Privacy Policy

PS Medical Aesthetics, LLC (“Precise Aesthetics,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit preciseaesthetics.com (the “Site”) or interact with our Services.

This Policy applies to information we collect:

• On the Site
• Through email and other electronic communications between you and the Company
• When you submit forms, including demonstration requests, contact inquiries, and email subscriptions
• Through cookies and similar tracking technologies described below

This Policy does not apply to information collected by us offline or through any other means, including any third-party websites that may link to or be linked from the Site.

We collect several categories of personal information:

Information you provide directly:

• Contact information: name, email address, phone number, organization or practice name
• Professional information: role, practice type, state of practice, current devices used
• Inquiry content: subject lines, messages, demonstration requests, comments
• Account credentials (when practitioner portal launches): username, password, professional credentials
• Marketing preferences: interest categories, opt-in/opt-out selections

Information collected automatically:

• Device and browser information: IP address, browser type, operating system, device identifiers
• Usage information: pages visited, time spent, links clicked, referring URLs
• Geolocation: approximate location based on IP address (city/region level)
• UTM parameters: campaign source, medium, campaign name (for marketing attribution)

Information from third parties:

• Email engagement data from our email service provider (Resend)
• Analytics data from PostHog
• Authentication data from any future identity provider integrations

We use personal information for the following purposes:

• To respond to inquiries and provide requested information
• To schedule and conduct demonstrations of our products and services
• To communicate updates about The Precise System, launch events, and product availability
• To administer accounts and provide access to the practitioner portal (when launched)
• To improve the Site, our products, and our marketing
• To comply with legal obligations and enforce our Terms of Service
• To prevent fraud, abuse, and unauthorized access
• To analyze usage patterns and aggregate metrics

We use cookies, web beacons, pixel tags, and similar technologies to:

• Maintain your session and preferences
• Analyze how the Site is used (via PostHog)
• Measure marketing effectiveness
• Detect and prevent abuse

Most browsers allow you to refuse cookies or to alert you when cookies are being sent. If you choose to disable cookies, some features of the Site may not function properly.

We do not sell your personal information. We may share personal information with:

Service providers:

Third-party vendors who perform services on our behalf, including:

• Resend (email delivery)
• Supabase (database hosting)
• Vercel (web hosting)
• PostHog (product analytics)
• Cal.com (demonstration scheduling, when integrated)

These service providers are bound by contractual obligations to protect your information and use it only for the purposes for which it was disclosed.

Legal compliance:

When required by law, regulation, legal process, or governmental request, including in response to subpoenas, court orders, or law enforcement requests.

Business transfers:

In the event of a merger, acquisition, sale of assets, or similar transaction, your information may be transferred to the acquiring entity, subject to applicable law.

With your consent:

Any other purpose disclosed at the time of collection or with your express permission.

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

• Demonstration request data: retained for the duration of the practitioner relationship plus 7 years
• Contact form submissions: retained for 3 years
• Marketing email lists: retained until unsubscribed plus 1 year
• Account information: retained while account is active plus 7 years following account closure
• Usage and analytics data: retained for 24 months in identifiable form

Depending on your jurisdiction, you may have certain rights regarding your personal information:

For all users:

• Right to know what personal information we collect
• Right to access your personal information
• Right to correct inaccurate information
• Right to delete your information (subject to retention obligations)
• Right to opt out of marketing communications

For California residents (CCPA/CPRA):

• Right to know categories of personal information collected, sold, or disclosed
• Right to deletion (subject to exceptions)
• Right to correct inaccurate personal information
• Right to opt out of “sale” or “sharing” of personal information (we do not sell)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

For European Economic Area, UK, and Switzerland residents (GDPR/UK GDPR):

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object
• Right not to be subject to automated decision-making
• Right to lodge a complaint with a supervisory authority

For Illinois residents:

• Rights under the Illinois Personal Information Protection Act (PIPA)
• Rights under the Illinois Biometric Information Privacy Act (BIPA), if applicable

To exercise any of these rights, contact us using the information in the Contact section below. We will respond within the timeframes required by applicable law (typically 30–45 days).

We do not currently collect biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act, 740 ILCS 14 (“BIPA”). This includes:

• Retina or iris scans
• Fingerprints
• Voiceprints
• Scans of hand or face geometry

If we begin to collect such information in the future (for example, in connection with practitioner identity verification or patient outcome tracking), we will:

• Provide written notice to data subjects
• Obtain written consent before collection
• Disclose the purpose and duration of collection, storage, and use
• Maintain a publicly available retention and destruction schedule
• Implement reasonable safeguards

The Site itself is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). The Site collects business contact information from practitioners, not protected health information (PHI) of patients.

However, when practitioners use The Precise System and the practitioner portal in clinical settings:

• Patient data logged through the practitioner portal is treated as Protected Health Information (PHI)
• All such data is de-identified at the point of capture before flowing into the Data Intelligence Layer
• The Company implements administrative, physical, and technical safeguards consistent with HIPAA Security Rule standards
• Practitioner-facing portal terms include a Business Associate Agreement (BAA) where applicable

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it. If you believe a child has provided us with personal information, contact us using the information below.

We implement reasonable administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no system is completely secure. We cannot guarantee the absolute security of your information.

In the event of a data breach involving personal information, we will provide notification as required by applicable law, including the Illinois Personal Information Protection Act and other state breach notification statutes.

The Site is operated from the United States. If you access the Site from outside the United States, your personal information may be transferred to, stored, and processed in the United States. The data protection laws of the United States may differ from those of your country.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses or other appropriate transfer mechanisms approved under applicable law.

The Site may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party site you visit.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date. For material changes, we will provide additional notice such as email notification or a prominent notice on the Site. Your continued use of the Site after the effective date of any changes indicates your acceptance of the updated Policy.

For questions about this Privacy Policy or to exercise your rights, contact us at: