Privacy Policy

Ali Aesthetics
Effective date: October 9, 2025

1) Who we are

Ali Aesthetics (“we,” “us,” “our”) is a medical clinic and spa providing wellness and aesthetic services, including hormone replacement therapy (HRT), IV infusions, injectables, laser treatments, and related services.
Legal entity: Ali Aesthetics
Contact: info@my-ali.com | (813)541-4542

2) Scope of this policy

This Privacy Policy explains how we collect, use, disclose, and protect information when you:

  • Visit our website, patient portal, or online booking pages;

  • Communicate with us by phone, text/SMS, email, social media, or chat;

  • Receive care in-clinic or via telehealth; and

  • Participate in events, promotions, or financing.

Important HIPAA note: Some information we collect is Protected Health Information (PHI) and is governed by the Health Insurance Portability and Accountability Act (HIPAA). When HIPAA applies, our Notice of Privacy Practices controls how we use and disclose PHI. This website Privacy Policy covers other personal information and situations where HIPAA may not apply (e.g., marketing site visits). We will provide the HIPAA Notice at your first visit and upon request.

3) Information we collect

A) You provide directly

  • Patient intake & treatment info: medical history, medications, allergies, photos, treatment preferences/goals. (PHI when tied to care.)

  • Identification & contact: name, date of birth, address, email, phone.

  • Billing & payments: payment method, billing address; financing application details if you apply with third parties like Cherry or CareCredit. (Payment card details are processed by our payment processors—e.g., Square—we do not store full card numbers.)

  • Communications: messages, forms, consents, reviews/testimonials, and survey responses.

  • Photo/video: clinical photos for charting; before/after photos; media for testimonials (only with your consent).

  • Appointment details: bookings, cancellations, no-shows, preferences.

B) Collected automatically (online)

  • Device/usage data: IP address, browser, device type, pages visited, time on site, referring/exit pages.

  • Cookies & similar tech: to operate the site, remember preferences, analyze traffic, and support marketing.

  • Analytics/ads tools: we may use Google Analytics and advertising pixels (e.g., Meta). These tools set cookies and collect usage data. See Section 10 to control these.

C) From third parties

  • Scheduling & EHR/EMR platforms: e.g., JaneApp for booking and patient records.

  • Payment/financing providers: e.g., Square, Cherry, CareCredit.

  • Labs & service partners: e.g., Quest Diagnostics, specialty pharmacies, compounding pharmacies.

  • Marketing & social: if you interact with our social profiles or ads.

4) How we use information

  • Provide clinical care: schedule visits, verify identity, maintain medical records, coordinate care, manage treatment plans, and communicate about care. (PHI under HIPAA.)

  • Operations: quality improvement, training, safety, auditing, and legal compliance.

  • Billing: process payments, insurance or financing (if applicable), prevent fraud.

  • Communications: appointment confirmations and reminders by email/SMS/phone; administrative notices; responses to inquiries.

  • Marketing (non-PHI): newsletters, offers, event invitations, social media ads. You can opt out anytime (see Section 11).

  • Analytics & site performance: understand usage, fix bugs, improve content and services.

  • Security: protect against, investigate, and deter malicious or fraudulent activity.

  • Legal: meet regulatory and reporting obligations, respond to lawful requests.

5) Legal bases (if you are in the EU/UK)

Where GDPR/UK GDPR applies, we rely on: (a) consent (e.g., marketing), (b) contract (to provide services you request), (c) legal obligations, and (d) legitimate interests (e.g., site security, analytics). For PHI, HIPAA governs.

6) When we share information

We do not sell your personal information. We share only as needed with:

  • Service providers/“business associates”: scheduling/EHR (e.g., JaneApp), labs (e.g., Quest), pharmacies, payment/financing (e.g., Square, Cherry, CareCredit), IT/hosting, email/SMS platforms, analytics/ads vendors. We require appropriate protections and, where applicable, Business Associate Agreements (BAAs).

  • Care coordination: with your consent or as permitted by law (e.g., referring providers).

  • Legal/safety: to comply with law, court orders, government requests; to protect rights, property, patients, and public safety.

  • Business transfers: in a merger, acquisition, or asset sale, with protections and notice as required.

7) Retention

We retain records for as long as necessary to provide services, comply with laws (including medical record retention rules), resolve disputes, and enforce agreements. Marketing and cookie data are kept per our internal schedules or until you opt out or delete/clear cookies.

8) Your choices & rights

Communications

  • Email: use the unsubscribe link or contact us.

  • SMS/TEXT: by providing your number, you consent to receive texts about appointments, reminders, and (if you opt in) marketing. Message/data rates may apply. Reply STOP to opt out of marketing texts; you may still receive essential service messages.

Cookies/analytics/ads

  • Adjust browser settings to block or delete cookies.

  • Use platform tools (e.g., Google’s opt-out add-on, Meta Ad Preferences). See Section 10.

Access & control (varies by law)

Depending on your location, you may request to:

  • Access/correct your information;

  • Delete or restrict processing of your information;

  • Port your information;

  • Opt out of targeted advertising or the “sale”/“sharing” of personal information (as defined by the CCPA/CPRA for California residents);

  • Appeal a decision (where applicable).
    Submit requests to info@my-ali.com. We will verify your identity and respond per applicable law.

HIPAA rights: See our Notice of Privacy Practices for your rights regarding PHI (access, amendments, disclosures accounting, restrictions, confidential communications).

9) Children’s privacy

Our services are for adults. We do not knowingly collect personal information from children under 13 (COPPA). If you believe a child provided personal information, contact us to remove it.

10) Cookies & tracking technologies

We use required, functional, and analytics/advertising cookies. You can:

  • Manage cookies in your browser;

  • Use “Do Not Sell or Share My Personal Information”/opt-out links where required;

  • Adjust Google Analytics/Ads and Meta preferences;

  • Use private browsing modes or tracking protection tools.

Do Not Track: We do not currently respond to browser DNT signals.

11) Marketing & testimonials

  • We send marketing emails/texts only with your consent where required. You can opt out anytime.

  • Testimonials & photos: We will only post patient testimonials, treatment photos, or before/after images with your written authorization. You may revoke authorization in writing, but revocation does not affect content already used.

12) Payments & financing

Payments are processed by third-party processors (e.g., Square, JaneApp) and financing partners (e.g., Cherry, CareCredit). Their handling of your information is governed by their privacy policies. We receive limited information needed to confirm your payment/financing status and book services.

13) Security

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle (including encryption in transit for portals and secure storage within our EHR where applicable). No system is 100% secure; please use strong passwords and do not share portal access.

14) Video surveillance (on-premise)

For safety and security, common areas of our premises may use video surveillance. Cameras are not used in treatment rooms or restrooms. Recordings, if any, are retained for limited periods unless needed for investigations.

15) Social media & links

Our site may include links to third-party sites or social platforms (e.g., Instagram, Facebook). Interactions with those platforms are governed by their privacy policies, not ours.

16) International visitors

If you access our site from outside the United States, your information may be processed in the U.S., where privacy laws may differ from your jurisdiction. We apply appropriate safeguards and honor applicable rights described in Section 8.

17) Florida & U.S. state notices

We comply with applicable Florida and U.S. state privacy and medical record laws. California residents may exercise CPRA rights as described in Section 8; we provide required disclosures upon request.

18) Changes to this policy

We may update this Privacy Policy from time to time. Changes take effect upon posting the revised policy with the “Effective date” above. Material changes will be highlighted or otherwise communicated as appropriate.