Privacy Policy

Effective Date: December 4, 2025

The Skin & Body Shop (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.theskinbodyshop.com, book appointments, receive services at our location, or otherwise interact with us. As a med spa providing aesthetic and wellness services, we handle sensitive health information in compliance with applicable laws, including HIPAA where relevant through our use of Portrait as our Electronic Health Record (EHR) system. For details on Portrait's handling of your protected health information (PHI), please review their Notice of Privacy Practices at https://www.portraitcare.com/privacy-practices.

  1. Information We Collect

We may collect the following types of information:

Personal Information you voluntarily provide:

  • Full name, phone number, email address, mailing address, and date of birth
  • Payment card information (processed securely through third-party payment processors)
  • Health and skin-related information (via consultation forms, intake questionnaires, or treatment consent forms)
  • Photographs (before-and-after images taken with your consent)

Automatically Collected Information

  • IP address, browser type, device information, and operating system
  • Pages visited on our website, time and date of visit, and referring website
  • Information collected through cookies, pixels, and similar technologies

Information from Other Sources

  • Referral source (e.g., Google, Instagram, a friend referral)
  • Publicly available information or information from third-party partners (with your consent)
  • Protected Health Information (PHI) managed through our EHR provider, Portrait, which may include medical history, treatment notes, and diagnostic data as part of your care records.
  1. How We Use Your Information

We use your information to:

  • Schedule and confirm appointments
  • Provide and improve our aesthetic and wellness services
  • Process payments and issue receipts
  • Communicate with you (appointment reminders, treatment follow-ups, special offers) via email, SMS/text, or phone
  • Send marketing and promotional materials (you may opt out at any time)
  • Maintain before-and-after photo records (only with your explicit written consent)
  • Comply with legal and regulatory obligations, including HIPAA for PHI
  • Protect the safety and security of our premises and clients (security camera footage)
  • Facilitate treatment, payment, and health care operations through Portrait's EHR system, such as sharing PHI with healthcare providers, labs, or pharmacies for coordinated care.
  1. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third parties who assist us in operating our business (e.g., appointment scheduling software like Mindbody or Boulevard, payment processors, email/SMS marketing platforms such as Mailchimp or Klaviyo, website hosting, IT support). These providers are contractually obligated to protect your data.
  • EHR Provider (Portrait): PHI is shared with Portrait Health Care, PLLC and affiliates for treatment, payment, and operations as outlined in their HIPAA Notice of Privacy Practices (available at https://www.portraitcare.com/privacy-practices). Portrait acts as a business associate and is required to safeguard your PHI.
  • Before & After Photos: Only with your explicit written consent for marketing or educational purposes (you may revoke consent at any time).
  • Legal Requirements: When required by law, subpoena, court order, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. Disclosures of PHI may also occur for public health, research (with safeguards), law enforcement, or other permitted purposes under HIPAA.
  1. Text Message (SMS) & Marketing Communications

By providing your mobile number and opting in, you agree to receive recurring marketing and transactional text messages from The Skin & Body Shop. Message frequency varies. Message & data rates may apply. Reply STOP to unsubscribe or HELP for help. Carriers are not liable for delayed or undelivered messages. Marketing uses of PHI are limited and require authorization where applicable under HIPAA.

  1. Security Cameras

For the safety of our clients and staff, we use video surveillance in public areas of our facility (8925 SW 148 Street, Suite 218, Palmetto Bay, FL 33176). Audio is not recorded. Footage is retained for a limited period and is only accessed in the event of an incident.

  1. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve user experience, analyze traffic, and deliver personalized advertising. You can control cookies through your browser settings. Non-PHI data is not subject to HIPAA but is protected under general privacy laws.

  1. Your Privacy Rights (including California Residents and HIPAA Rights)

You have the right to:

  • Know what personal information we collect and how it is used/shared
  • Access or request a copy of your personal information
  • Request deletion of your personal information (subject to certain exceptions, e.g., treatment records required by Florida law)
  • Opt out of the “sale” of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

Additional HIPAA Rights for PHI (via Portrait):

  • Inspect and obtain copies of your PHI
  • Request amendments to your PHI if inaccurate or incomplete
  • Receive an accounting of disclosures of your PHI
  • Request restrictions on certain uses or disclosures of PHI
  • Request confidential communications
  • Revoke authorizations for uses/disclosures (except to the extent action has already been taken)

To exercise these rights, contact us at (305) 747-7799 or hello@theskinbodyshop.com. For Portrait-specific HIPAA requests, email privacy@portraitcare.com. We will respond within the timeframes required by law (typically 45 days). Portrait provides forms for certain requests; visit their privacy practices page for details.

  1. Children’s Privacy

Our services and website are not intended for individuals under 13 (or under 18 per Portrait's practices). We do not knowingly collect personal information from children under 13.

  1. Links to Third-Party Websites

Our website may contain links to third-party sites (e.g., Vagaro booking, social media, Portrait's portal). We are not responsible for their privacy practices.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “Effective Date.” Changes to Portrait's practices will be handled per their notice.

  1. Contact Us

If you have questions about this Privacy Policy, please contact:

The Skin & Body Shop
8925 SW 148 Street, Suite 218
Palmetto Bay, FL 33176

Phone: (305) 747-7799

Email: hello@theskinbodyshop.com

For Portrait-specific privacy concerns: privacy@portraitcare.com or Portrait Health, Inc., 12707 High Bluff Drive, Suite 350, San Diego, CA 92130.