Privacy Policy

Introduction

Grey Aesthetics ("we," "our," or "us") operates a medical aesthetic practice located in Newport Beach, California. We are committed to protecting the privacy and confidentiality of all personal and health-related information entrusted to us by our patients and website visitors. This Privacy Policy describes how we collect, use, share, and safeguard your information when you visit our website at greyaestheticsoc.com, contact us, or receive services at our practice.

By using our website or engaging with our practice, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms outlined here, please refrain from using our website or services.

Information We Collect

We collect information you provide directly to us, as well as information gathered automatically when you interact with our website. The types of information we may collect include:

• Personal Identifiers: Full name, date of birth, mailing address, email address, and phone number.
• Health & Medical Information: Medical history, current medications, allergies, treatment preferences, and other health information relevant to scheduling and providing aesthetic services.
• Appointment Information: Requested services, preferred appointment times, and past treatment records.
• Payment Information: Billing address and payment method details (processed securely through third-party payment processors; we do not store full card numbers).
• Communications: Records of your inquiries, messages, and correspondence with our staff via phone, email, or website contact forms.
• Website Usage Data: IP address, browser type, pages visited, time spent on pages, and referring URLs, collected automatically via cookies and analytics tools.

How We Use Your Information

We use the information we collect for the following purposes:

• To schedule, confirm, and manage your appointments and treatment sessions.
• To provide safe, effective, and personalized aesthetic and medical services.
• To communicate with you regarding your appointments, treatment plans, follow-up care, and results.
• To send appointment reminders, pre-care instructions, and post-care guidance.
• To process payments and maintain accurate billing records.
• To respond to your questions, requests, and concerns.
• To improve our website, services, and patient experience.
• To comply with applicable laws, regulations, and professional standards.
• To send promotional communications, with your consent, about special offers, new services, and events (you may opt out at any time).

HIPAA Compliance

As a medical practice, Grey Aesthetics is subject to the Health Insurance Portability and Accountability Act (HIPAA) with respect to your Protected Health Information (PHI). We maintain appropriate administrative, physical, and technical safeguards to protect the privacy and security of your PHI in accordance with HIPAA requirements. We will not disclose your PHI to third parties without your written authorization, except as permitted or required by law — such as for treatment, payment operations, or legally mandated disclosures.

You have rights under HIPAA, including the right to access, amend, and receive an accounting of disclosures of your PHI. To exercise these rights or to receive a copy of our HIPAA Notice of Privacy Practices, please contact us at the information provided below.

How We Protect Your Information

We implement industry-standard security measures to protect your personal and health information from unauthorized access, disclosure, alteration, or destruction. These measures include SSL/TLS encryption for data transmitted through our website, secure access controls for our practice management systems, staff training on privacy and data security, and regular review of our data protection practices.

While we take every reasonable precaution to protect your data, no method of transmission over the internet or electronic storage is completely secure. We encourage you to contact us by phone at (949) 418-7495 for sensitive matters.

Cookies and Analytics

Our website uses cookies — small text files stored on your device — to enhance your browsing experience, remember your preferences, and analyze website traffic. We use the following types of cookies:

• Essential Cookies: Required for the website to function correctly. These cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with our site (e.g., which pages are visited most). This data is aggregated and anonymous.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. These are only active if you have consented.

You can control and disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

Mobile Information and Text Messaging Policy

• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
• Text messaging originator opt-in data and consent will not be shared with any third parties, except for aggregators and providers of the text message services.

Third-Party Services

We work with trusted third-party service providers to operate our practice and website. These may include:

• Google Analytics: We use Google Analytics to analyze website traffic and usage patterns. Google Analytics collects anonymized data such as browser type, pages visited, and session duration. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
• Email Services: We use email marketing platforms to send appointment reminders and promotional communications. Your email address will only be used for communications you have consented to receive.
• Practice Management Software: Patient records and appointment data are managed through HIPAA-compliant practice management systems.
• Payment Processors: Payments are handled through PCI-compliant payment processors. We do not store your full payment card information on our servers.
• Financing Partners: If you apply for patient financing through CareCredit or Cherry, your information is shared directly with those providers under their respective privacy policies.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Children's Privacy

Our services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental consent. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete such information.

California Privacy Rights

As a California-based business, we comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). California residents have the right to know what personal information we collect and how it is used, request deletion of their personal information, opt out of the sale of personal information (we do not sell personal data), and non-discrimination for exercising these rights. To submit a privacy rights request, please contact us using the information below.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us: