Alluring Plastic Surgery

Privacy Policy

Last Updated: December 14, 2025

Privacy Policy

Effective Date: December 14, 2025 Last Updated: December 14, 2025

1. Introduction

This Privacy Policy explains how Alluring Plastic Surgery, LLC ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit and interact with our website at www.alluringplasticsurgery.com.

We are committed to protecting your privacy and being transparent about our data practices. As a medical practice, we understand the sensitivity of personal and health-related information and take extra care to safeguard it.

Important Distinction: This Privacy Policy applies to information collected through our website only. If you become a patient of Alluring Plastic Surgery, your medical records and protected health information (PHI) are governed by HIPAA and our separate Notice of Privacy Practices, which you will receive during your first visit.

By using this website, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

Contact Form Submissions:

  • Name (required)
  • Email address (required)
  • Phone number (optional)
  • Subject or procedure of interest (optional)
  • Message content (required)

Consultation Request Forms:

  • Name (required)
  • Email address (required)
  • Phone number (required)
  • Procedure(s) of interest (optional)
  • Preferred consultation date/time (optional)
  • How you heard about us (optional)
  • Brief description of your goals (optional)

Important: Information submitted through our website contact forms and consultation requests is NOT considered protected health information (PHI) under HIPAA. Please do not include detailed medical history, diagnoses, or sensitive health conditions in website forms. Such information should only be shared during your in-person consultation or through our secure patient portal.

Chat Widget Conversations:

  • Name (if provided)
  • Email address (if provided)
  • Phone number (if provided)
  • Chat message content
  • Timestamp of conversations

Callback Request Forms:

  • Name (required)
  • Phone number (required)
  • Preferred callback time (optional)

SMS/Text Message Consent: When you provide your phone number and opt-in to text messages, we may send:

  • Appointment reminders and confirmations
  • Consultation follow-up messages
  • Pre-operative and post-operative instructions
  • Promotional offers (with separate consent)

You can opt-out of SMS messages at any time by replying "STOP" to any message.

2.2 Analytics and Usage Data

We use third-party analytics services to understand how visitors use our website. These services may collect:

  • Google Analytics 4:

    • Page views and navigation paths
    • User interactions (clicks, form submissions, scroll depth)
    • Device and browser information
    • Geographic location (city/country level)
    • Session duration and bounce rate
    • Core Web Vitals (page performance metrics)

  • Microsoft Clarity:

    • Session recordings and heatmaps
    • Click patterns and user behavior
    • Rage clicks and interaction issues

  • Google Tag Manager:

    • Event tracking and conversions
    • Custom analytics implementations

  • Facebook/Meta Pixel:

    • Page views and conversion tracking
    • Audience building for marketing purposes

2.3 Cookies and Local Storage

We use cookies and browser local storage to:

  • Remember your cookie consent preferences
  • Enable analytics functionality (with your consent)
  • Improve website performance and user experience
  • Remember chat conversation history (temporary)

For detailed information about cookies, see our Cookie Policy.

2.4 Blog and Content Engagement

When you read our educational blog content, we may track:

  • Page views and reading time
  • Scroll depth (how far you read)
  • Article engagement metrics
  • Social sharing activity

This data is anonymized and used to improve our educational content.

3. HIPAA and Protected Health Information

3.1 Important Distinction

As a medical practice, we want to be clear about the difference between:

Website Data (Covered by this Privacy Policy):

  • Contact form submissions
  • Consultation requests
  • Chat conversations
  • Website browsing behavior
  • Email communications

Patient Medical Records (Covered by HIPAA):

  • Medical history and diagnoses
  • Treatment plans and surgical records
  • Before and after clinical photographs
  • Lab results and imaging
  • Prescription information
  • Insurance and billing records

3.2 When HIPAA Applies

HIPAA (Health Insurance Portability and Accountability Act) protections apply when:

  • You become an established patient at our practice
  • You provide medical information during an in-person or telehealth consultation
  • Your information is stored in our electronic health records (EHR) system
  • You use our secure patient portal for communications

3.3 Notice of Privacy Practices

When you become a patient, you will receive our Notice of Privacy Practices (NPP), which explains:

  • How we use and disclose your protected health information
  • Your rights regarding your medical records
  • How to request access, amendments, or restrictions
  • How to file a complaint about privacy violations
  • Contact information for our Privacy Officer

3.4 Website Forms Are NOT HIPAA-Compliant

Our website contact forms, chat widget, and consultation request forms are NOT HIPAA-compliant secure channels. Please:

  • Do NOT submit detailed medical histories through website forms
  • Do NOT include diagnoses, medications, or sensitive health conditions
  • Use our secure patient portal or call our office for medical discussions
  • Wait until your in-person consultation to discuss medical details

4. Before and After Photo Privacy

Before and after photographs displayed on our website, social media, or marketing materials are obtained with explicit written consent from each patient. Our photo release process includes:

  • A detailed Photo/Video Release Authorization form
  • Explanation of how photos may be used (website, social media, print materials, presentations)
  • Option to limit usage scope (e.g., website only, no social media)
  • Right to revoke consent at any time

4.2 Photo De-identification

We take steps to protect patient privacy in photographs:

  • Face photos are only used with explicit consent
  • Body photos may be cropped to exclude identifying features when requested
  • No patient names are associated with photos on public platforms
  • Identifying marks (tattoos, birthmarks) may be obscured upon request

4.3 Requesting Photo Removal

If you are a current or former patient whose photos appear on our website or marketing materials, you have the right to:

  • Request removal of your photos at any time
  • Limit the scope of how your photos are used
  • Revoke your photo release consent

To request photo removal, contact us at:

We will process removal requests within 30 days.

