Privacy Policy

Effective Date: July 1, 2025
Last Updated: July 1, 2025

Introduction

Still Time Beauty (“we,” “us,” or “our”) is committed to protecting your privacy and maintaining the confidentiality of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and receive our medical services.

As a medical practice, we are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws, including Colorado state privacy regulations.

Protected Health Information (PHI)

What We Collect

We may collect the following types of protected health information:

Personal identifiers (name, address, phone number, email, date of birth)
Medical history and current health conditions
Treatment records and clinical notes
Photographs for medical documentation and treatment planning
Insurance information and billing records
Emergency contact information

How We Use PHI

We use your protected health information for:

Treatment: Providing medical care, consultations, and aesthetic treatments
Payment: Processing insurance claims and billing for services
Healthcare Operations: Quality improvement, staff training, and administrative functions
Legal Requirements: Compliance with state and federal regulations
Emergency Situations: Protecting your health and safety when necessary

Website Information Collection

Information We Collect

Contact Information: Name, email address, phone number when you contact us
Website Usage Data: IP address, browser type, pages visited, time spent on site
Cookies: Small files stored on your device to improve website functionality
Communication Records: Records of your correspondence with us

How We Use Website Information

Responding to your inquiries and appointment requests
Improving website functionality and user experience
Analyzing website traffic and usage patterns
Sending appointment reminders and practice updates (with consent)
Maintaining website security and preventing fraud

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With Your Authorization

When you provide written consent for specific disclosures
For marketing purposes (only with your explicit consent)
For testimonials or before/after photos (with signed release)

Without Your Authorization (As Permitted by Law)

To other healthcare providers involved in your care
For payment and insurance purposes
To comply with legal requirements or court orders
To prevent serious harm to you or others
For public health and safety purposes
To law enforcement in specific circumstances

Service Providers

We may share information with trusted service providers who assist us in operating our practice, including:

Electronic health record systems
Billing and payment processing services
Website hosting and analytics services
Appointment scheduling systems

All service providers are required to maintain the confidentiality of your information and comply with HIPAA requirements.

Your Rights

Under HIPAA and Colorado law, you have the following rights:

Access to Your Information

Request copies of your medical records
Review your protected health information
Request electronic copies when possible

Amendment Rights

Request corrections to your medical records
Add statements to your records if amendment is denied

Restriction Requests

Request limitations on how we use or disclose your information
Request restrictions on communications with insurance companies

Confidential Communications

Request to receive communications at alternative locations
Request specific methods of communication

Accounting of Disclosures

Request a list of certain disclosures made about your health information
Review when and to whom your information was disclosed

File Complaints

File complaints about our privacy practices
Contact the Department of Health and Human Services
No retaliation for filing complaints

Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your personal and health information:

Technical Safeguards

Encrypted data transmission and storage
Secure access controls and authentication
Regular software updates and security patches
Firewall protection and intrusion detection

Administrative Safeguards

Staff training on privacy and security procedures
Regular risk assessments and policy updates
Incident response procedures
Access controls based on job responsibilities

Physical Safeguards

Secure facilities and restricted access
Protected computer systems and media
Secure disposal of sensitive information
Environmental controls and monitoring

Colorado Privacy Rights

Under Colorado state law, you have additional privacy rights:

Right to know what personal information we collect
Right to request deletion of personal information
Right to request portability of your data
Right to opt out of certain data processing
Right to non-discrimination for exercising privacy rights

Cookies and Website Analytics

Our website uses cookies and similar technologies to:

Remember your preferences and settings
Analyze website traffic and usage patterns
Improve website functionality and user experience
Ensure website security and prevent fraud

Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as:

Pages visited and time spent on each page
Geographic location (city/state level)
Device and browser information
How visitors found our website

This information is used to improve our website and services. Google Analytics data is anonymized and does not contain personally identifiable information. For more information about Google Analytics privacy practices, visit Google’s Privacy Policy.

You can opt out of Google Analytics tracking by visiting Google Analytics Opt-out.

You can control cookies through your browser settings, but some website features may not function properly if cookies are disabled.

We advertise our services on social media platforms including Facebook, Instagram, TikTok, and other platforms. When you interact with our advertisements or visit our website through a social media ad, these platforms may collect certain information about your activity.

Important: We do not share any protected health information (PHI) or medical records with social media platforms. We only share non-sensitive information for advertising purposes.

When you see or interact with our advertisements, social media platforms may collect:

Ad views and clicks
Website visits that originated from ads
Device and browser information
General demographic information (age range, location)
Ad engagement metrics

Our website uses tracking pixels and similar technologies from social media platforms, including:

Meta Pixel (Facebook and Instagram)
TikTok Pixel
Other platform-specific tracking tools

These tools help us:

Measure the effectiveness of our advertising campaigns
Understand how visitors interact with our website after clicking ads
Show relevant content to people interested in aesthetic treatments
Improve our marketing strategies

What We Don’t Do: We do not use ad targeting based on specific health conditions or medical information. Our advertising focuses on general demographic and geographic targeting only.

You can control how social media platforms use your information for advertising:

Facebook/Instagram: Visit Ad Preferences to manage your settings
TikTok: Adjust your privacy settings in the TikTok app under Settings > Privacy > Ads
General Opt-Out: Use the Digital Advertising Alliance’s Consumer Choice Page

We share limited, non-medical information with advertising platforms for marketing purposes:

Website page visits and navigation patterns
Form submissions (contact requests only, not medical forms)
General location information (city/state level)
Ad click and conversion data

We Never Share:

Medical history or treatment information
Appointment details or clinical notes
Insurance information
Photographs or medical documentation
Any protected health information covered by HIPAA

Compliance with Platform Policies

We comply with all healthcare advertising policies set by social media platforms, including:

Meta’s Personal Attributes Policy (no ads implying knowledge of personal health conditions)
Platform restrictions on health-related advertising
Healthcare advertiser certification requirements where applicable
Restrictions on sensitive health data collection and use

Data Retention

We retain your information for the following periods:

Medical Records: As required by Colorado law and medical practice standards
Billing Records: 7 years from the date of service
Website Data: 2 years or until you request deletion
Communication Records: 3 years from last contact

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

Posting the updated policy on our website
Including a notice of changes in your appointment confirmations
Sending email notifications for significant changes (if you’ve provided consent)

Changes will be effective immediately upon posting unless otherwise specified.

Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, please contact:

Still Time Beauty
741 Pearl St
Boulder, CO 80302
Phone: (720) 731-8222
Email: info@stilltimebeauty.com