Privacy Policy

Nova Med Spa ("we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, and safeguard your information when you visit our website, schedule appointments, or use our services.

1. Information We Collect

Personal Information You Provide

When you book an appointment, contact us, or use our services, we may collect:

• Full name, date of birth, and contact information (phone, email, address)
• Medical history relevant to aesthetic treatments
• Payment information (processed securely via Stripe)
• Photos before and after treatments (with your written consent)
• Communication preferences (SMS, email)

Information Collected Automatically

When you visit our website, we automatically collect:

• IP address, browser type, and device information
• Pages visited, time spent on pages, and referring website
• Cookies and similar tracking technologies (see Section 5)

2. How We Use Your Information

We use the information we collect to:

• Schedule and provide aesthetic medical services
• Communicate with you about appointments, treatments, and follow-ups
• Process payments and maintain treatment records
• Send promotional materials (only if you opt in)
• Improve our website, services, and patient experience
• Comply with legal and regulatory obligations

3. HIPAA Compliance

As a licensed medical practice, Nova Med Spa complies with the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is maintained confidentially and disclosed only as permitted by HIPAA and applicable state laws.

4. How We Share Information

We do not sell, rent, or trade your personal information. We may share information with:

• Service Providers: Stripe (payments), Twilio (SMS), Resend (email), Vercel (hosting), Supabase (data storage)
• Healthcare Providers: Only with your explicit consent or as required by law
• Legal Authorities: When required by court order or to protect rights and safety

5. Cookies and Tracking

Our website uses cookies and tracking technologies including:

• Google Analytics: To understand website usage patterns
• Google Ads: For advertising effectiveness measurement and conversion tracking
• Meta/Facebook Pixel: For social media advertising (if applicable)

You can disable cookies through your browser settings. Note that some features may not function properly without cookies.

6. Your Privacy Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Opt out of marketing communications
• Request a copy of your medical records

To exercise any of these rights, contact us at admin@novamedicalspa.com.

7. Data Security

We implement industry-standard security measures including encryption, secure data storage, and restricted access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

Medical records are retained in accordance with New York State law, typically seven (7) years after the last patient visit. Marketing information is retained until you opt out.

9. Children's Privacy

Our services are intended for adults aged 18 and older. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Effective Date." Continued use of our services constitutes acceptance of any changes.

11. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

• Nova Med Spa
• 1451 Old Country Rd
• Plainview, NY 11803
• Phone: (516) 543-3940
• Email: admin@novamedicalspa.com