Privacy Policy

Last Updated: November 3, 2025
Effective Date: November 3, 2025

Welcome to Infinity Medical Aesthetics (“we,” “us,” or “our”). Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable privacy laws.

By using our website [yourdomain.com], booking an appointment, or receiving services, you consent to the terms of this Privacy Policy.

1. Information We Collect

We collect personal and health-related information necessary to provide safe and effective medical spa services.

A. Personal Information

  • Name

  • Date of birth

  • Email address

  • Phone number

  • Mailing or billing address

  • Payment details

  • Emergency contact information

B. Protected Health Information (PHI)

As part of your care, we may collect health-related details, such as:

  • Medical history and medications

  • Allergies and skin sensitivities

  • Treatment history and progress

  • Photos related to aesthetic procedures

  • Information from or shared with supervising medical providers

C. Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and browser type

  • Device and operating system

  • Pages visited, time spent, and referral source
    We use this data for analytics and site optimization — not to store or transmit PHI.

2. How We Use Your Information

We use your information to:

  • Provide, coordinate, and manage your treatments

  • Schedule appointments and process payments

  • Communicate about your care or inquiries

  • Maintain medical and billing records

  • Comply with legal and regulatory requirements

  • Improve our services and patient experience

We do not sell your information to any third party.

3. HIPAA and Protected Health Information (PHI)

Certain personal information we collect qualifies as Protected Health Information (PHI) under HIPAA.
We maintain and transmit PHI in compliance with HIPAA’s Privacy Rule, Security Rule, and Breach Notification Rule.

We limit access to PHI to authorized staff and vendors who require it to provide care, and all such parties are bound by strict confidentiality obligations.

4. How We Disclose Your Information

We may disclose your information for the following purposes:

A. Treatment

To coordinate your care with medical providers or supervising professionals.

B. Payment

To process payments, invoices, and billing through secure, HIPAA-compliant systems such as Square & Zenoti.

C. Healthcare Operations

To manage business functions such as audits, compliance, and staff training.

D. Legal and Safety Requirements

To comply with court orders, subpoenas, public health laws, or to prevent harm.

E. With Your Authorization

Any other disclosures of your PHI will occur only with your written consent, which you may revoke at any time in writing.

5. Our Partnership with Square

We use Zenoti, Inc. (“Zenoti”) for booking, payment processing, and certain client communications.

  • Zenotiacts as a Business Associate under HIPAA, meaning it agrees to handle any PHI in accordance with HIPAA standards.

  • Zenoti employs advanced encryption and security protocols to protect data in transit and at rest.

  • Your payment and booking data are stored securely in Zenoti’s systems and are not sold or shared for marketing purposes.

  • We access only the information needed to manage appointments and transactions.

For more details on Zenoti’s privacy and security practices, visit:
https://www.zenoti.com/trust/privacy-notice/

6. Your Rights Under HIPAA

You have the following rights regarding your PHI:

  • Right to Access: Obtain copies of your health or billing records.

  • Right to Amend: Request corrections to your PHI if inaccurate.

  • Right to Restrict Use or Disclosure: Limit certain uses or disclosures.

  • Right to Confidential Communications: Request specific contact methods (e.g., phone, email, mail).

  • Right to an Accounting of Disclosures: Receive a record of certain PHI disclosures.

  • Right to a Paper Copy: Request a physical copy of this Privacy Policy.

  • Right to File a Complaint: Submit a complaint to us or the U.S. Department of Health and Human Services (HHS) if you believe your privacy rights were violated.

We will not retaliate against you for exercising these rights.

7. Data Security

We use administrative, technical, and physical safeguards to protect your personal and health information, including:

  • Encrypted communication channels (HTTPS and TLS)

  • Secure data storage with access controls

  • HIPAA-compliant systems and vendors (including Square)

  • Employee confidentiality training and restricted access policies

If a data breach involving your PHI occurs, we will notify you as required by HIPAA regulations.

8. Data Retention

We retain client and medical records only as long as required by federal and state law. When records are no longer needed, they are securely deleted or destroyed.

9. Electronic Communications

If you contact us or receive appointment reminders through email, text, or other electronic means:

  • These communications may not be fully secure unless encrypted.

  • By engaging through these channels, you consent to such communication methods.

  • You may opt out or request alternative communication at any time.

10. Marketing and Promotions

We may use your contact information to send occasional updates, promotions, or special offers, only if you have given written authorization. You can withdraw this consent at any time.

11. Third-Party Links

Our website may include links to external websites (e.g., product partners or educational resources).
We are not responsible for the privacy practices of those third-party sites.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a new “Last Updated” date. The most recent version supersedes all previous versions.

13. Contact Us

If you have questions about this Privacy Policy, your PHI, or our privacy practices, contact:

Infinity Medical Aesthetics
HIPAA Privacy Officer: Brittany C. Wangsness, DNP
Address: 2001 W Trevi Pl, Sioux Falls, SD 57108
Email: info@infinity-ma.com
Phone: 605-777-1495
Website: https://infinitymedicalaesthetics.com

If you wish to file a complaint about a potential privacy violation, you may also contact:
U.S. Department of Health and Human Services – Office for Civil Rights (OCR)
Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/