Privacy Policy

Who we are

Our website address is: https://www.mdlaserandcosmetics.com.

Privacy Policy
Last updated: December 4, 2025

MD Laser & Cosmetics (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit our website, contact us, or receive services from our practice.

By using our website or providing your information to us, you agree to the practices described in this Privacy Policy.

Important note: This Privacy Policy describes our practices for general personal information. Some health information may be subject to additional protections under laws such as the Health Insurance Portability and Accountability Act (“HIPAA”) and our separate Notice of Privacy Practices. If there is any conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices, the HIPAA notice will govern with respect to protected health information.

1. Information we collect

We may collect the following types of information:

1.1 Information you provide directly

• Contact details – such as your name, email address, phone number, mailing address, and preferred contact method.

• Appointment and consultation information – such as requested services, aesthetic or medical concerns, and availability.

• Medical and treatment information – information you choose to share with us about your health history, medications, allergies, previous treatments, photos, and goals, in connection with receiving care.

• Payment information – limited billing details necessary to process payments (actual card data is typically handled by our payment processor, not stored directly by us).

• Communications – messages you send via email, text, contact forms, online chat, reviews, or survey responses.

1.2 Information collected automatically

When you visit our website, we may automatically collect certain information, such as:

• IP address and general location (e.g., city, state/region)

• Browser type, device type, and operating system

• Pages viewed, links clicked, and time spent on our site

• Referring website or source (for example, a search engine or ad)

We may use cookies, web beacons, pixels, and similar technologies to collect this information.

1.3 Information from third parties

We may receive information about you from:

• Online scheduling tools, practice management systems, or telehealth platforms

• Payment processors and financing providers

• Marketing and advertising partners

• Review and directory platforms (for example, when you leave a review and choose to share information)

2. How we use your information

We may use your information for the following purposes:

• To provide and coordinate your care – including consultations, treatments, follow-up, referrals, and internal documentation.

• To schedule and manage appointments – including reminders, confirmations, rescheduling, and related communications.

• To respond to inquiries – such as questions submitted through our website, social media, email, or phone.

• To process payments and financing – and maintain appropriate records for accounting and compliance.

• To improve our services and website – including troubleshooting, data analysis, research, and development of new services or content.

• To send marketing or educational communications – such as newsletters, promotions, event invitations, and updates about our services, when permitted by law and your preferences. You may opt out of marketing communications at any time.

• To comply with legal obligations – including regulatory requirements, reporting obligations, and responding to lawful requests.

• To protect our patients, staff, and practice – including preventing fraud, abuse, or security incidents.

3. Cookies and tracking technologies

We may use cookies and similar technologies to:

• Help our website function correctly

• Remember your preferences

• Understand how visitors use our website

• Support marketing and advertising efforts

Most web browsers allow you to control cookies through your settings. If you disable cookies, some features of our site may not work properly.

We may use third-party analytics services (such as Google Analytics) and advertising tools that collect or receive information from our site and use it to provide measurement and ads. These providers may set their own cookies and tracking technologies.

4. How we share your information

We may share your information in the following situations:

4.1 Service providers

We share information with trusted third-party vendors and service providers who perform services on our behalf, such as:

• Website hosting and maintenance

• Online scheduling and practice management

• Payment and financing processing

• Email, SMS, and marketing platforms

• Analytics, security, and IT support

These service providers may only use your information as needed to perform their services for us and are expected to protect it appropriately.

4.2 Legal and safety purposes

We may disclose information when we believe it is necessary to:

• Comply with a law, regulation, legal process, or government request

• Protect the rights, property, or safety of our patients, staff, or others

• Detect, prevent, or address fraud, security, or technical issues

4.3 Business transfers

In the event of a merger, acquisition, reorganization, or sale of some or all of our assets, your information may be transferred as part of that transaction, as permitted by law.

4.4 No traditional “sale” of personal information

We do not sell your personal information in the common understanding of the term (i.e., we do not exchange your information for money with data brokers). Some sharing of information with advertising or analytics partners may be considered a “sale” or “sharing” of personal information under certain privacy laws; see the section on California privacy rights below for more details and your choices.

5. Protected health information and HIPAA

When we act as a “covered entity” or “business associate” under HIPAA, certain information we collect in the context of providing health care services may be protected health information (“PHI”). Our use and disclosure of PHI is governed by HIPAA and our HIPAA Notice of Privacy Practices, which is available at our office and/or upon request.

If there is any conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices with respect to PHI, the HIPAA notice will control.

6. Your privacy rights

Depending on where you live, you may have certain rights regarding your personal information. These may include the right to:

• Request access to and a copy of your personal information

• Request correction of inaccurate information

• Request deletion of your personal information, subject to legal and medical record-keeping requirements

• Object to or restrict certain types of processing

• Opt out of marketing communications

To exercise these rights, please contact us using the information at the end of this policy. We may need to verify your identity before fulfilling your request.

7. Additional rights for California residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), including:

• Right to know what categories of personal information we collect, use, disclose, and (if applicable) “sell” or “share.”

• Right to access specific pieces of personal information we hold about you.

• Right to delete certain personal information, subject to exceptions.

• Right to correct inaccurate personal information.

• Right to opt out of the “sale” or “sharing” of personal information for cross‑context behavioral advertising, where applicable.

• Right to non‑discrimination for exercising your privacy rights.

To submit a request under California law, please contact us using the details below and indicate that you are making a “California privacy rights” request. We will respond as required by applicable law.

8. Data retention

We retain personal and medical information for as long as reasonably necessary to:

• Provide services and maintain your relationship with us

• Comply with legal, regulatory, and professional obligations (including medical record‑keeping requirements)

• Resolve disputes and enforce our agreements

• Support legitimate business operations

When information is no longer needed, we will delete, de-identify, or anonymize it where feasible.

9. Security

We use reasonable physical, technical, and administrative safeguards to protect your information from unauthorized access, use, or disclosure. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Children’s privacy

Our website and services are not directed to children under 13, and we do not knowingly collect personal information online from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it as appropriate.

11. International visitors

Our practice and website are intended for individuals located in the United States. If you access our website from outside the U.S., you understand that your information may be transferred to, stored, and processed in the United States, which may have different data protection laws than your country.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page. Any changes will become effective when posted to this page. Your continued use of our website or services after an updated policy is posted indicates your acceptance of the changes.

13. Contact us

If you have questions about this Privacy Policy or how we handle your information, or if you would like to exercise your privacy rights, please contact us at:

MD Laser & Cosmetics
448 N San Mateo Drive San Mateo, CA 94401
Phone: 650-340-7546
Email: customercare@md-factor.com