Privacy policy.
Effective: 04/26/2025
Last Updated: 05/02/2025
ARCSCHON Haus LLC, dba ARCSCHÖN Aesthetics (“we,” “us,” “our,” or “the Practice”) respects your privacy and is committed to protecting your personal, health, and financial information. This Privacy Policy explains how we collect, use, share, and protect your information in compliance with applicable U.S. federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and industry best practices.
By using our website or services, you consent to the practices outlined in this policy.
⸻
1. INFORMATION WE COLLECT
We collect and store various types of information to deliver and improve our services:
a. Personal Information
Name, phone number, email address, mailing address, date of birth, and demographic details
Submitted through forms, scheduling tools, consultations, or customer support interactions
b. Protected Health Information (PHI)
Medical history, allergies, medications, treatment records, procedure history
Photos, videos, or treatment notes captured during services
Intake documentation and Good Faith Exam (GFE) details
c. Financial and Transactional Information
Billing address, last four digits of your payment card, and payment history
Payment and financing data processed via Stripe (direct or through Boulevard and/or Aesthetic Record) and Cherry
We do not store full credit card numbers on our own servers. Card information may be securely stored and tokenized by our payment processors, Stripe or Boulevard, for purposes of recurring billing, deposits, or client convenience.
d. Technical and Website Usage Data
IP address, browser type, device identifiers, access times
Interaction data collected via cookies, analytics tools, and marketing pixels
⸻
2. PLATFORMS USED FOR DATA MANAGEMENT (ALL HIPAA-COMPLIANT)
We partner exclusively with vendors that are compliant with HIPAA and/or PCI-DSS standards for secure data processing, including:
Boulevard: Our primary scheduling, point-of-sale, and electronic medical record (EMR) system for intake, charting, documentation, communication, and payment processing.
Aesthetic Record: Used for treatment documentation, photography, and payment processing where applicable.
SpaKinect and/or Qualiphy: Used to conduct and store Good Faith Exams (GFEs) in accordance with HIPAA and applicable medical board requirements.
Stripe: Used directly and through integrations as needed to securely process client payments via PCI-DSS Level 1 compliant protocols.
Cherry: A third-party financing platform facilitating aesthetic service financing applications; HIPAA-aware and PCI-compliant.
Each platform employs physical, administrative, and technical safeguards to protect your personal and health information.
⸻
3. HOW WE USE YOUR INFORMATION
We use your information to:
Schedule and deliver medical aesthetic services
Maintain medical records and fulfill legal documentation requirements
Process payments, deposits, and financing applications
Respond to inquiries, provide treatment follow-ups, and send appointment reminders
Send marketing communications with your consent
Improve website functionality, client experience, and treatment outcomes
Comply with applicable state and federal law, including HIPAA documentation retention requirements
⸻
4. HIPAA COMPLIANCE
ARCSCHÖN Aesthetics complies with HIPAA to safeguard your Protected Health Information (PHI) through:
Encrypted storage and transmission of health data
Restricted, role-based access to medical information
Use of HIPAA-compliant platforms (Boulevard, Aesthetic Record, SpaKinect, and Qualiphy)
Annual privacy and HIPAA training for authorized staff
Breach response and notification procedures in accordance with federal regulations
You have the right to:
Access your PHI
Request corrections or updates to your medical records
Request restrictions on how your PHI is used or disclosed
Receive a copy of this Privacy Policy and our Notice of Privacy Practices
Requests must be submitted in writing to the contact information at the end of this policy.
