Book Consultation

Privacy Policy

Last updated: April 13, 2026

This Privacy Policy describes the policies and procedures of ABL Med Spa (“the Company,” “We,” “Us,” or “Our”) on the collection, use, and disclosure of your information when you use our Service. It also informs you about your privacy rights and how the law protects you. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

1.1 Interpretation

Capitalized words have meanings defined under the following conditions. The definitions apply whether the terms appear in singular or plural.

1.2 Definitions

  • Account: A unique account created for you to access our Service.
  • Business: As defined by the CCPA (California Consumer Privacy Act).
  • Company: Referred to as “the Company,” “We,” “Us,” or “Our.” ABL Med Spa.
  • Country: United States of America.
  • Consumer: Defined under the CCPA.
  • Cookies: Small files placed on your device for tracking and storage purposes.
  • Device: Any device that can access the Service.
  • Do Not Track (DNT): A browser setting to disable tracking.
  • Personal Data: Any information that relates to an identifiable individual.
  • Sale: Defined under CCPA.
  • Service: Refers to the Website.
  • Service Provider: Third parties that process data on behalf of the Company.
  • Usage Data: Data collected automatically from your use of the Service.
  • Website: https://ablmedspa.com
  • You: The individual or entity using the Service.

2. Collecting and Using Your Personal Data

2.1 Types of Data Collected

Personal Data

  • Email address
  • First and last name
  • Phone number
  • Address (State, Province, ZIP/Postal code, City)

Usage Data — automatically collected and may include:

  • IP address
  • Browser type and version
  • Pages visited, time spent
  • Device and diagnostic data

2.2 Tracking Technologies and Cookies

We use cookies and similar technologies, including:

  • Essential Cookies: For authentication and security (Session)
  • Policy Acceptance Cookies: Stores consent (Persistent)
  • Functionality Cookies: Remembers preferences (Persistent)
  • Tracking/Performance Cookies: Analyzes usage (Persistent, Third-Parties)

For more information, refer to our Cookies Policy.

2.3. HIPAA Notice and Protected Health Information

ABL Med Spa is a physician-supervised medical practice and, with respect to its medical services, is a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Protected Health Information (“PHI”) that we create or receive in the course of providing medical services — including information stored in our patient management system, clinical records, treatment notes, and any information you provide to our clinical staff — is governed by HIPAA and by our separate Notice of Privacy Practices (NPP), which is available at our office and upon request by contacting our Privacy Officer using the information in Section 14.

This Privacy Policy governs information collected through our website and marketing channels (such as contact forms, newsletter sign-ups, appointment requests, and analytics). Information you submit through the website — your name, email, phone number, and interest in a service — is used for scheduling and marketing purposes and is not treated as PHI unless and until it is entered into your clinical record by our staff. At that point, it becomes PHI and is governed by HIPAA and our NPP rather than by this Privacy Policy.

Please do not submit medical history, diagnoses, medications, symptoms, or other sensitive health information through website forms, email, social media messages, or chat. These are not secure channels for PHI. If you need to share medical information with us, please do so directly with our clinical staff or through our secure patient portal.

We do not sell PHI, and we do not disclose PHI to advertising, analytics, or marketing platforms. We do not use PHI to target advertising. The hashed-identifier conversion measurement described in Section 8 uses only information submitted through public website forms (name, email, phone) and is explicitly scoped to exclude any page, form, or event that involves PHI, including our patient portal and any clinical intake workflow.

2.4. Your HIPAA Rights

With respect to PHI held by ABL Med Spa, you have the right to: (i) inspect and obtain a copy of your PHI; (ii) request an amendment to your PHI; (iii) request an accounting of certain disclosures; (iv) request restrictions on how we use or disclose your PHI; (v) request confidential communications; and (vi) receive a paper copy of our Notice of Privacy Practices. To exercise any of these rights, contact our Privacy Officer. You also have the right to file a complaint with ABL Med Spa or with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), at https://www.hhs.gov/ocr/. We will not retaliate against you for filing a complaint.

