Privacy Policy

Effective Date: 11/11/2025

Lush Esthetics & Med Spa (“Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, receive treatment at our facility, or interact with our team. Please read this policy carefully to understand our practices and your rights under applicable privacy and healthcare laws, including the Health Insurance Portability and Accountability Act (HIPAA).

1. Information We Collect

We may collect personal, contact, and medical information in the following ways:

  • Personal Information: Name, email address, phone number, date of birth, billing details, and appointment information.

  • Medical Information: Health history, treatment notes, photos, and other data provided during consultations or treatments.

  • Website Information: Automatically collected data such as IP address & approximate location, browser and device type, pages visited and time spent on each page, click behavior and navigation patterns, Cookies and tracking data.

  • Communications: Emails, forms, or inquiries submitted through our contact page, booking system, or social media.

2. How We Use Your Information

We use your information to:

  • Provide safe, effective medical and aesthetic treatments.

  • Schedule and confirm appointments.

  • Communicate about your care, results, and follow-up.

  • Process billing, payments, and insurance (if applicable).

  • Maintain internal records for compliance and quality assurance.

  • Improve our website, services, and patient experience.

  • Marketing our services (with an option to opt-out)

3. HIPAA Compliance

As a medical facility, Lush Esthetics & Med Spa complies fully with HIPAA regulations. This means:

  • Your protected health information (PHI) will only be used or disclosed for treatment, payment, or healthcare operations.

  • We will not share your PHI with third parties without your written consent, except where required by law.

  • You have the right to access, review, and request corrections to your medical records.

  • Electronic health data is stored in secure, HIPAA-compliant systems with restricted access to authorized staff only.

4. Data Security

We implement administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. This includes encrypted data storage, password-protected systems, and secure communication channels.

5. Your Privacy Rights

You have the right to:

  • Request access to your personal or medical information.

  • Request corrections to inaccurate data.

  • Withdraw consent for non-treatment-related communications.

  • Request restrictions on how your information is shared.
    To exercise these rights, please contact us at [email protected] .

6. Sharing of Information

We may share limited information with:

  • Authorized employees and medical professionals directly involved in your care.

  • Third-party vendors who assist with billing, data storage, or communication systems (under confidentiality agreements).

  • Government or legal authorities if required by law, court order, or public health regulation.

7. Website & Cookies

Our website may use cookies or analytics tools to improve functionality and performance. This information does not include identifiable medical or personal data and may be disabled through your browser settings.

8. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in laws or practices. The latest version will always be available on our website.

9. Contact Us

If you have questions or concerns about this Privacy Policy or your medical privacy rights, please contact:
Lush Esthetics & Med Spa
172 College Street, Pikeville, KY 41501
[email protected]
(606) 213-0041