Privacy Policy

Contour & Sculpt Aesthetics
Last Updated: March 24, 2026

Contour & Sculpt Aesthetics (“Contour & Sculpt,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you visit our website, contact us, schedule services, submit forms, receive treatment, or otherwise interact with us.

Because Contour & Sculpt Aesthetics is a Texas medical spa, some services may involve the practice of medicine and may be subject to healthcare privacy, recordkeeping, and professional-supervision requirements under federal and Texas law. In Texas, nonsurgical medical cosmetic procedures are considered the practice of medicine and must be performed by a physician or properly delegated under applicable Texas Medical Board rules.

1. Information We Collect

We may collect the following categories of information:

A. Information You Provide Directly

• Name
  
  
• Email address
  
  
• Phone number
  
  
• Mailing address
  
  
• Date of birth
  
  
• Emergency contact information
  
  
• Appointment requests and service preferences
  
  
• Payment and billing information
  
  
• Information submitted in forms, chat widgets, consultations, reviews, surveys, or emails
  
  
• Photos, treatment history, medical intake forms, consent forms, and other health-related information you choose to provide in connection with services
  
  

B. Health and Treatment Information

For clients receiving medical or medically supervised aesthetic services, we may collect:

• Medical history
  
  
• Allergies
  
  
• Medications
  
  
• Prior procedures
  
  
• Contraindications
  
  
• Treatment notes
  
  
• Before-and-after photographs
  
  
• Consent documentation
  
  
• Follow-up communications
  
  

Depending on how our practice is structured and the services provided, some of this information may constitute protected health information under HIPAA. HIPAA applies to covered entities and certain business associates and governs uses and disclosures of protected health information.

C. Automatically Collected Information

When you use our website, we may automatically collect:

• IP address
  
  
• Browser type
  
  
• Device information
  
  
• Operating system
  
  
• Referring URLs
  
  
• Pages visited
  
  
• Time spent on pages
  
  
• Cookie and analytics data
  
  

D. Information from Third Parties

We may receive information from:

• Scheduling platforms
  
  
• Payment processors
  
  
• Customer relationship management tools
  
  
• Advertising and analytics providers
  
  
• Social media platforms
  
  
• Referral partners
  
  
• Healthcare operations vendors
  
  

2. How We Use Your Information

We may use personal information to:

• Provide and manage services
  
  
• Schedule, confirm, and modify appointments
  
  
• Conduct consultations
  
  
• Evaluate treatment eligibility and safety
  
  
• Maintain records
  
  
• Process payments
  
  
• Respond to questions and customer service requests
  
  
• Send service-related communications
  
  
• Send promotional messages where permitted by law and your preferences
  
  
• Improve our website, services, and client experience
  
  
• Prevent fraud, misuse, and security incidents
  
  
• Comply with legal, regulatory, professional, and insurance obligations
  
  

If we process personal data covered by the Texas Data Privacy and Security Act (“TDPSA”), we will process such data in accordance with that law and its applicable exemptions and requirements. The TDPSA took effect July 1, 2024, and gives Texas residents certain rights over personal data while requiring businesses that process covered data to maintain appropriate safeguards.

3. Text Messages, Calls, and Email Marketing

By providing your phone number or email address, you consent to receive appointment confirmations, reminders, follow-up messages, and other service communications. With your consent where required, we may also send promotional messages, specials, or event notices.

You may opt out of marketing emails by using the unsubscribe link. You may opt out of marketing texts by replying STOP. Opting out of marketing messages does not prevent us from sending service-related messages about appointments, billing, treatment follow-up, safety, or important updates.