4.4 Third-Party Photo Usage

Photos may be shared with:

  • Third-party review platforms (RealSelf, Yelp, Google) if you submit your own photos
  • Social media platforms (Instagram, Facebook, TikTok) where we have an official presence
  • Medical conferences or publications (with additional consent for educational use)

We do NOT sell patient photos or share them with unaffiliated third parties for their marketing purposes.

5. How We Use Your Information

5.1 Contact and Consultation Data

We use contact form and consultation request submissions to:

  • Respond to your inquiries and requests
  • Schedule consultations and appointments
  • Provide information about procedures and pricing
  • Send appointment reminders via email, phone, or SMS
  • Follow up after consultations
  • Maintain records of our communications
  • Improve our customer service

5.2 Marketing Communications

With your consent, we may use your contact information to:

  • Send newsletters with educational content and updates
  • Inform you of special promotions or financing offers
  • Share new procedure announcements
  • Invite you to events or webinars

You can opt-out of marketing communications at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Replying "STOP" to SMS messages
  • Contacting us directly to update your preferences

5.3 Analytics Data

We use analytics data to:

  • Understand website usage patterns
  • Improve website performance and user experience
  • Identify and fix technical issues
  • Optimize content and features
  • Measure marketing effectiveness
  • Make informed decisions about website improvements

For users in the European Economic Area (EEA), we process your data based on:

  • Consent: For analytics cookies, marketing communications, and tracking (you can withdraw consent anytime)
  • Legitimate Interest: For essential website functionality, security, and fraud prevention
  • Contract Performance: When responding to your consultation requests and inquiries

6. Third-Party Services

6.1 Service Providers

We share data with the following third-party services:

Resend (Email Service):

  • Purpose: Sending email notifications for contact form submissions and appointment reminders
  • Data Shared: Name, email, phone, message content
  • Privacy Policy: resend.com/legal/privacy-policy

Vercel (Hosting & Storage):

Google (Analytics & Tag Manager):

  • Purpose: Website analytics and performance tracking
  • Data Shared: Usage data, device information, IP address (anonymized)
  • Privacy Policy: policies.google.com/privacy

Microsoft Clarity:

  • Purpose: User behavior analytics and session recordings
  • Data Shared: Session data, interactions, heatmaps (no personal identifying information)
  • Privacy Policy: privacy.microsoft.com/privacystatement

Meta/Facebook:

  • Purpose: Conversion tracking and audience building for advertising
  • Data Shared: Page views, events, potentially hashed contact information for custom audiences
  • Privacy Policy: facebook.com/privacy/policy

Twilio/SMS Provider:

  • Purpose: Sending SMS appointment reminders and notifications
  • Data Shared: Phone number, message content
  • Privacy Policy: twilio.com/legal/privacy

6.2 Financing Partners

If you apply for financing through our website, you may be redirected to third-party financing providers:

  • Cherry
  • CareCredit
  • United Credit

These financing applications are subject to each provider's own privacy policy. We do not receive or store your financial information (credit scores, bank accounts, SSN) from these providers.

6.3 Data Transfer

Some of our service providers are located outside your country. By using our website, you consent to the transfer of your data to these providers, which may include transfers to the United States and other countries with different data protection laws.

7. Data Retention

Contact Form and Consultation Submissions: We retain contact form and consultation request data for up to 7 years to:

  • Maintain records of communications
  • Provide context for returning visitors
  • Comply with legal and regulatory requirements
  • Improve our services based on historical data

You may request deletion at any time (see Section 9).

Analytics Data: Analytics data is retained according to each service provider's retention policy:

  • Google Analytics: 14 months (default)
  • Microsoft Clarity: Per Microsoft's retention policy
  • Facebook Pixel: Per Meta's retention policy

Email and SMS Logs: We maintain logs of email and SMS communications for 7 years for record-keeping, troubleshooting, and compliance purposes.

Chat Conversations: Chat transcripts are retained for 2 years unless you request earlier deletion.

8. Your Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

You have the right to request:

  • Confirmation of what personal data we hold about you
  • A copy of your personal data in a machine-readable format

8.2 Rectification

You have the right to correct inaccurate or incomplete personal data.

