Privacy Policy
Last Updated: November 7, 2025
This Privacy Policy explains how Mara's Med Spa ("Mara's", "we", "us", "our") collects, uses, shares, and protects information when you visit our websites at www.marasmedspa.com, use our booking portal, communicate with us, or receive services at our locations in Dallas, Texas (the "Services"). We operate in the United States only. By using the Services, you agree to this Policy and our Terms. This Policy is not legal advice.
Who We Are and How to Contact Us
Mara's Med Spa
2222 McKinney Ave, Suite 120, Dallas, TX 75201
Phone: (469) 730-3333
Email: uptown@marasmedspa.com
Territory: United States only
HIPAA and Health Information
We are primarily a cosmetic med spa. Most website and marketing data is not "Protected Health Information" (PHI) and is governed by this Privacy Policy. Certain in-clinic records created or maintained by our medical providers may qualify as PHI under HIPAA and, where applicable, are handled in accordance with our Notice of Privacy Practices available at the clinic. We apply administrative, technical, and physical safeguards appropriate to each data type.
Information We Collect
| Category | Details |
|---|---|
| Identifiers | Name, phone, email, postal address; device identifiers (cookie IDs, IP address), booking IDs. Sources: you, our booking system (Zenoti), site forms, chat, referrals, and advertising partners. Uses: scheduling, confirmations, reminders, support, safety, and service delivery. |
| Commercial & Transactional | Services viewed, booked, purchased; payment method metadata (handled by PCI-compliant processors); package balances; gift card status. Uses: fulfill requests, detect fraud, accounting, and to show relevant offers. |
| Internet/Device Activity | Pages and actions on our site and booking portal; app/browser type, timestamps, referral URLs, approximate location. Tools used include Google Analytics 4 (GA4) and Meta Pixel; we may also use server-side Conversions API (CAPI). Uses: site performance, security, troubleshooting, analytics, and advertising measurement. |
| Inferences | High-level interest signals derived from visits (for example, interest in "laser hair removal Dallas"). We use these to tailor content and ads. We do not build sensitive profiles. |
| User Content | Messages you send us; consultation notes; forms; reviews; before/after images you provide with signed consent. |
| Sensitive Data | We avoid collecting sensitive data via the public site. Any medical history collected for treatment is handled by clinical staff and, where applicable, under HIPAA. Do not upload private health details via unencrypted email or social DMs. |
How We Use Information
| Purpose | Examples |
|---|---|
| Provide Services | Account and booking management, confirmations, reminders, in-clinic charting, customer support. |
| Safety & Quality | Eligibility screening, adverse event follow-up, fraud prevention, security monitoring, audit logs. |
| Communications | Operational messages about appointments; marketing emails/SMS with your consent (opt-out anytime: reply STOP or click Unsubscribe). |
| Analytics | Understand traffic and improve performance using GA4 and similar tools; error diagnostics. |
| Advertising | Show relevant offers and measure results via browser and server integrations (Meta Pixel, CAPI, Google Ads). See Opt-Out options below. |
| Legal | Compliance with laws, subpoenas, tax and accounting, responding to lawful requests, and enforcing our terms. |
Targeted Advertising, "Sale" or "Share"
We engage in cross-context behavioral advertising (sometimes called targeted ads). Under California and some state laws, this may be considered a "share" or "sale" of personal information. We do not sell personal information for money. You can opt out of targeted advertising and limit sharing as described below, and we honor supported Global Privacy Control (GPC) signals.
Do Not Sell or Share My Personal Information
To opt out of targeted advertising and limit sharing: use your browser's GPC setting or follow our Opt-Out and Preferences instructions. We apply your choice to this browser and, when logged in or identifiable, to your account. Opt-outs do not stop necessary operational communications (for example, appointment reminders).
Cookies and Similar Technologies
| Cookie Type | What it does and how long |
|---|---|
| Essential | Security, session management, booking cart. Typically session to 12 months. |
| Analytics | GA4 measures traffic and interactions; we keep analytics data up to 26 months. |
| Advertising | Meta/Google tags for reach and measurement; used for cross-context ads unless you opt out or enable GPC. |
How We Share Information
| Recipient | Why |
|---|---|
| Service Providers | Booking (Zenoti), communications (email/SMS), hosting, payment processors, analytics, and security vendors performing services on our behalf under contract. |
| Advertising Partners | To deliver and measure ads (Meta, Google Ads). This may be a "share" under state privacy laws. |
| Affiliates | Entities under common ownership or control for operations, accounting, and compliance. |
| Legal/Compliance | To comply with law, respond to lawful requests, protect rights, safety, and prevent fraud or abuse. |
| Business Transfers | In connection with mergers, acquisitions, or asset sales, subject to this Policy or successor notice. |
How Long We Keep Information
| Category | Retention |
|---|---|
| Site Analytics | Up to 26 months in GA4 unless you delete/opt out sooner. |
| Booking & Clinical Records | Generally 7 years or longer if required by medical, legal, or tax obligations. |
| Marketing Preferences | Until you opt out or request deletion; we maintain suppression lists to honor opt-outs. |
| Logs & Security | Typically 12 to 24 months, or longer if investigating incidents or as required by law. |
Your Privacy Rights
Depending on your state (for example, California CPRA, Texas TDPSA, Virginia VCDPA), you may have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising or certain profiling. To exercise rights, contact us at uptown@marasmedspa.com or use the links below. We will verify your request and respond as required by applicable law. Authorized agents may submit requests with proper authorization.
