Privacy Policy for Arcschön Aesthetics

Last Updated: August 13, 2025

Arcschon Haus LLC, doing business as Arcschon Aesthetics (“Arcschon Aesthetics,” “we,” “us” or “our”), respects your privacy and is committed to protecting your personal, health and financial information. This Privacy Policy explains what information we collect, how we use it, with whom we share it and the choices you have. It is intended to comply with U.S. federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA). By using our website or services, you consent to the data practices described in this Policy.

1. Information We Collect

We collect different types of information to provide and improve our services:

a. Personal Information

•          Identifiers such as your name, email address, phone number, mailing address, date of birth and demographic details.

•          Information you provide through forms, scheduling tools, consultations or customer support interactions.

b. Protected Health Information (PHI)

•          Medical history, allergies, medications, treatment records and procedure history.

•          Photos, videos or treatment notes created during services.

•          Intake documentation, medical questionnaires and good faith exam records.

c. Financial and Transactional Information

•          Billing address, last four digits of your payment card and payment history.

•          Payment and financing data processed via PCI‑compliant processors such as Stripe (used directly or through integrations with Boulevard and/or Aesthetic Record) and Cherry.

•          We do not store full credit or debit card numbers on our own servers. Card information may be securely tokenized by our payment processors for recurring billing, deposits or convenience.

d. Technical and Website Usage Data

•          Internet Protocol (IP) address, browser type, device identifiers and access times.

•          Interaction data collected via cookies, analytics tools and marketing pixels to analyse user behaviour and improve our website. You can control cookies through your browser settings; disabling cookies may affect website functionality.

2. Platforms Used for Data Management

To provide secure and efficient services, we partner with vendors that are compliant with HIPAA and, where applicable, the Payment Card Industry Data Security Standard (PCI‑DSS). These include:

•          Boulevard: our primary scheduling, point‑of‑sale and electronic medical record (EMR) system used for intake, charting, documentation, communication and payment processing.

•          Aesthetic Record: used for treatment documentation, photography and payment processing where applicable.

•          SpaKinect and Qualiphy: telehealth platforms used to conduct and store good faith exams in compliance with state medical board requirements.

•          Stripe: used directly and through integrations to securely process client payments via PCI‑DSS Level 1 compliant protocols.

•          Cherry: a third‑party financing platform facilitating payment plans for qualified clients. Use of Cherry is subject to its own privacy policy and terms.

Each platform maintains physical, administrative and technical safeguards to protect your personal and health information. We enter into business‑associate agreements where required by HIPAA and limit vendor access to the minimum necessary information.

3. How We Use Your Information

We may use your information to:

•          Schedule and provide medical aesthetic services and tailor your treatment plan;

•          Maintain required medical records and fulfil legal documentation obligations;

•          Process payments, deposits and financing applications through secure processors;

•          Communicate with you regarding appointments, treatment follow‑ups and other service‑related matters;

•          Send marketing communications (including newsletters, promotions and offers) with your consent;

•          Improve our website functionality, client experience and treatment outcomes through analytics and feedback;

•          Comply with applicable state and federal law, including HIPAA documentation retention requirements.

4. HIPAA Compliance & Your Rights

Arcschon Aesthetics complies with HIPAA by implementing:

•          Encrypted storage and transmission of health data;

•          Role‑based access controls and two‑factor authentication within our EMR systems;

•          Regular privacy and HIPAA training for authorized staff;

•          Breach response and notification procedures consistent with federal regulations.

You have the right to:

•          Access your PHI;

•          Request corrections or updates to your medical records;

•          Request restrictions on how your PHI is used or disclosed;

•          Obtain a copy of this Privacy Policy and our HIPAA Notice of Privacy Practices.

Requests must be submitted in writing to the contact information provided at the end of this policy.

5. Disclosure of Information

We do not sell your personal information. We may disclose information only under the following circumstances:

a. With Your Consent

•          When you authorize disclosure to other healthcare providers for referrals or continuity of care;

•          When you permit us to use before‑and‑after photographs or testimonials for marketing purposes.

b. To Authorized Third Parties

•          To HIPAA‑ and PCI‑compliant vendors such as Boulevard, Aesthetic Record, Stripe, Cherry, SpaKinect and Qualiphy for purposes of scheduling, charting, telehealth and payment processing;

•          To IT and administrative service providers operating under confidentiality agreements.

c. When Legally Required

•          When required by subpoena, warrant, court order or other legal process;

•          To prevent or report abuse, fraud, threats to safety or medical emergencies.

