENT – typically 5-7 years in Florida] as required by law
• May be retained longer if medically necessary or legally required

Marketing Data (Newsletter Subscribers):

• Retained until you opt out or request deletion
• Inactive subscribers (no engagement for 2+ years) may be removed

Website Analytics:

• Typically retained for 26 months (Google Analytics default)
• Anonymized and aggregated; not linked to identifiable individuals

Payment Information:

• Transaction records retained for 7 years (tax and accounting purposes)
• Credit card details not stored (processed by secure third-party payment processors)

12.2 Deletion Requests

If you request deletion, we will delete your information except where:

• We are legally required to retain it (medical records, tax records)
• It is necessary to defend legal claims
• It has been anonymized and cannot identify you

13. CHILDREN’S PRIVACY

FACE Secrets does not provide services to individuals under 18 years of age.

We do not knowingly collect personal information from children under 18.

If we discover that we have inadvertently collected information from a child under 18, we will delete it immediately.

If you believe we have collected information from a minor, please contact us at admin@facesecretsflorida.com

14. INTERNATIONAL DATA TRANSFERS

FACE Secrets operates in the United States (Florida). If you are located outside the United States:

• Your information will be transferred to and processed in the United States
• U.S. privacy laws may differ from those in your country
• By using our services, you consent to this transfer

For EU/UK residents: We comply with GDPR requirements for international data transfers.

15. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

15.1 Right to Know

You can request disclosure of:

• Categories of personal information we collect
• Sources of that information
• Purposes for collecting and sharing it
• Categories of third parties we share it with

15.2 Right to Delete

You can request deletion of your personal information (subject to exceptions).

15.3 Right to Opt-Out of Sale

We do not sell your personal information. If this changes, we will provide a “Do Not Sell My Personal Information” link on our website.

15.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights (e.g., denying services, charging different prices).

How to Exercise CCPA Rights

Email: admin@facesecretsflorida.com
Phone: 866-573-2728

We will respond within 45 days.

16. NEVADA PRIVACY RIGHTS

Nevada residents can opt out of the sale of personal information. We do not sell personal information. If you have questions, contact us at admin@facesecretsflorida.com.

17. EUROPEAN UNION & UK PRIVACY RIGHTS (GDPR)

If you are located in the EU or UK, you have rights under the General Data Protection Regulation (GDPR):

17.1 Legal Basis for Processing

See Section 5.

17.2 Your Rights

See Section 8 (Access, Correction, Deletion, Portability, Restriction, Objection, Withdraw Consent, Complain).

17.3 Data Controller

FACE Secrets Florida is the data controller for your personal information.

Contact: admin@facesecretsflorida.com

17.4 EU Representative (if applicable)

If required by law, we will appoint an EU representative. Contact details will be provided here.

17.5 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• New legal or regulatory requirements
• New services or technologies

When we make changes:

• We will update the “Last Updated” date at the top of this policy
• Significant changes will be communicated via email or website notice
• Continued use of our services after changes constitutes acceptance

We encourage you to review this policy periodically.

19. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:

FACE Secrets Florida
Privacy Officer: Dr. Daudrie-Ann Powel
Email: admin@facesecretsflorida.com
Phone: 866-573-2728
Mailing Address: 14846 Tamiami Trail, North Port, Florida 34287

For HIPAA-related inquiries, contact: Dr. Daudrie-Ann Powel

20. CONSENT & ACKNOWLEDGMENT

By using our website, booking appointments, subscribing to our newsletter, or receiving services, you acknowledge that:

✓ You have read and understood this Privacy Policy
✓ You consent to the collection, use, and sharing of your information as described
✓ You understand your rights and how to exercise them
✓ You consent to receiving marketing communications (if you opted in)

To withdraw consent or opt out, contact us at any time.

Last Updated: June 1, 2026

FACE Secrets Florida is committed to protecting your privacy and earning your trust.

END OF PRIVACY POLICY