Privacy Policy

Effective Date: August 8, 2022

Last Updated: January 1, 2026

1. Introduction
   At Chelle Health & Med Spa (“we,” “us,” or “our”), protecting your privacy and the security of your personal information is a priority. This Privacy Policy explains how we collect, use, store, share, and protect your personal and health information when you:
   • Visit our website at chellehealthandmedspa.com (“Website”),
   • Communicate with us online or via secure messaging systems like Weave, or
   • Become a patient or client of our services.

   
   We are committed to complying with applicable privacy laws, including HIPAA (Health Insurance Portability and Accountability Act) for protected health information, and messaging requirements such as 10DLC for SMS communications. (https://secureprivacy.ai/)
   
   

2. Information We Collect
   1. 2.1 Personal and Contact Information

      We may collect information you provide when you fill out forms on our Website, schedule appointments, or communicate with us. This may include:

      • Name, address, phone number, email address
      • Date of birth and other demographic information
      • Appointment details and treatment records
      • Payment and billing information
        
        

      This type of personal information may also include Protected Health Information (PHI) as defined by HIPAA when it relates to your treatment and care. (HHS.gov)
      
      

   2. 2.2 Electronic Communications and Usage Data

      When you use our Website or messaging services:

      • We may collect website and device analytics (e.g., IP address, browser type).
      • We may track interactions for service delivery and quality improvement.
        
        
3. How We Use Your Information

   We use your information for the following approved purposes:

   • To provide and coordinate your care and services.
   • To communicate appointment reminders, confirmations, or billing notices.
   • To send you updates about our services via text or email when you have opted in.
   • To improve, maintain, and secure our Website and service delivery.
   • To respond to your inquiries and requests.
     
     

   We will not use or disclose your information beyond these purposes without your consent, unless permitted or required by law (e.g., for treatment, payment, healthcare operations, or legal compliance). (Weave)
   
   

4. Secure Messaging and 10DLC Consent

   We may use third-party messaging services (such as Weave) to send SMS or other communications. To comply with 10DLC (10-Digit Long Code) industry rules, and to ensure proper consent:

   • You must opt-in to receive text messages from us (e.g., appointment reminders or marketing messages).
   • We will clearly disclose the purpose of the messages you agree to receive.
   • You can opt-out at any time by replying “STOP” or following the opt-out instructions in the message.
     
     

   Your consent to receive messages is voluntary and will not affect your ability to receive care. We do not use these messages for purposes beyond what you consented to. (Weave)
   
   

5. HIPAA and Protected Health Information (PHI)
   1. 5.1 HIPAA Notice of Privacy Practices

      As required under HIPAA, you are entitled to a Notice of Privacy Practices that explains:

      • Your rights with respect to your PHI, including access, amendment, and accounting of disclosures.
      • How we use and disclose PHI for treatment, payment, and healthcare operations.
        
        

      A copy of that Notice is available upon request and will be provided separately.
      
      

   2. 5.2 PHI Safeguards

      We implement administrative, physical, and technical safeguards to protect your PHI in accordance with HIPAA standards, including:

      • Data encryption and secure messaging tools.
      • Controlled internal access and personnel training.
      • Breach monitoring and response procedures.
        
        

      Your information will be used and disclosed only as permitted by HIPAA or with your authorization. (https://secureprivacy.ai/)
      
      

6. Sharing Your Information

   We do not sell your personal or health information.

   We may share information:

   • With our business associates who perform services for us (e.g., payment processors, patient communication systems) and who are contractually required to protect your data.
   • When required by law or for public health and safety reasons.
   • With your consent.
     
     

   Any PHI shared with third parties is limited to what is permitted under HIPAA and necessary to fulfill the service. (Weave)
   
   

7. Your Rights and Choices

   You have certain rights regarding your personal and health information:

   • Access: You can request access to your records.
   • Amendment: You can request corrections to inaccurate information.
   • Opt-Out: You can opt out of non-essential communications.
   • Right to Restrict: You may request restrictions on certain uses or disclosures of your PHI.
     
     

   To exercise your rights, contact us using the information in Section 9.
   
   

8. Cookies and Tracking Technologies

   Our Website may use cookies and similar technologies to enhance performance and user experience. You can control these through your browser settings, though disabling cookies may impact functionality. (Weave)
   
   

9. Contact Information and Complaints

   If you have questions, would like to exercise your privacy rights, or wish to file a complaint about our privacy practices:
   
   

   Chelle Health & Med Spa
   Email: Office@Chellehealthandmedspa.com
   Phone: 435-216-0399
   Address: 48 S 2500 W, Ste. 240, Hurricane, UT 84737
   
   

   You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA rights have been violated. (HHS.gov)
   
   

10. Changes to This Policy

    We may update this Privacy Policy from time to time. The most recent effective date will appear at the top of this policy.