3. Use of Your Personal Data

We may use your data to:

  • Provide and improve the Service
  • Manage your account
  • Fulfill contracts
  • Contact you with updates or marketing
  • Manage requests
  • Conduct business transfers
  • Analyze and enhance our services
  • Measure the performance of our marketing and advertising, including conversion measurement and attribution across third-party advertising platforms

Data Sharing

We may share your data with:

  • Service Providers
  • Business acquirers or investors
  • Advertising and analytics platforms (see Section 8)
  • With your consent

4. Data Retention

We retain your Personal Data only as long as necessary to comply with laws, resolve disputes, and enforce agreements. Usage Data may be retained longer when necessary for security or functionality.

5. Transfer of Personal Data

Your data may be transferred to and maintained outside your region. We ensure that adequate safeguards are in place.

6. Disclosure of Personal Data

Business Transactions

Your data may be transferred during a merger or acquisition.

Legal Requirements

We may disclose your data to comply with legal obligations, protect our rights, prevent fraud, and protect users and the public.

7. Security of Your Personal Data and PHI

We use commercially reasonable administrative, physical, and technical safeguards to protect your information. For PHI, we maintain safeguards consistent with the HIPAA Security Rule. In the event of a breach of unsecured PHI, we will notify affected individuals and, where required, the U.S. Department of Health and Human Services and the media, in accordance with the HIPAA Breach Notification Rule. No system is 100% secure, and we cannot guarantee absolute security.

8. Processing of Your Personal Data

Service Providers may access and process your data as described in their respective privacy policies.

Analytics and Advertising Measurement

We use third-party analytics and advertising tools to understand how visitors use our Service and to measure the effectiveness of our marketing. These tools may include, but are not limited to, Google Analytics, Google Ads, Google Tag Manager, and Meta (Facebook) Pixel.

To measure ad performance and attribute conversions (such as appointment requests or form submissions) back to the ads or campaigns that drove them, we may share hashed (one-way encrypted) versions of customer identifiers — such as email address and phone number — with Google and other advertising partners. This process is known as Enhanced Conversions or conversion measurement. The hashed data is used solely to match conversion events to ad interactions; it is not used to build third-party advertising profiles based on health or treatment information, and we do not share information about specific services received, treatments, or health conditions with advertising platforms.

You may opt out of this measurement at any time by contacting us using the information in Section 14. Advertising and analytics tracking tags are not deployed on our patient portal, intake forms, or any page or workflow where Protected Health Information may be collected. Conversion events are configured to report only that an appointment or inquiry occurred, and never the specific treatment, service, condition, or clinical context associated with it.

Email Marketing

You may receive marketing emails. You can unsubscribe at any time.

Payments

Payment data is handled by third-party processors compliant with PCI-DSS standards.

9. CCPA Privacy Policy (California Residents)

9.1 Categories of Personal Information Collected

We may collect identifiers, California Records, commercial info, and internet activity.

9.2 Business Use of Data

We use data for service operations, responding to inquiries, legal compliance, detecting security threats, and marketing measurement and attribution.

9.3 Disclosures

We may disclose categories A, B, D, and F for business purposes, including disclosure of hashed identifiers to advertising partners for conversion measurement as described in Section 8.

9.4 Rights Under CCPA

You have the right to know what we collect, request your data, opt out of sale, delete your data, and not be discriminated against. To exercise rights, contact us at contactus@ablmedspa.com or https://www.ablmedspa.com/contact-us.

9.5 Opt-Out Instructions

You can opt out via NAI Opt-Out, EDAA, or DAA. On mobile: Android “Opt out of Interest-Based Ads” or iOS “Limit Ad Tracking.”

10. Additional California Rights

Our site does not respond to DNT browser settings. California residents may request disclosures of shared personal data for marketing once per year. Residents under 18 can request content removal by contacting us.

11. Children’s Privacy

We do not knowingly collect data from anyone under 13. If you are a parent or guardian and become aware, contact us to delete the information.

12. Links to Other Sites

We are not responsible for external sites. Please review their privacy policies.

13. Changes to this Privacy Policy

We may update this policy periodically. We will notify you via email or prominent notice and update the “Last updated” date.

14. Contact Us

For general privacy questions, contact us at contactus@ablmedspa.com or https://www.ablmedspa.com/contact.

For questions about your Protected Health Information, your HIPAA rights, our Notice of Privacy Practices, or to file a privacy complaint, contact our Privacy Officer:

Gabriela Guy, Clinical Director
(512) 721-0274

Menu
Book Online Call Now