| Right | How to exercise |
|---|---|
| Access/Portability | Email us with "Privacy Request - Access". We will verify identity before releasing data. |
| Correction | Email us or update your profile during booking; we may ask for documentation to confirm accuracy. |
| Deletion | Request deletion via email; we will delete or de-identify unless retention is required by law or safety. |
| Opt-Out of Targeted Ads | Use browser settings (including GPC) and our site preferences; adjust ad settings with Meta/Google; unsubscribe from marketing. |
| Limit Use of Sensitive Info | We do not use sensitive personal information for inferring characteristics or for cross-context ads. |
| Appeal | If we deny a request, you may appeal by replying to our decision email. If unresolved, you may contact your state AG. |
Minors
Our online Services are not directed to children under 13, and we do not knowingly collect their personal information. In-clinic treatments require the presence and consent of a parent or legal guardian for minors where allowed by law and clinic policy. We do not knowingly "sell" or "share" personal information of consumers under 16.
Before/After Photos and Media Consent
With a signed media release, we may create and use before/after photos or testimonials for educational and marketing purposes. You may revoke consent at any time for future uses by emailing us. Revocation does not require us to remove materials already lawfully produced or published, but we will stop new uses going forward.
Financial and Booking Policies (Summary)
| Topic | Details |
|---|---|
| Refunds & Cancellations | All purchases are final. Appointments must be canceled or rescheduled at least 24 hours in advance. No-shows or late cancellations are charged 50% of the service fee. |
| Deposits | A deposit may be required to book. Deposits are fully refundable if you cancel or reschedule with 24+ hours notice; if you no-show or cancel late, the deposit (50%) is forfeited. |
| Packages/Prepaids | Non-refundable once purchased, not transferable, and subject to stated expirations. Once expired, remaining value is forfeited. If a treatment becomes medically contraindicated and we receive a physician letter, we may offer a reasonable alternative or credit at our discretion. |
| Gift Cards & Promotions | Non-refundable, not redeemable for cash. Replacement for loss or theft is discretionary and only if we can confirm remaining value and that it has not been redeemed; otherwise no replacement is provided. |
Full terms may appear in our Policy Center and on the booking page. These summaries do not modify any legally posted terms at checkout.
FDA and Treatment Statements
Some devices and products we use are FDA-cleared or FDA-approved for specific indications; others may be used off-label at provider discretion. Individual results vary and are not guaranteed. Treatment suitability is determined by our providers case-by-case.
Security
We maintain reasonable administrative, technical, and physical safeguards appropriate to the nature of the information we handle. No system is 100% secure, and we cannot guarantee absolute security of information transmitted to or stored by us.
State Disclosures (Snapshot)
| California (CPRA) | Key Points |
|---|---|
| Sale/Share | We do not sell for money; we may "share" for targeted ads. Use GPC and our preferences to opt out. |
| Sensitive Info | We do not use sensitive personal information to infer characteristics. |
| Rights | Know, access, correct, delete, portability, limit SPI, opt out of sale/share, and non-discrimination. |
| Texas (TDPSA) | Key Points |
|---|---|
| Controller | Mara's Med Spa, Dallas, TX. Contact: uptown@marasmedspa.com. |
| Rights | Access, correct, delete, portability, and opt out of targeted ads or certain profiling; right to appeal denials. |
International Users
We serve U.S. residents only. If you access our Services from outside the U.S., you consent to processing in the United States, which may have different data protection laws than your country.
Marketing Communications
With your consent, we may send marketing emails or SMS. You can opt out at any time: unsubscribe links in emails; reply STOP to SMS. Message and data rates may apply.
Third-Party Sites
Our site may link to third-party websites and services. Their privacy practices are governed by their policies.
Terms Highlights, Disputes, and Liability
| Topic | Provision |
|---|---|
| Arbitration & Venue | Any dispute relating to the Services will be resolved by binding, individual arbitration in Dallas County, Texas under AAA or JAMS rules. Small claims court is permitted. No class actions or class arbitration. |
| Limitation of Liability | To the maximum extent permitted by law, our liability is limited to the amount you paid for the service giving rise to the claim. We are not liable for indirect, incidental, special, or consequential damages. |
| Indemnity | You agree to indemnify us for claims arising from your misuse of the Services or violation of this Policy or our Terms. |
These summaries are provided for convenience. The controlling Terms of Use posted on our site govern in the event of any conflict.
Changes to This Policy
We may update this Policy at any time. We will post the updated version here and revise the "Last Updated" date above. We do not send email notices of updates.
Contact for Privacy Requests
Email: uptown@marasmedspa.com
Phone: (469) 730-3333
Postal: Privacy Officer, Mara's Med Spa, 2222 McKinney Ave, Suite 120, Dallas, TX 75201