8.3 Deletion (Right to be Forgotten)

You have the right to request deletion of your personal data, subject to:

  • Legal and regulatory retention requirements
  • Ongoing business relationships
  • Legitimate interests (fraud prevention, legal claims)

8.4 Restriction and Objection

You have the right to:

  • Restrict how we process your data
  • Object to processing based on legitimate interests
  • Opt-out of marketing communications

You can withdraw consent for analytics cookies at any time by:

  • Clicking "Essential Only" in our cookie banner
  • Clearing your browser's local storage
  • Adjusting your browser's cookie settings

8.6 Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

9. How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at:

Email: info@alluringplasticsurgery.com Phone: +1 (786) 305-8649 Mail: Alluring Plastic Surgery, LLC 8435 SW 24th St, Miami, FL 33155

Subject Line: "Privacy Rights Request"

Please include:

  • Your full name
  • The email address or phone number you used to contact us
  • A description of your request (access, deletion, correction, etc.)
  • Any relevant dates or details

We will verify your identity and respond to your request within 30 days. For complex requests, we may extend this period by an additional 30 days with notice.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Secure database storage with access controls
  • Encrypted data transmission (HTTPS/TLS)
  • Input validation and sanitization to prevent attacks
  • Server-side environment variable protection
  • Regular security updates and monitoring
  • Employee training on data protection
  • Access limited to authorized personnel only

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

11. Children's Privacy

11.1 Website Not Intended for Children

Our website is not intended for children under 18 years of age. We do not knowingly collect personal information from individuals under 18 through our website.

11.2 Cosmetic Surgery Age Requirements

In accordance with Florida law and medical ethics:

  • Most elective cosmetic procedures require patients to be 18 years or older
  • Certain procedures may be performed on patients 16-17 with parental/guardian consent
  • Rhinoplasty and otoplasty (ear surgery) may be considered for younger patients with parental consent and medical necessity

If a minor patient is seeking a consultation:

  • A parent or legal guardian must accompany them and provide consent
  • The parent/guardian's contact information will be collected
  • Any marketing communications will be directed to the parent/guardian

If you believe we have collected data from a child under 18 without proper parental consent, please contact us immediately.

12. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our website does not currently respond to DNT signals due to the lack of industry standardization. However, you can control tracking through:

  • Our cookie consent banner
  • Browser privacy settings
  • Opting out of individual analytics services

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

13.1 Right to Know

You may request disclosure of:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collecting information
  • Categories of third parties with whom information is shared
  • Specific pieces of personal information collected about you

13.2 Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

13.3 Right to Correct

You may request correction of inaccurate personal information.

13.4 Right to Opt-Out

You may opt-out of:

  • Sale of personal information (we do NOT sell personal data)
  • Sharing of personal information for cross-context behavioral advertising
  • Automated decision-making and profiling

13.5 Right to Limit Use of Sensitive Personal Information

We do not collect sensitive personal information (as defined by CCPA) through our website.

13.6 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us using the information in Section 9 or call our toll-free number: +1 (786) 305-8649.

14. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Data Controller: Alluring Plastic Surgery, LLC
  • Legal Basis: Consent (analytics, marketing), legitimate interest (website security, business operations), contract performance (responding to inquiries)
  • Data Protection Contact: info@alluringplasticsurgery.com

14.1 International Data Transfers

If you are accessing our website from outside the United States, please be aware that your information will be transferred to and processed in the United States. By using our website, you consent to this transfer.

We rely on the following mechanisms for international data transfers:

  • Standard Contractual Clauses (SCCs) with service providers
  • Privacy Shield certifications (where applicable)
  • Consent for data transfers

14.2 EU/UK Representative

If required by GDPR, information about our EU/UK representative will be provided upon request.

15. Florida Privacy Laws

15.1 Florida Information Protection Act (FIPA)

As a Florida-based business, we comply with the Florida Information Protection Act (FIPA), which requires:

  • Reasonable measures to protect personal information
  • Notification of data breaches within 30 days
  • Proper disposal of customer records containing personal information

15.2 Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Investigate the breach and assess the scope
  • Notify affected individuals as required by law (within 30 days for Florida residents)
  • Notify the Florida Department of Legal Affairs if more than 500 residents are affected
  • Take steps to mitigate harm and prevent future breaches

15.3 Florida Consumer Data Privacy

Florida's consumer privacy laws continue to evolve. We monitor and comply with all applicable state privacy regulations.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated through:

  • A prominent notice on our website
  • Email notification (if we have your contact information)
  • Banner or pop-up notification for material changes

Your continued use of the website after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Alluring Plastic Surgery, LLC 8435 SW 24th St Miami, FL 33155

Phone: +1 (786) 305-8649 Email: info@alluringplasticsurgery.com Website: https://www.alluringplasticsurgery.com/

Business Hours: Monday - Friday: 9:00 AM - 5:00 PM Saturday: 9:00 AM - 3:00 PM Sunday: Closed

For privacy-related requests, please use the subject line "Privacy Inquiry" or "Privacy Rights Request" to ensure prompt handling.

© 2025 Alluring Plastic Surgery, LLC. All rights reserved.

Last Updated: December 14, 2025

For questions or concerns about this policy, please contact us.