6. Data Security Measures

We implement reasonable and appropriate safeguards to protect your information, including:

•          SSL encryption on all website forms and online portals;

•          Secure, encrypted communication channels and data storage;

•          Two‑factor authentication, access logging and regular password rotations within our EMR systems;

•          Routine security audits and vendor compliance reviews;

•          Payment data processed exclusively through PCI‑DSS Level 1 certified processors.

Although no system can guarantee absolute security, we strive to minimize risks by following industry best practices.

7. Marketing & Communications

If you provide your email address or phone number, you consent to receive:

•          Appointment confirmations and reminders;

•          Treatment‑related follow‑up communications;

•          Promotional messages, service updates and event invitations (you may opt out at any time).

Transactional or legally required communications may still be sent even if you opt out of marketing messages. To unsubscribe from marketing emails, click the unsubscribe link in the message. To opt out of promotional text messages, reply STOP.

8. SMS Communications

When you enter your phone number on our website or booking platform, you agree to receive text messages from us. Message and data rates may apply. Message frequency may vary. Reply HELP for assistance and STOP or UNSUBSCRIBE to opt out. We do not share your mobile information with unaffiliated third parties or sell your phone number for marketing purposes. SMS consent is collected through clearly disclosed opt‑in forms; any checkbox for SMS consent will be unchecked by default.

9. Cookies & Website Tracking

We use cookies and similar technologies to analyse website traffic, understand how users interact with our site, personalise content and measure marketing effectiveness. You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of our website. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Our site uses Microsoft Clarity and similar analytics tools to collect anonymized behaviour data such as page views, clicks and scroll patterns. Clarity may collect browser and device information and anonymized IP addresses to provide us with usability insights. The data collected is used only to improve our website and does not include PHI. You can opt out of Microsoft Clarity by adjusting your browser privacy settings or visiting https://optout.aboutads.info.

10. Data Retention

We retain your information as required by law and in accordance with industry standards:

•          Medical records: retained for six to ten years after the last patient interaction, depending on state and federal requirements;

•          Marketing and analytics data: retained until you opt out or request deletion;

•          Financial records: retained for at least seven years for tax and bookkeeping purposes.

When information is no longer needed for legal or operational purposes, it will be securely deleted or anonymized.

11. California Privacy Rights

If you are a California resident, you have the right to:

•          Request access to the personal data we maintain about you;

•          Request deletion of your personal information (subject to legal retention requirements);

•          Opt out of the future sale of personal data (we do not sell personal data).

To exercise these rights, please submit a written request using the contact information below. We will verify your identity before responding to your request and comply within the timeframe required by law.

12. Children’s Privacy

Our services are generally intended for individuals aged 18 or older. We may provide certain services, such as laser hair removal, to minors aged 13–17 only with the written consent of a parent or legal guardian and subject to approval by our supervising nurse practitioner. We do not knowingly market to or collect information from children under 13. If we become aware that we have inadvertently collected information from a child under 13 without verified parental consent, we will delete it immediately.

13. Third‑party Links

Our website may contain links to third‑party websites or services. We are not responsible for the privacy practices, content or security of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements or the features of our Services. When we update the policy, we will post the revised version on our website and update the “Last updated” date at the top of this document. Your continued use of our Services following an update constitutes acceptance of the changes. We encourage you to review this policy periodically.

15. Contact us

For privacy‑related questions, data access requests or complaints, please contact us:

Arcschon Haus LLC dba Arcschon Aesthetics
7316 E Stetson Dr, Studio 14
Scottsdale, AZ 85251
Email: aesthetics@arcschon.com
Phone: +1 (602) 657‑5904
Website: https://www.arcschon.com

You may also file a HIPAA‑related complaint directly with the U.S. Department of Health and Human Services Office for Civil Rights at: https://www.hhs.gov/hipaa/filing-a-complaint/.