BeautyOne medical spa Toronto - mobile aesthetic clinic logo
Privacy Policy - Toronto medical spa page header background

Privacy Policy

Last updated: July 2025

At BeautyOne, your privacy is our priority. This Privacy Policy outlines how we collect, use, and safeguard your personal, medical, and financial information. We are committed to ensuring your data is handled with the highest standards of confidentiality, security, and regulatory compliance.

1. Information We Collect

We collect the following types of information to provide safe, personalized care:

  • Personal Identifiers: Name, phone number, email address, mailing address, date of birth.

  • Medical Information: Health history, medications, treatment plans, clinical notes, and photographs.

  • Appointment & Communication History: Messages, forms, consultations, and records from your interactions with our clinic and AI tools.

  • Technical Information: Browser/device data when you interact with our website or digital tools.

We do not store your credit card or payment details.

2. How We Use Your Information

Your information is used solely to:

  • Deliver and personalize your treatments and care

  • Communicate appointment reminders, follow-up care, or education

  • Maintain accurate medical records in compliance with regulations

  • Improve service quality and patient outcomes

  • Fulfill any legal or professional obligations related to healthcare delivery

We do not use your medical or personal data for advertising, and we do not sell your information.

3. HIPAA-Compliant Platform: Health Hue Digital

All patient records, treatment notes, images, and medical history are securely stored and managed using Health Hue Digital—a HIPAA-compliant platform purpose-built for medical clinics.

Health Hue Digital provides:

  • Secure cloud-based storage with end-to-end encryption

  • Role-based access controls

  • Audit logs for all data access

  • Secure communication between our clinic and patients

This ensures your data is protected against unauthorized access and aligned with HIPAA, PHIPA (for Ontario), and other applicable healthcare privacy regulations.

4. Payments and Financial Information

BeautyOne uses Square Payments, a trusted third-party payment processor, to securely handle all transactions.

We do not store your credit card numbers, banking information, or CVV codes on our systems. Square Payments is PCI-DSS compliant and uses encryption to protect your financial information.

5. Data Retention

We retain your medical and clinical information as required by law—typically a minimum of 10 years after the last date of treatment.

You may request access to or deletion of your records, subject to professional, legal, or regulatory requirements.

6. Your Rights

You have the right to:

  • Access your personal and health records

  • Request corrections to inaccurate data

  • Withdraw consent (where applicable)

  • Request deletion of data (where legally permissible)

To exercise these rights, please contact BeautyOne directly.

7. Security Measures

To protect your data, we implement:

  • HIPAA and PHIPA-aligned protocols

  • End-to-end encryption of stored and transmitted data

  • Multi-factor authentication for internal system access

  • Ongoing staff training on privacy and security practices

While no system can guarantee 100% protection, we continuously monitor and improve our safeguards.

8. Children's Privacy

We do not knowingly collect personal or health information from minors without verified parental or guardian consent.