Privacy Policy

1 Information We Collect

We collect information from you in several ways — directly through our online forms, automatically through your browser and device, and through third-party advertising and analytics platforms.

A. Information You Provide Directly

When you submit an Appointment Request, Contact Form, Certificate Claim, or any other form on our website, we may collect:

• Identity information: First name, last name, date of birth, gender
• Contact information: Email address, phone number, ZIP code, city
• Appointment details: Preferred date and time, service(s) of interest, client type (new or returning), special notes or questions
• Referral information: How you heard about us (e.g., social media, friend referral, online search, advertisement)
• Treatment preferences: The specific treatment or service you are interested in
• SMS consent: Your explicit consent to receive text messages from us, collected on select forms
• Communications content: Any message, question, or note you include in forms or email correspondence

B. Information Collected Automatically

When you visit our website, our web server and third-party tools automatically collect certain information, including:

• Device & browser data: IP address, browser type and version, operating system, device type
• Usage data: Pages visited, links clicked, time spent on pages, referring URL
• Location data: General geographic region inferred from your IP address
• Cookies and tracking pixels: See Section 4 for full details

C. Information from Third-Party Platforms

If you interact with our social media pages (Facebook, Instagram, TikTok, YouTube) or engage with our paid advertisements on those platforms, those platforms may share aggregated or individual data with us as permitted by their own privacy policies. This may include profile information, engagement data, or ad interaction data.

2 How We Use Your Information

We use the information we collect for the following purposes:

Appointment & Service Delivery

• To process and confirm your appointment requests
• To contact you to schedule, reschedule, or confirm appointments
• To provide you with the medical spa services you request
• To send you pre-appointment and post-appointment communications
• To follow up on treatment outcomes or satisfaction

Communications

• To send confirmation emails after you submit a form
• To respond to your inquiries and messages
• To send SMS messages when you have opted in (see Section 5)
• To send promotional emails and offers about our services, memberships, and events
• To send birthday rewards, referral bonuses, and member-exclusive offers to enrolled members

Marketing & Advertising

• To serve you targeted advertisements on Facebook, Instagram, and other platforms
• To create custom audiences for advertising based on your information
• To re-target website visitors with relevant offers and promotions
• To analyze the effectiveness of our advertising campaigns
• To improve our website content and user experience

Business Operations & Compliance

• To maintain our client records and business operations
• To prevent fraud and protect the security of our website and users
• To comply with applicable federal, state, and local laws and regulations
• To enforce our terms of service and other agreements
• To detect and block spam and bot submissions

3 Facebook & Social Media Advertising

We actively advertise on Facebook (Meta), Instagram, and other social media platforms. By visiting our website or interacting with our brand online, you may be subject to the following advertising practices:

Meta Pixel (Facebook Pixel)

Our website may use the Meta Pixel (formerly Facebook Pixel), a piece of code provided by Meta Platforms, Inc. The Meta Pixel allows us to:

• Track visitor actions on our website (such as page views, form submissions, and service page visits)
• Measure the effectiveness of our Facebook and Instagram ad campaigns
• Build Custom Audiences of website visitors for retargeted advertising
• Build Lookalike Audiences to reach new people similar to our existing clients
• Show you relevant Soo Med Spa ads on Facebook, Instagram, and across Meta's advertising network after you have visited our website

Custom Audiences & Contact List Advertising

We may upload hashed (encrypted) contact information — such as email addresses or phone numbers — to Facebook, Instagram, or other advertising platforms to create Custom Audiences. This allows us to show ads specifically to our existing clients or leads on those platforms. The data is hashed before upload and Meta cannot reverse the hash to retrieve the original data.

Social Media Engagement

When you follow, like, comment on, or message us on any social media platform (Facebook, Instagram, TikTok, YouTube, WhatsApp), that platform collects and processes your data according to its own privacy policy. We may retain the content of your messages to us for business purposes. We do not control how third-party social platforms collect or use your data.

Influencer & Promotional Content

We may run promotional campaigns, contests, giveaways, or collaborations via social media. Participation in such campaigns is voluntary. Any personal information you submit in connection with a promotion will be used for that promotion's stated purpose and in accordance with this Privacy Policy.

4 Cookies & Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience and gather analytical data. These include:

• Essential cookies: Required for the website to function correctly (e.g., form submission security, session management)
• Analytics cookies: Used to understand how visitors interact with our site (e.g., Google Analytics, if enabled). This data is aggregated and anonymous.
• Advertising & remarketing cookies: Placed by platforms like Meta (Facebook/Instagram) to enable targeted advertising and conversion tracking
• Preference cookies: Remember your preferences to provide a more personalized experience

Most web browsers allow you to control cookies through their settings. You can instruct your browser to refuse cookies or to alert you when cookies are being sent. However, if you disable cookies, some portions of our site may not function properly.

5 SMS / Text Message Communications

We may send SMS (text message) communications to clients and prospective clients. By providing your phone number and checking the SMS consent checkbox on our forms, you expressly consent to receive text messages from Soo Med Spa, including:

• Appointment confirmations, reminders, and follow-ups
• Promotional offers, seasonal deals, and new service announcements
• Membership updates, renewal reminders, and member-exclusive offers
• Birthday rewards and referral bonus notifications
• Responses to your inquiries submitted via our website forms

We do not sell or share your phone number with third parties for their own marketing purposes. Your phone number is used solely by Soo Med Spa for the communications described in this section.

