At Tox & Skin Co., your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, including your health-related data, when you visit our medical spa, use our services, or interact with us online or in person. We comply with the Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission (FTC) guidelines, and applicable laws in the State of Michigan.
2.
Information We Collect
We may collect the following types of information from you:
a.
Personal Identifiable Information (PII):
Name
Address
Email
Phone number
Date of birth
Payment and billing information
b.
Protected Health Information (PHI):
Medical history
Treatment details
Health conditions
Prescriptions
Photos for medical documentation (e.g., before & after images)
c.
Non-Personal Information:
IP address
Browser type
Device type
Cookies and usage data when you interact with our website
3.
How We Use Your Information
We use the information collected to:
Provide safe and effective treatments
Schedule and manage appointments
Process payments
Communicate with you about your care or promotions (with consent)
Maintain medical and business records
Comply with legal and regulatory obligations
4.
How We Share Your Information
We do not sell your personal or health information. However, we may share it with:
Licensed medical professionals involved in your care
Billing or payment processors (e.g., credit card providers)
HIPAA-compliant third-party service providers (e.g., electronic health record systems, appointment schedulers)
Regulatory bodies or law enforcement as required by law
5.
Your Rights Under HIPAA
As a client, you have the right to:
Access your medical records
Request amendments to your information
Receive an accounting of disclosures
Request confidential communications
File a complaint with our office or with the U.S. Department of Health & Human Services if you believe your privacy rights have been violated
6.
Data Security
We implement appropriate administrative, technical, and physical safeguards to protect your personal and health information against unauthorized access, disclosure, or misuse. All staff are trained on HIPAA compliance and data protection best practices.
7.
Marketing Communications
We may use your contact information to send promotional messages or appointment reminders. You may opt out of marketing emails at any time by clicking “unsubscribe” or contacting us directly.
Note: Medical communication (e.g., treatment reminders) may still be sent as permitted under HIPAA.
8.
Website & Cookies
If you use our website, we may collect information using cookies or similar technologies to improve your experience. You may control cookie settings in your browser.
9.
Minors’ Privacy
Our services are intended for individuals 18 years or older unless accompanied by a parent or legal guardian. We do not knowingly collect personal information from minors without proper consent.
10.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date. Continued use of our services after changes indicates your acceptance.
11.
Contact Us
If you have questions or concerns about this Privacy Policy or your personal information, please contact us: