Effective Date: June 8, 2026 · Last Updated: June 8, 2026
Glow Up MD PLLC (“Glow Up MD,” “we,” “our,” or “us”), a physician-owned and operated medical aesthetics clinic at 1227 Grand West Blvd, Suite B210, Katy, TX 77449, is committed to protecting your privacy and your protected health information (“PHI”).
1. HIPAA — Notice of Privacy Practices
Glow Up MD PLLC is a Covered Entity under HIPAA (45 CFR Part 164). Our Notice of Privacy Practices (NPP) is provided at your first visit and available upon request. HIPAA controls in any conflict with this Policy.
2. Information We Collect
Protected Health Information (PHI): Name, date of birth, contact information, medical history, medications, treatment records, before/after photos (with written consent), treatment plans, and billing records — collected via Zenoti (our HIPAA-compliant platform) and the Glow Up MD app.
Personal Information (Non-PHI): Contact data, appointment history, communications, and marketing preferences.
Website & Technology Data: Device/browser data, usage data, and analytics via Google Analytics 4 (GA4) and Meta Pixel — configured to never collect or transmit PHI.
Communications Data: Email engagement (via Mailchimp), SMS opt-in data, and customer service correspondence.
3. How We Use Your Information
Treatment, Payment & Healthcare Operations (PHI): Providing services, coordinating care, processing payments, quality assurance — as permitted under HIPAA. Other PHI uses require written authorization.
Marketing & Communications: With your consent, we send appointment reminders, promotional emails, and SMS messages. You may opt out at any time.
Website Operations: Operating our website/app, analyzing traffic, running advertising campaigns (Google Ads, Meta Ads), preventing fraud, and complying with legal obligations.
4. How We Share Your Information
We share PHI only as permitted by HIPAA: with treating providers, Business Associates (under HIPAA BAAs — including Zenoti, Mailchimp, Google, Meta, and payment processors), public health authorities, and law enforcement when legally required.
We do not sell your personal information or PHI, rent your contact list to marketers, use PHI for marketing without written authorization, or share before/after photos without a signed release.
5. Your Rights Under HIPAA
- Right to Access: Request your medical records (response within 30 days)
- Right to Amend: Request correction of inaccurate PHI
- Right to an Accounting of Disclosures: List of disclosures outside treatment/payment/operations
- Right to Request Restrictions: Limit how we use or disclose your PHI
- Right to Confidential Communications: Specify how/where we contact you
- Right to Revoke Authorization: Withdraw any prior written authorization at any time
- Paper Copy of NPP: Available upon request at any time
6. Texas Law Protections
We comply with the Texas Health & Safety Code §181 (Texas Medical Records Privacy Act), which is stricter than HIPAA in certain respects, and the Texas Identity Theft Enforcement and Protection Act.
7. Cookies & Tracking Technologies
We use essential cookies (site function), analytics cookies (GA4 — anonymized and aggregated), advertising pixels (Meta Pixel, Google Ads conversion tracking), and functional cookies. You may opt out via browser settings, the Google Analytics opt-out add-on, Meta ad preferences, or optout.aboutads.info.
8. Email & SMS Communications
All marketing emails comply with the CAN-SPAM Act and include an unsubscribe link and our physical address. To opt out of SMS, reply STOP to any text message from us. Message and data rates may apply. For help, reply HELP or contact support@glowupmdspa.com.
9. Data Retention
Medical records/PHI: minimum 10 years (Texas law). Adult patient records: until patient’s 21st birthday or 10 years (whichever is longer). Billing records: 7 years. Email/marketing data: until unsubscribe + 30 days. Website analytics (GA4): 14 months.
10. Data Security
We implement HIPAA Security Rule safeguards: TLS/HTTPS encryption, role-based access controls, HIPAA BAAs with all PHI-handling vendors, mandatory staff training, and Zenoti (HIPAA-compliant, SOC 2 certified). In the event of a breach, we notify you as required by HIPAA and Texas law.
11. Children’s Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. For minors under 18, a parent or guardian must authorize treatment.
12. Changes to This Policy
We may update this Policy periodically. Material changes will be reflected in the updated date above and posted to our website. Continued use of our Services constitutes acceptance of the revised Policy.
13. Contact Us — Privacy Officer
Glow Up MD PLLC — Privacy Officer
1227 Grand West Blvd, Suite B210, Katy, TX 77449
📧 support@glowupmdspa.com · 📞 (832) 947-5826
You also have the right to file a complaint with the U.S. HHS Office for Civil Rights: 1-877-696-6775 · hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.
This document does not constitute legal advice. Periodic review by a qualified healthcare attorney is recommended.