Can't get in with your doctor? We have same-day appointments!
HG
← Back to Home

Privacy Policy

Last Updated: January 30, 2026

📋 HIPAA Notice

Hello Gorgeous Med Spa is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). We are committed to protecting your Protected Health Information (PHI) in accordance with federal and state law.

1. Introduction

Hello Gorgeous Med Spa ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

2. Information We Collect

Personal Information

We may collect the following types of personal information:

  • Name, address, phone number, and email address
  • Date of birth and gender
  • Payment information (credit card numbers are not stored on our servers)
  • Emergency contact information

Protected Health Information (PHI)

As a medical provider, we collect health-related information including:

  • Medical history and current health conditions
  • Medications and allergies
  • Treatment records and clinical notes
  • Before and after photographs
  • Lab results and diagnostic information
  • Insurance information (if applicable)

Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Device information
  • Pages visited and time spent
  • Referring website
  • Cookies and similar technologies

3. How We Use Your Information

We use your information for the following purposes:

Treatment Purposes

  • Providing medical aesthetic services
  • Creating and maintaining your medical record
  • Communicating with you about your care
  • Scheduling appointments and sending reminders
  • Following up on treatment outcomes

Payment and Operations

  • Processing payments and invoicing
  • Managing your account
  • Verifying insurance coverage (if applicable)
  • Internal quality improvement

Communication

  • Sending appointment reminders
  • Providing treatment information
  • Sending promotional offers (with your consent)
  • Responding to inquiries

4. How We Share Your Information

We may share your information in the following circumstances:

With Your Consent

  • When you authorize us to share information with other providers
  • For marketing purposes (only with explicit consent)
  • For before/after photos (only with signed photo release)

Without Your Consent (as permitted by law)

  • For treatment, payment, and healthcare operations
  • To comply with legal requirements
  • To prevent serious threats to health or safety
  • For public health activities
  • To health oversight agencies
  • In response to lawful court orders

Service Providers

We may share information with third-party service providers who assist us in operating our business (e.g., payment processors, scheduling software, email services). All service providers are required to sign Business Associate Agreements (BAAs) and maintain HIPAA compliance.

5. Your Rights Under HIPAA

You have the following rights regarding your health information:

Right to Access

You may request copies of your medical records. We may charge a reasonable fee for copies.

Right to Amend

You may request corrections to your medical record if you believe information is incorrect.

Right to Accounting of Disclosures

You may request a list of certain disclosures we have made of your information.

Right to Request Restrictions

You may request restrictions on how we use or share your information, though we are not always required to agree.

Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location.

Right to a Paper Copy

You may request a paper copy of this Privacy Policy at any time.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encrypted data transmission (SSL/TLS)
  • Encrypted data storage
  • Access controls and authentication
  • Regular security assessments
  • Staff training on privacy and security
  • Physical security of records

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your information has been compromised, please contact us immediately.

7. Data Retention

We retain your information as follows:

  • Medical Records: Minimum 10 years after last treatment (as required by Illinois law)
  • Minor Patient Records: Until patient reaches age 23 or 10 years after last treatment, whichever is later
  • Billing Records: 7 years
  • Marketing Data: Until you unsubscribe or request deletion

8. Cookies and Tracking

Our website uses cookies and similar technologies to:

  • Remember your preferences
  • Analyze website traffic
  • Improve user experience
  • Deliver targeted advertising (with consent)

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. SMS and Mobile Messaging

Hello Gorgeous Med Spa may send appointment reminders, promotional offers, and account notifications via SMS. Message frequency varies. Message and data rates may apply. Reply STOP to opt out. Reply HELP for assistance. We do not sell or share mobile information with third parties for marketing purposes.

When you provide your mobile number and opt in to receive text messages, we may send you appointment reminders, treatment updates, and promotional offers via SMS.

Your mobile information will not be sold or shared with third parties for promotional or marketing purposes.

We use your phone number only to communicate with you about your appointments and, if you opt in, to send occasional promotional offers from Hello Gorgeous Med Spa. You may opt out at any time by replying STOP to any message.

📱 SMS Communications Policy

Message Program Summary

Hello Gorgeous Med Spa sends appointment confirmations, appointment reminders, post-treatment care instructions, account notifications, and occasional promotional offers to clients who explicitly opt in. Message frequency varies (up to 4 messages per month). Message and data rates may apply. Reply STOP to unsubscribe. Reply HELP for help.

Where to opt in (mobile opt-in path):

SMS Consent & Opt-In

By providing your mobile phone number and affirmatively opting in, you consent to receive text messages from Hello Gorgeous Med Spa related to:

  • Appointment reminders
  • Appointment confirmations
  • Post-treatment follow-ups
  • Account notifications
  • Promotional offers and announcements

Message frequency may vary based on your interaction with our services.

Message and data rates may apply.

Consent to receive SMS messages is not a condition of purchase.

You may opt in by:

  • Checking the SMS consent box during booking
  • Submitting an online intake form that includes SMS consent language
  • Signing a physical intake form with SMS authorization
  • Verbally consenting and confirming via text

Opt-Out Instructions

You may opt out of SMS communications at any time by replying: STOP or UNSUBSCRIBE.

After opting out, you will receive a final confirmation message confirming your removal from our messaging list.

Help Instructions

For assistance, reply HELP or contact us directly at:

📞 (630) 636-6193
📧 hello.gorgeous@hellogorgeousmedspa.com

Data Usage & Privacy Commitment

We respect your privacy. Your mobile information will not be sold, rented, or shared with third parties for promotional or marketing purposes. We may share information with service providers solely for operational purposes necessary to deliver messaging services. All information is handled in accordance with our general Privacy Policy and applicable healthcare data protection regulations.

Message Types

Examples of messages you may receive:

  • “Hello Gorgeous Med Spa: Your Botox appointment is confirmed for Friday at 2:00 PM.”
  • “Reminder: Your hormone therapy consultation is tomorrow at 10:30 AM.”
  • “Special Offer: $20 off PRF this month. Reply STOP to opt out.”

You may opt in via our website at Contact or Book, or in person (intake form or verbal consent confirmed via text).

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review the privacy policies of any site you visit.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age without parental/guardian consent. We do not knowingly collect information from children under 13. If you believe we have collected information from a child, please contact us.

12. Breach Notification

In the event of a data breach affecting your Protected Health Information, we will notify you in accordance with HIPAA requirements (within 60 days of discovery) and take appropriate steps to mitigate harm.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of our services constitutes acceptance of any changes.

14. How to File a Complaint

If you believe your privacy rights have been violated, you may:

  1. Contact our Privacy Officer (see below)
  2. File a complaint with the U.S. Department of Health and Human Services Office for Civil Rights

We will not retaliate against you for filing a complaint.

15. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact:

Privacy Officer
Hello Gorgeous Med Spa
74 W. Washington St
Oswego, IL 60543
Phone: (630) 636-6193
Email: hello.gorgeous@hellogorgeousmedspa.com

HHS Office for Civil Rights:
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll-free: 1-877-696-6775
www.hhs.gov/hipaa/filing-a-complaint