Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • You mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

  • Company (referred to as either "the Company," "We," "Us," or "Our" in this Agreement) refers to Gen Aesthetics, operating in the State of Colorado.

  • Application means the software program provided by the Company downloaded by You on any electronic device, named A.I. Chatbot.

  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.

  • Account means a unique account created for You to access our Service or parts of our Service.

  • Service refers to the Application.

  • Country refers to: United States.

  • State refers to: Colorado.

  • Controller means the entity that determines the purposes and means of processing personal data, as defined under the Colorado Privacy Act.

  • Processor means an entity that processes personal data on behalf of a controller, as defined under the Colorado Privacy Act.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.

  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.

  • Personal Data means information that is linked or reasonably linkable to an identified or identifiable individual. Personal Data does not include de-identified data or publicly available information, as defined under the Colorado Privacy Act (CPA).

  • Sensitive Data means personal data that includes data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality or sexual orientation, citizenship or citizenship status, genetic or biometric data that may be processed to uniquely identify an individual, personal data from a known child, or precise geolocation data, as defined under the Colorado Privacy Act.

  • Protected Health Information (PHI) means individually identifiable health information that is transmitted or maintained in any form or medium by the Company, including electronic, paper, or oral communications, as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • Device means any device that can access the Service, such as a computer, a cell phone, or a digital tablet.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • Profiling means any form of automated processing performed on personal data to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

  • Consumer means a natural person who is a Colorado resident acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context, as defined under the Colorado Privacy Act.

  • Sale means the exchange of personal data for monetary or other valuable consideration by the controller to a third party. Sale does not include the disclosure of personal data to a processor that processes the personal data on behalf of the controller, or certain other specified exceptions under the Colorado Privacy Act.

  • Targeted Advertising means displaying to a consumer an advertisement that is selected based on personal data obtained or inferred over time from the consumer's activities across nonaffiliated websites, applications, or online services to predict consumer preferences or interests.

  • Business Associate means a person or entity that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of protected health information, as defined under HIPAA.

HIPAA Consent and Protected Health Information

HIPAA Authorization and Consent

By using our Service, You acknowledge and understand that You have certain rights to privacy regarding Your protected health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

By providing Your consent and using our Service, You authorize Us to use and disclose Your protected health information to carry out:

  • Treatment (including direct or indirect treatment by other healthcare providers involved in Your treatment)

  • Payment activities related to Your healthcare services

  • Healthcare Operations including the day-to-day healthcare operations of Our practice

Your HIPAA Rights

You have been informed of and given the right to review and secure a copy of Our Notice of Privacy Practices, which contains a more complete description of the uses and disclosures of Your protected health information and Your rights under HIPAA.

Your rights include:

  • The right to request restrictions on how Your protected health information is used and disclosed for treatment, payment, and healthcare operations

  • The right to revoke this consent in writing at any time (though any use or disclosure prior to revocation remains valid)

  • The right to access and obtain copies of Your protected health information

  • The right to request amendments to Your protected health information

  • The right to an accounting of disclosures of Your protected health information

Please note: We reserve the right to change the terms of Our Notice of Privacy Practices from time to time. You may contact Us at any time to obtain the most current copy. While We are not required to agree to requested restrictions on Your protected health information, if We do agree, We are bound to comply with such restrictions.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Health-related information necessary for providing Our services

  • Usage Data

Protected Health Information

In addition to Personal Data, We may collect Protected Health Information (PHI) that is necessary for providing healthcare-related services through Our Application. This may include:

  • Medical history and health conditions

  • Treatment information

  • Health-related communications

  • Any other health information You provide through Our Service

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information Collected While Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with your prior permission:

  • Information regarding your location

We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company's servers and/or a Service Provider's server or it be simply stored on Your device.

You can enable or disable access to this information at any time through Your Device settings.

Use of Your Personal Data and Protected Health Information

The Company may use Personal Data and Protected Health Information for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service

  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user

  • For treatment purposes: to provide healthcare-related services and facilitate communication with healthcare providers

  • For payment processing: to process payments for healthcare services

  • For healthcare operations: to conduct quality assurance, case management, and other healthcare operations

  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service

  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation

  • To provide You with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information

  • To manage Your requests: To attend and manage Your requests to Us

Sharing of Your Personal Data and Protected Health Information

We may share your personal information and protected health information in the following situations:

  • With Healthcare Providers: We may share Your PHI with healthcare providers involved in Your treatment

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact You, provided they sign Business Associate Agreements as required by HIPAA

  • For Business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company, subject to HIPAA requirements

  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy and comply with HIPAA requirements

  • With Business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions, subject to appropriate safeguards

  • For Legal Requirements: As required by law, including HIPAA-permitted disclosures for public health, law enforcement, and other legally mandated purposes

  • With other users: when You share personal information or otherwise interact in public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures, and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You, and view Your profile.

    Note: Protected Health Information will never be shared in public areas or with other users without Your explicit authorization.

