Last Updated:
Privacy Policy
Effective Date: [TO BE SET ON PUBLICATION] Last Updated: [TO BE SET ON PUBLICATION]
This Privacy Policy describes how Dream Aesthetic ("we," "us," or "our") collects, uses, and shares information when you visit our website at yourdreamaesthetic.com (the "Site") or otherwise interact with us online. This Policy applies to the Site and the online services accessible through it.
This Policy does not govern the privacy of health information collected when you become a patient of our clinical practice. The collection, use, and disclosure of protected health information ("PHI") in the course of providing healthcare services is governed by our separate Notice of Privacy Practices, which we provide to all patients in accordance with the Health Insurance Portability and Accountability Act ("HIPAA"), the Texas Medical Records Privacy Act (Tex. Health & Safety Code §181 et seq.), and other applicable laws.
If you have questions about this Policy, please contact us using the information in Section 13.
1. Information We Collect
We collect information in three categories:
a. Information You Provide Directly
- Contact and consultation requests. When you complete our contact form, request a consultation, or subscribe to our newsletter, we collect your name, email address, phone number (if provided), and any message or preferences you share.
- Quiz responses. When you complete our treatment quiz, we collect your responses, the personalized recommendations generated, and your contact information if you choose to receive results by email.
- Saved looks. When you save a configuration in our 3D treatment visualizer, we store the configuration and assign it a shareable identifier. Saved looks expire after 90 days.
- Membership and gift card transactions. When you purchase a membership or gift card, we collect your name, email address, billing address, phone number, payment information (processed by our payment processor — we do not store full payment card numbers on our servers), and any recipient information you provide.
- Communications with us. When you email, call, or message us, we retain those communications.
b. Information Collected Automatically
- Device and usage information. We collect IP address (which we hash before storage for analytics), browser type, device type, operating system, referring URL, pages visited, time spent on pages, and similar information.
- Cookies and similar technologies. See Section 5 for details.
- Approximate location. Derived from your IP address. We do not collect precise geolocation through the Site.
c. Information from Third Parties
- Social media interactions. If you engage with our content on Instagram, Facebook, or TikTok, those platforms may share information with us in accordance with their own policies and your platform settings.
- Marketing partners. If we receive your contact information from a referral or marketing partner, we will record the source.
2. How We Use Information
We use information to:
- Respond to your inquiries and consultation requests;
- Send you marketing communications (with your consent), including newsletters, event invitations, and information about treatments;
- Process membership signups, gift card purchases, and recurring billing;
- Personalize your experience on the Site, including quiz results and saved looks;
- Analyze how the Site is used so we can improve it;
- Detect and prevent fraud, abuse, and security incidents;
- Comply with legal obligations and enforce our Terms of Service;
- Communicate with you about your appointments, membership, or other transactional matters.
3. Legal Bases for Processing
To the extent applicable law (such as the European General Data Protection Regulation) requires us to identify a legal basis for processing, we rely on the following:
- Consent, when you opt in to marketing communications, cookies that are not strictly necessary, or other optional features.
- Performance of a contract, when you sign up for a membership, purchase a gift card, or otherwise transact with us.
- Legitimate interests, when we operate the Site, improve our services, prevent fraud, and engage in similar reasonable business activities.
- Legal obligation, when we are required to retain or disclose information by law.
4. How We Share Information
We do not sell your personal information. We share information only as described below:
a. Service Providers
We use third-party service providers to operate the Site and our business. These providers process information on our behalf and are contractually limited to using it only for the purposes we direct. Our key service providers include:
| Provider | Purpose | Data Handled |
|---|---|---|
| Vercel | Site hosting | All website data |
| Sanity | Content management | Site content (no personal data by default) |
| Stripe | Payment processing | Billing information, payment cards |
| Klaviyo | Email marketing | Email address, name, marketing preferences |
| Resend | Transactional email | Email addresses for sending |
| Google Analytics 4 | Site analytics | Hashed IP, browser, usage data |
| Microsoft Clarity | Session analytics, heatmaps | Browser, usage data (PHI excluded) |
| Sentry | Error monitoring | Technical error data |
| Cloudflare Turnstile | Bot/spam protection | Browser challenge data |
Where a service provider may process information that could constitute protected health information, we have or will execute a HIPAA Business Associate Agreement before such processing occurs.
b. Legal and Safety Disclosures
We may disclose information if required by law, subpoena, court order, or other legal process; to protect our rights, property, or safety, or the rights, property, or safety of others; or to detect, prevent, or address fraud, security, or technical issues.
c. Business Transfers
In the event of a merger, acquisition, financing, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
d. With Your Direction
If you instruct us to share information with a specified third party (for example, sharing a saved look via a link you control), we will do so.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Site, remember your preferences, analyze usage, and (with your consent) deliver relevant marketing.
