Privacy Policy

ThinMD MedSpa ("ThinMD," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including but not limited to:

• Name, email address, phone number, and mailing address
• Date of birth and gender
• Payment information (processed securely through third-party payment processors)
• Insurance information (if applicable)
• Emergency contact information

Health Information

As a medical practice, we collect protected health information (PHI) necessary to provide our services, including:

• Medical history and current health conditions
• Medications you are currently taking
• Allergies and adverse reactions
• Lab results and diagnostic information
• Treatment records and progress notes
• Weight, body measurements, and vital signs

Device and Usage Information

When you visit our website, we automatically collect certain information, including:

• IP address and browser type
• Device type and operating system
• Pages visited and time spent on each page
• Referring website or source
• Click patterns and interactions with our website

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our medical services
• Process appointments and communicate with you about your care
• Send appointment reminders and follow-up communications
• Process payments and billing
• Respond to your inquiries and provide customer support
• Send marketing communications (with your consent)
• Analyze website usage to improve user experience
• Comply with legal obligations and protect our legal rights

HIPAA Compliance

ThinMD is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA). We maintain administrative, technical, and physical safeguards to protect your protected health information (PHI). Our Notice of Privacy Practices, available separately, provides detailed information about how we may use and disclose your PHI and your rights regarding your health information.

All staff members receive HIPAA training, and we regularly review and update our privacy and security practices. We use encrypted communications and secure systems to store and transmit your health information.

Third-Party Services

We use the following third-party services that may collect information about you:

Analytics Services

• Google Analytics: Helps us understand how visitors interact with our website. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site.
• Google Tag Manager: Manages website tags and tracking codes.

Advertising and Marketing

• Meta Pixel (Facebook): Helps us measure the effectiveness of our advertising and deliver relevant ads. This tool collects information about your interactions with our website and may be used for retargeting purposes.

Communication Services

• Email service providers for appointment reminders and marketing communications
• SMS/text messaging services for appointment confirmations
• Patient portal and telehealth platforms

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. You can control cookies through your browser settings, though disabling certain cookies may affect your experience on our website.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Medical records are retained in accordance with applicable state and federal laws. In Florida, medical records must be retained for at least five years from the last patient contact for adults, and for minors, until the patient reaches age 25 or for five years from the last contact, whichever is longer.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications at any time
• Data Portability: Request a copy of your data in a portable format

For rights specific to your protected health information (PHI), please refer to our HIPAA Notice of Privacy Practices.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Additional Locations