⸻
5. DISCLOSURE OF INFORMATION
We do not sell your personal information. We may disclose your information only under the following lawful and limited circumstances:
a. With Your Consent
To other healthcare providers at your request
For referrals or continuity of care
For specific marketing or public use (e.g., before/after photos with written authorization)
b. To Authorized Third Parties
HIPAA- and PCI-compliant vendors such as Boulevard, Aesthetic Record, Stripe, Cherry, SpaKinect, and Qualiphy
IT and administrative service providers operating under strict confidentiality agreements
c. When Legally Required
By subpoena, warrant, court order, or as required by applicable federal, state, or local law
To prevent or report abuse, fraud, threats to safety, or medical emergencies
⸻
6. DATA SECURITY MEASURES
We implement robust physical, administrative, and technical safeguards to protect your information, including:
SSL encryption on all website forms
Two-factor authentication and access logging within our EMR systems
Encrypted communication channels and secure data storage
Routine security audits and vendor compliance reviews
Payment data processed exclusively through PCI-DSS Level 1 certified processors (Stripe and Cherry)
While no system can guarantee absolute security, we employ industry best practices to minimize risks.
⸻
7. MARKETING & COMMUNICATIONS
If you provide your email address or phone number, you consent to receive:
Appointment confirmations and reminders
Treatment-related follow-up communications
Promotions, service updates, and event invitations (with the ability to opt out at any time)
Transactional or legally required communications may still be sent even if you opt out of marketing communications.
⸻
8. SMS COMMUNICATIONS
By entering your phone number on any form on our website or booking platform, you are agreeing to receive text messages from us. Message & data rates may apply. Message frequency may vary. Reply HELP for more information. You can reply STOP or UNSUBSCRIBE to opt-out at any time.
SMS messages may include appointment reminders, treatment updates, limited-time offers, service announcements, and other practice-related communications. These messages are sent in accordance with your preferences and applicable laws.
We do not share your mobile information with third parties or affiliates for marketing or promotional purposes. Your personally identifiable information (PII), including your phone number, is never sold, traded, or disclosed to third parties for unsolicited messaging.
If you need assistance managing your SMS consent, you may:
Reply HELP to any message
Contact us directly at the information provided in Section 14 of this policy
SMS opt-in is collected through forms where the disclosure is clearly and visibly presented. If a checkbox is used to confirm SMS consent, it will always be unchecked by default to ensure intentional opt-in.
⸻
9. COOKIES AND WEBSITE TRACKING
We use cookies and similar technologies to:
Analyze website traffic and user behavior
Personalize and enhance your website experience
Measure marketing campaign effectiveness
You may control cookie settings through your browser. Disabling cookies may affect the website’s functionality.
⸻
10. DATA RETENTION
We retain your information according to regulatory requirements:
Medical records: Retained for 6–10 years after the last patient interaction
Marketing and analytics data: Retained until you opt out or request deletion
Financial records: Retained for a minimum of 7 years for tax and bookkeeping purposes
⸻
11. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have the right to:
Request access to your personal data
Request deletion of your personal data (subject to HIPAA or other legal retention exceptions)
Opt out of the future sale of your personal data (note: we do not sell personal data)
To exercise these rights, please contact us in writing using the information at the end of this policy.
⸻
12. CHILDREN’S PRIVACY
ARCSCHÖN Aesthetics’ services are generally intended for individuals aged 18 or older. However, certain services, such as laser hair removal, may be provided to minors aged 13–17 with parental or guardian consent.
In such cases:
A parent or legal guardian must be present at the consultation
Signed informed consent and authorization forms are required
Verification of parental/guardian identity may be requested
Only the minimum necessary information is collected to provide safe, compliant care
We do not knowingly market to or collect information from children under the age of 13. If such data is collected without verified parental consent, it will be deleted immediately.
⸻
13. THIRD-PARTY LINKS
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We recommend reviewing their privacy policies before providing any personal information.
⸻
14. POLICY UPDATES
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last Updated” date. Continued use of our services following updates constitutes acceptance of the revised policy.
⸻
15. CONTACT US
For privacy-related questions, data access requests, or complaints, please contact:
ARCSCHON Haus LLC dba ARCSCHÖN Aesthetics
7316 E Stetson Dr
Studio 14
Scottsdale, AZ 85251
Email: aesthetics@arcschon.com
Phone: +1 (602) 657-5904
Website: arcschon.com
You may also file a HIPAA-related complaint directly with the U.S. Department of Health and Human Services Office for Civil Rights at: