Privacy Policy

Effective Date: July 1, 2025
Last Updated: July 1, 2025

Introduction

Still Time Beauty (“we,” “us,” or “our”) is committed to protecting your privacy and maintaining the confidentiality of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and receive our medical services.

As a medical practice, we are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws, including Colorado state privacy regulations.

Protected Health Information (PHI)

What We Collect

We may collect the following types of protected health information:

  • Personal identifiers (name, address, phone number, email, date of birth)
  • Medical history and current health conditions
  • Treatment records and clinical notes
  • Photographs for medical documentation and treatment planning
  • Insurance information and billing records
  • Emergency contact information

How We Use PHI

We use your protected health information for:

  • Treatment: Providing medical care, consultations, and aesthetic treatments
  • Payment: Processing insurance claims and billing for services
  • Healthcare Operations: Quality improvement, staff training, and administrative functions
  • Legal Requirements: Compliance with state and federal regulations
  • Emergency Situations: Protecting your health and safety when necessary

Website Information Collection

Information We Collect

  • Contact Information: Name, email address, phone number when you contact us
  • Website Usage Data: IP address, browser type, pages visited, time spent on site
  • Cookies: Small files stored on your device to improve website functionality
  • Communication Records: Records of your correspondence with us

How We Use Website Information

  • Responding to your inquiries and appointment requests
  • Improving website functionality and user experience
  • Analyzing website traffic and usage patterns
  • Sending appointment reminders and practice updates (with consent)
  • Maintaining website security and preventing fraud

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With Your Authorization

  • When you provide written consent for specific disclosures
  • For marketing purposes (only with your explicit consent)
  • For testimonials or before/after photos (with signed release)

Without Your Authorization (As Permitted by Law)

  • To other healthcare providers involved in your care
  • For payment and insurance purposes
  • To comply with legal requirements or court orders
  • To prevent serious harm to you or others
  • For public health and safety purposes
  • To law enforcement in specific circumstances

Service Providers

We may share information with trusted service providers who assist us in operating our practice, including:

  • Electronic health record systems
  • Billing and payment processing services
  • Website hosting and analytics services
  • Appointment scheduling systems

All service providers are required to maintain the confidentiality of your information and comply with HIPAA requirements.

Your Rights

Under HIPAA and Colorado law, you have the following rights:

Access to Your Information

  • Request copies of your medical records
  • Review your protected health information
  • Request electronic copies when possible

Amendment Rights

  • Request corrections to your medical records
  • Add statements to your records if amendment is denied

Restriction Requests

  • Request limitations on how we use or disclose your information
  • Request restrictions on communications with insurance companies

Confidential Communications

  • Request to receive communications at alternative locations
  • Request specific methods of communication

Accounting of Disclosures

  • Request a list of certain disclosures made about your health information
  • Review when and to whom your information was disclosed

File Complaints

  • File complaints about our privacy practices
  • Contact the Department of Health and Human Services
  • No retaliation for filing complaints

Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your personal and health information:

Technical Safeguards

  • Encrypted data transmission and storage
  • Secure access controls and authentication
  • Regular software updates and security patches
  • Firewall protection and intrusion detection

Administrative Safeguards

  • Staff training on privacy and security procedures
  • Regular risk assessments and policy updates
  • Incident response procedures
  • Access controls based on job responsibilities

Physical Safeguards

  • Secure facilities and restricted access
  • Protected computer systems and media
  • Secure disposal of sensitive information
  • Environmental controls and monitoring

Colorado Privacy Rights

Under Colorado state law, you have additional privacy rights:

  • Right to know what personal information we collect
  • Right to request deletion of personal information
  • Right to request portability of your data
  • Right to opt out of certain data processing
  • Right to non-discrimination for exercising privacy rights

Cookies and Website Analytics

Our website uses cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze website traffic and usage patterns
  • Improve website functionality and user experience
  • Ensure website security and prevent fraud

You can control cookies through your browser settings, but some website features may not function properly if cookies are disabled.

Data Retention

We retain your information for the following periods:

  • Medical Records: As required by Colorado law and medical practice standards
  • Billing Records: 7 years from the date of service
  • Website Data: 2 years or until you request deletion
  • Communication Records: 3 years from last contact

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Including a notice of changes in your appointment confirmations
  • Sending email notifications for significant changes (if you’ve provided consent)

Changes will be effective immediately upon posting unless otherwise specified.

Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, please contact:

Still Time Beauty
741 Pearl St
Boulder, CO 80302
Phone: (720) 731-8222
Email: info@stilltimebeauty.com