We categorize cookies as follows:
- Strictly necessary cookies enable core functions such as session management, security, and form submission. These cannot be disabled.
- Analytics cookies help us understand how visitors use the Site (Google Analytics 4, Microsoft Clarity). You can opt out via our cookie banner.
- Marketing cookies support advertising and engagement campaigns. We use these only with your consent.
You can manage your cookie preferences at any time using the cookie settings link in our Site footer. You can also configure your browser to refuse cookies, but some Site features may not work properly without them.
We do not currently honor "Do Not Track" browser signals because there is no industry consensus on what they require, but we respect Global Privacy Control ("GPC") signals where technically feasible.
6. Your Rights and Choices
a. All Users
- Access and correction. You may request a copy of the personal information we hold about you and request that we correct inaccuracies.
- Deletion. You may request that we delete your personal information, subject to legal exceptions (for example, transaction records we must retain for tax purposes).
- Marketing opt-out. You may unsubscribe from marketing emails using the link in any marketing message, or by contacting us. Transactional messages (appointment confirmations, payment receipts) will continue.
- Cookie preferences. You may manage cookie preferences at any time using the cookie settings link.
To exercise these rights, contact us at the information in Section 13. We will verify your identity before fulfilling any request and respond within the time frames required by applicable law.
b. Texas Residents
Effective July 1, 2024, the Texas Data Privacy and Security Act ("TDPSA") provides Texas residents with rights regarding their personal data, including the rights to access, correct, delete, obtain a portable copy, and opt out of certain processing (including targeted advertising and sale of personal data). We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects. To exercise TDPSA rights or appeal a denial, contact us as described in Section 13.
c. California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), including the rights to know what personal information we collect about you, to delete it (subject to exceptions), to correct inaccurate information, and to opt out of the sale or sharing of your personal information. We do not sell your personal information or share it for cross-context behavioral advertising without your consent. To exercise California privacy rights, contact us as described in Section 13.
d. Other States
If your state of residence provides comparable privacy rights (including Colorado, Virginia, Connecticut, Utah, and others), we will honor those rights to the extent applicable.
7. HIPAA and Protected Health Information
Dream Aesthetic operates a clinical practice subject to HIPAA. When you become a patient, our handling of your PHI is governed by our separate Notice of Privacy Practices and applicable law, not by this Privacy Policy.
The Site is not intended as a portal for the transmission of PHI. If you submit information through a Site contact form, quiz, or chat that could constitute PHI, we treat that information with appropriate confidentiality and, where relevant, route it into our clinical systems for handling consistent with the Notice of Privacy Practices.
Do not include detailed medical information in contact forms, public messages, or other Site features. For PHI exchange, please contact us by phone or in person to ensure appropriate handling.
8. Children's Privacy
The Site is intended for adults age 18 and older. We do not knowingly collect personal information from anyone under age 13, and we do not knowingly market to anyone under age 18. If you believe a child has provided information through the Site, please contact us and we will delete it.
9. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, or disclosure. These include encryption in transit (TLS), encryption at rest where supported, access controls, security monitoring, and regular security reviews.
No method of transmission or storage is perfectly secure. We cannot guarantee absolute security and assume no liability for security incidents beyond our reasonable control.
If we experience a data breach affecting your personal information, we will notify you in accordance with applicable law, including the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code §521).
10. Data Retention
We retain personal information only as long as needed to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices include:
- Contact form submissions and consultation requests: 24 months from last interaction.
- Newsletter subscriptions: until you unsubscribe, plus a brief reasonable period for processing.
- Membership records: for the life of the membership plus 7 years after termination, for tax and dispute resolution purposes.
- Gift card records: for the life of the gift card plus 7 years.
- Saved looks: 90 days from creation.
- Server logs and analytics data: 26 months (Google Analytics 4 default) to 13 months depending on data type.
- Payment records: retained by our payment processor in accordance with their policies and applicable law.
11. International Visitors
The Site is operated from the United States. If you access the Site from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Site, you consent to this transfer.
12. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you by email or through a Site notice. We encourage you to review this Policy periodically.
13. Contact Us
To exercise privacy rights, ask questions about this Policy, or report concerns, contact us:
Dream Aesthetic 20923 Kingsland Blvd Katy, TX 77450 Email: privacy@yourdreamaesthetic.com Phone: +1 (346) 539-2104
For questions about our clinical practice's handling of protected health information under HIPAA, please request our Notice of Privacy Practices.
Founder: Dr. Bárbara Ortiz, DNP · Medical Director: Dr. Zockazock, MD · Texas medical license: S1026 · NPI: 1215381900