6 Email Communications

By submitting any form on our website, you may receive transactional and marketing emails from Soo Med Spa, including:

• Transactional emails: Appointment confirmations, form submission receipts, certificate claim acknowledgments, and service-related updates. These are sent automatically and are necessary for service delivery.
• Marketing emails: Promotions, offers, new service announcements, membership news, seasonal specials, and event invitations.

You may opt out of marketing emails at any time by clicking the "Unsubscribe" link included in every marketing email, or by contacting us directly at info@soomedspa.com. Please note that opting out of marketing emails does not stop transactional emails related to services you have requested.

We use a secure SMTP server (Zoho Mail) to send all emails. Your email address is transmitted securely and is not disclosed to unaffiliated third parties for their own marketing purposes.

7 Sharing & Disclosure of Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our website and delivering our services. These providers are contractually obligated to keep your data confidential and use it only for the purposes we specify. Current service providers include:

• Email delivery: Zoho Mail (SMTP) for sending confirmation and marketing emails
• Advertising platforms: Meta (Facebook/Instagram), TikTok, Google — for targeted advertising as described in Section 3
• Analytics: Any analytics providers used to understand website traffic and usage
• Website hosting: Our web hosting provider(s) who store website files and form submissions

Legal Requirements

We may disclose your information if required to do so by law, court order, government authority, or regulatory body, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Soo Med Spa; (c) prevent or investigate possible wrongdoing; or (d) protect the safety of our clients, staff, or the public.

Business Transfers

In the event that Soo Med Spa is involved in a merger, acquisition, asset sale, or similar business transaction, your personal information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so, such as when you participate in a joint promotion or referral program.

8 Health & Treatment Information

As a medical spa, we may collect certain health-related information from you in connection with our services, including:

• Treatment interests and aesthetic goals you describe in appointment forms or consultations
• Medical history or health conditions you voluntarily disclose to our staff
• Treatment records created during or after your visit to our spa
• Date of birth (used to verify age eligibility for certain treatments)

We store health-related information only for as long as necessary to provide our services and as required by law. We use reasonable physical, administrative, and technical safeguards to protect this information from unauthorized access or disclosure.

9 Referral Program & Third-Party Links

Referral Program

Our Refer a Friend program allows existing clients to refer new clients in exchange for credits or rewards. When you participate:

• You may provide the name and contact information of a person you are referring. By doing so, you represent that you have their permission to share their information with us.
• The referred individual will receive a communication from us about our services and the referral offer.
• Referral reward credits are issued to your account and may be used toward services at Soo Med Spa.

Third-Party Links

Our website and social media pages may contain links to third-party websites, platforms, or services (such as Facebook, Instagram, TikTok, Google Maps, or WhatsApp). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites.

10 Data Retention

We retain your personal information for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Specifically:

• Appointment and form submissions: Retained for the duration of your relationship with us and for a reasonable period thereafter for customer service, legal, and audit purposes.
• Email correspondence: Retained for up to 3 years, or longer if required by law.
• Marketing consent records: Retained for as long as you remain an active contact, plus a reasonable period to demonstrate compliance.
• Health and treatment records: Retained in accordance with Texas state law requirements applicable to medical and aesthetic providers.
• Website analytics data: Aggregated analytics data may be retained indefinitely; personally identifiable analytics data is subject to the retention policies of our analytics providers.

When your information is no longer needed, we will dispose of it securely by deleting electronic records and shredding paper records.

11 Your Rights & Choices

Depending on where you reside, you may have certain rights regarding your personal information. As a Texas-based business, we respect the following rights for all our clients:

• Right to access: You may request a copy of the personal information we hold about you.
• Right to correction: You may request that we correct inaccurate or incomplete personal information.
• Right to deletion: You may request that we delete your personal information, subject to certain legal exceptions (e.g., where we are required by law to retain records).
• Right to opt out of marketing: You may opt out of marketing emails at any time (see Section 6) and opt out of SMS messages at any time (see Section 5).
• Right to opt out of targeted advertising: You may adjust your advertising preferences through Meta, Google, and other platforms (see Section 3 and Section 4).
• Right to data portability: Where technically feasible, you may request that we provide your data in a portable format.

To exercise any of these rights, please contact us using the information in Section 15. We will respond to verifiable requests within a reasonable timeframe. We may need to verify your identity before fulfilling your request.

12 Children's Privacy

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at info@soomedspa.com and we will promptly delete such information from our records.

Certain treatments at Soo Med Spa require clients to be 18 years of age or older, or to have parental/guardian consent if under 18. Age eligibility is verified at the time of service. We collect date of birth on our appointment forms for this purpose.

13 Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, or disclosure. These measures include:

• HTTPS encryption for all data transmitted through our website
• Secure SMTP (TLS/SSL) email transmission via Zoho Mail
• Restricted access to personal information — only authorized staff with a legitimate business need may access it
• Spam and bot protection on all forms (including honeypot fields and submission timing checks)
• Secure storage of configuration and credentials on our server

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights or interests, we will notify you as required by applicable law.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on this page
• Where appropriate, notify you by email or by a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us:

• Business Name: Soo Med Spa
• Address: 21720 Highland Knolls Dr, Suite 4-A, Katy, TX 77450
• Phone: (713) 364-6674
• Email: info@soomedspa.com
• Office Hours: Mon–Wed 10am–6pm · Thu–Fri 10am–7pm · Sat 10am–4pm