4. Cookies and Analytics

We may use cookies, pixels, analytics tools, and similar technologies to:

• Operate the website
  
  
• Understand website traffic and usage
  
  
• Improve performance
  
  
• Measure ad effectiveness
  
  
• Support remarketing and advertising campaigns
  
  

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

5. How We Share Information

We do not sell your personal information for money. We may share information as follows:

• Service Providers: scheduling vendors, payment processors, IT providers, cloud storage providers, analytics tools, marketing platforms, and other vendors who support our operations
  
  
• Medical Personnel and Affiliated Providers: supervising physicians, delegated providers, nurses, nurse practitioners, physician assistants, medical directors, and other personnel involved in your care or practice operations
  
  
• Legal and Regulatory Compliance: when required by law, subpoena, court order, licensing authority, law enforcement request, insurance requirement, or governmental investigation
  
  
• Business Transfers: in connection with a merger, acquisition, financing, restructuring, sale of assets, or transition of practice ownership
  
  
• With Your Consent: including for testimonials, before-and-after photos, social media features, or referral coordination
  
  

If your information is protected health information, any use or disclosure will be handled in accordance with applicable healthcare privacy law.

6. Client Photos and Before-and-After Images

We may take photographs before, during, or after treatment for charting, treatment evaluation, quality assurance, and documentation. We will not use identifiable client photos for marketing, social media, testimonials, training, or promotional purposes without appropriate written authorization where required.

7. Your Texas Privacy Rights

If the Texas Data Privacy and Security Act applies to our processing of your personal data, Texas residents may have rights that can include:

• confirming whether we process personal data,
  
  
• accessing personal data,
  
  
• correcting inaccuracies,
  
  
• deleting personal data,
  
  
• obtaining a copy of certain personal data, and
  
  
• opting out of certain processing, including targeted advertising, the sale of personal data, or certain profiling activities.
  
  

These rights are subject to statutory limitations, exceptions, and exemptions. Some health information or regulated medical records may be excluded from the TDPSA or governed by HIPAA or other laws instead.

To submit a privacy request, contact us at:

Contour & Sculpt Aesthetics
200 Joes Cove, Leander, Texas 78641
kamryn@contourandsculptaesthetics.com
512-293-2110

We may verify your identity before responding. If we deny your request, you may have the right to appeal as provided by applicable law.

8. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, misuse, alteration, or destruction. Texas law requires businesses to implement and maintain reasonable procedures to protect sensitive personal information, and Texas also requires notice to affected persons after certain data breaches.

No system can be guaranteed 100% secure, and we cannot promise absolute security.

9. Data Breach Notification

If we discover a breach of system security involving sensitive personal information, we will provide notice as required by applicable law. Texas law requires notice to affected individuals and requires businesses experiencing a breach affecting 250 or more Texans to notify the Texas Attorney General as soon as practicable and no later than 30 days after discovery.

10. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to:

• provide services,
  
  
• maintain medical and business records,
  
  
• comply with legal obligations,
  
  
• resolve disputes,
  
  
• enforce agreements, and
  
  
• satisfy insurance, tax, accounting, and professional requirements.
  
  

Medical and treatment records may be retained for longer periods as required or permitted by healthcare, tax, insurance, licensing, and risk-management requirements.

11. Children’s Privacy

Our website is not directed to children. We do not knowingly collect personal information online from children in violation of applicable law. Services for minors, if offered at all, must comply with applicable consent and authorization requirements.

12. Third-Party Websites and Platforms

Our website may link to third-party websites, booking tools, payment pages, social media platforms, or embedded features. We are not responsible for the privacy or security practices of third parties. Please review their policies separately.

13. Notice of Privacy Practices

If Contour & Sculpt Aesthetics is a HIPAA-covered entity, clients may also receive a separate Notice of Privacy Practices describing how protected health information may be used and disclosed and explaining patient rights under HIPAA. This Privacy Policy does not replace any separate Notice of Privacy Practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted with an updated “Last Updated” date. Your continued use of our website or services after changes are posted constitutes acceptance of the revised Policy to the extent permitted by law.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Contour & Sculpt Aesthetics, LLC
200 Joes Cove
Leander, TX 78641
kamryn@contourandsculptaesthetics.com
512-293-2110