Privacy Policy

Last updated: May 2025

At Ybonis Beauty Spa (“we,” “us,” or “our”), we are committed to protecting your privacy and safeguarding your health information. This Privacy Policy — which also serves as our Notice of Privacy Practices under HIPAA — explains how we collect, use, disclose, and protect your information when you visit our website or use our services.

We are required by law to maintain the privacy of your health information and to provide you with this notice. We will follow the practices described here while this notice is in effect. We reserve the right to update this policy at any time; updated notices will be made available upon request and posted on this page.

Information We Collect

Information You Provide

  • Name, email address, and phone number when booking appointments or contacting us
  • Billing and shipping address for product orders
  • Payment information (processed securely through our payment provider — we do not store card numbers)
  • Health and medical information voluntarily shared during consultations, intake forms, or electronic consent questionnaires (e.g., medical history, medications, allergies, conditions relevant to treatments)
  • Photographs and videos taken before, during, or after treatments for your clinical record

Information Collected Automatically

  • IP address and browser type
  • Pages visited and time spent on our website
  • Cookies and similar tracking technologies

How We Use Your Information

Treatment

We use and disclose your health information to provide, coordinate, and manage your care — including sharing relevant information with licensed providers or assistants involved in your treatment.

Payment

We use your information to process payments for services rendered. Payment is due at the time of service.

Healthcare Operations

We may use your information for internal quality assurance, staff training, scheduling, and business operations. Clinical photographs used for training will not identify you without your express consent.

Appointment Reminders & Communications

We may contact you by phone, email, or text to confirm appointments, provide post-procedure care instructions, and follow up on your treatment. You may receive communications related to our rewards program if you have opted in.

Marketing

We may send promotional emails and offers. You may opt out at any time by replying “unsubscribe” or contacting us directly. We will not use or sell your health information for marketing purposes without your explicit written authorization.

Legal Compliance

We may use or disclose your information as required by federal or Massachusetts state law, including to correctional institutions or law enforcement officials with lawful custody, or as otherwise permitted under HIPAA.

Telehealth Communications

For clients receiving care through virtual consultations, we use HIPAA-compliant platforms for all telehealth communications. We enable all available encryption and privacy modes. By consenting to telehealth, you acknowledge that certain third-party platforms may introduce limited privacy risks and that you accept those terms as disclosed at the time of authorization.

Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service providers — payment processors, scheduling platforms (e.g., Jane App), email services, and other vendors under contractual confidentiality obligations
  • Your authorized representatives — family members or personal representatives you have designated in writing
  • Other healthcare providers — when necessary for your treatment and coordination of care
  • Legal authorities — when required by law, court order, or a valid legal process
  • Business associates — vendors who assist in the operation of our practice and who have signed HIPAA-compliant Business Associate Agreements

Any other use or disclosure of your health information requires your prior written authorization, which you may revoke in writing at any time (revocation does not affect disclosures already made).

Your Patient Rights (HIPAA)

As a recipient of our health care services, you have the following rights:

  • Right to Access: You may review or obtain copies of your health information (with limited exceptions). Requests must be submitted in writing. Copies may be provided in your preferred format where practicable.
  • Right to Amend: You may request that we correct or amend inaccurate health information. We will respond within 60 days.
  • Right to an Accounting of Disclosures: You may request a list of disclosures we have made of your health information for purposes other than treatment, payment, or operations, for the past 6 years. We will provide this list once per 12-month period at no charge; additional requests may incur a fee.
  • Right to Request Restrictions: You may request additional restrictions on how we use or disclose your health information. We are not required to agree, but if we do, we will honor that agreement (except in emergencies).
  • Right to Confidential Communications: You may request that we communicate with you through alternative means or at an alternative location. Requests must be in writing and include how payment will be handled.
  • Right to a Copy of This Notice: You may request a copy of this Privacy Policy/Notice of Privacy Practices at any time.
  • Right to File a Complaint: If you believe your privacy rights have been violated, you may contact us directly or file a complaint with the U.S. Department of Health and Human Services (HHS) at www.hhs.gov/hipaa. We will not retaliate against you for filing a complaint.

Data Security

We implement appropriate technical and organizational measures to protect your personal and health information against unauthorized access, alteration, disclosure, or destruction. In compliance with the Massachusetts Data Security Law (M.G.L. c. 93H), we maintain a Written Information Security Program (WISP) appropriate to the size and nature of our business. In the event of a data breach affecting Massachusetts residents, we will notify affected individuals as required by law.

Cookies

We use cookies to enhance your browsing experience and analyze website traffic. You can configure your browser to refuse cookies or receive notification when a cookie is sent. Some website features may not function properly without cookies.

Third-Party Links

Our website may contain links to third-party websites (e.g., Jane App for online booking). We are not responsible for the privacy practices of those sites and encourage you to review their individual policies.

Children's Privacy

Our services are generally not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without parental consent. Certain treatments require a parent or guardian's written consent for clients under 18.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date. For significant changes, we will make commercially reasonable efforts to notify affected clients.

Contact Us

For questions about this Privacy Policy, to exercise your rights, or to request a copy of our Notice of Privacy Practices, please contact us at: ybonisbeautyspa@gmail.com