Retention of Your Personal Data and Protected Health Information

The Company will retain Your Personal Data and Protected Health Information only for as long as is necessary for the purposes set out in this Privacy Policy and as required by applicable law, including HIPAA requirements. We will retain and use Your Personal Data and PHI to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

For Protected Health Information, We will retain records as required by applicable healthcare regulations and HIPAA requirements, typically for a minimum of six years from the date of creation or when it was last in effect, whichever is later.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data and Protected Health Information

Your information, including Personal Data and Protected Health Information, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and HIPAA requirements, and no transfer of Your Personal Data or Protected Health Information will take place to an organization or a country unless there are adequate controls in place, including the security of Your data and other personal information.

Disclosure of Your Personal Data and Protected Health Information

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data and Protected Health Information may be transferred, subject to HIPAA requirements and with appropriate notice. We will provide notice before Your Personal Data and PHI are transferred and become subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data and Protected Health Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), in accordance with HIPAA-permitted disclosures.

Other Legal Requirements

The Company may disclose Your Personal Data and Protected Health Information in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability

  • Comply with HIPAA requirements for public health, safety, or law enforcement purposes

Security of Your Personal Data and Protected Health Information

The security of Your Personal Data and Protected Health Information is important to Us. We implement appropriate technical, administrative, and physical safeguards to protect Your information as required by HIPAA and other applicable laws. However, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data and PHI, We cannot guarantee its absolute security.

Our security measures include:

  • Encryption of data in transit and at rest

  • Access controls and user authentication

  • Regular security assessments and updates

  • Employee training on privacy and security requirements

  • Business Associate Agreements with third-party service providers

Detailed Information on the Processing of Your Personal Data

Service Providers

Service Providers have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose. Healthcare-related Service Providers must sign Business Associate Agreements as required by HIPAA.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: https://policies.google.com/privacy

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Note: Protected Health Information is excluded from analytics and tracking services.

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing, or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You.

Note: Marketing communications will not include Protected Health Information unless specifically authorized for treatment, payment, or healthcare operations purposes.

Colorado Privacy Act (CPA) Rights

Your Rights under the CPA

Under this Privacy Policy, and by law if You are a resident of Colorado, You have the following rights:

  • The right to know. You have the right to know whether we are processing your personal data and to access such personal data.

  • The right to access. You have the right to request and obtain from the Company information regarding your personal data that has been collected, including the categories of personal data, sources of collection, purposes of processing, categories of third parties with whom we share personal data, and specific pieces of personal data we have collected about You.

  • The right to portability. You have the right to obtain your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance.

  • The right to correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for which we process it.

  • The right to delete. You have the right to request deletion of personal data concerning you, subject to certain exceptions under the CPA.

  • The right to opt out. You have the right to opt out of:

    • The processing of personal data for purposes of targeted advertising

    • The sale of personal data

    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

  • The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer rights under the CPA, including by:

    • Denying goods or services to You

    • Charging different prices or rates for goods or services

    • Providing a different level or quality of goods or services to You

    • Suggesting that You will receive different treatment

Exercising Your CPA Data Protection Rights

In order to exercise any of Your rights under the CPA, and if you are a Colorado resident, You can contact us using the information provided in the "Contact Us" section below. We may need to verify your identity before processing your request.

The Company will respond to your request free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Opt-Out Rights Under the CPA

Do Not Sell My Personal Information

We do not sell personal information or protected health information. However, if our practices change, you may opt out of the sale of your personal data by contacting us or by using any opt-out mechanisms we may provide.

Opt Out of Targeted Advertising

You can opt out of targeted advertising by following our instructions presented on the Service:

  • From Our "Cookie Consent" notice banner

  • Or from Our "CPA Opt-out" notice banner

  • Or by contacting us directly

Opt Out of Profiling

You may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects by contacting us using the information provided below.

Website Opt-Out Mechanisms

The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.

Mobile Device Opt-Out

Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:

  • "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices

  • "Limit Ad Tracking" on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on your mobile device.

"Do Not Track" Policy as Required by Colorado Online Privacy Protection

Our Service does not respond to Do Not Track signals. However, Colorado residents have specific rights under the Colorado Privacy Act to opt out of certain data processing activities, as outlined in the CPA Rights section above.

Some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Your Colorado Privacy Rights

As a Colorado resident, you have specific rights under the Colorado Privacy Act as detailed in the CPA Rights section above. You may exercise these rights by contacting us using the contact information provided below.

Colorado Privacy Rights for Minor Users

Colorado law provides specific protections for minors' personal data. If you are under 18 and a Colorado resident, you may have additional rights regarding your personal information. Please contact us for more information about protections available to minor users.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

This Privacy Policy is effective as of 01/01/25 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For changes affecting Protected Health Information handling, We will provide appropriate notice as required by HIPAA.

Contact Us

If you have any questions about this Privacy Policy or HIPAA-related concerns, You can contact us at [email protected]

Take the First Step Toward a New You!

Discover how Gen Aesthetics can help you look and feel your best. Book a consultation today to learn more about our services and see which treatments are right for you.

GEN AESTHETICS

FOLLOW US

Copyright 2025. Gen Aesthetics. All Rights Reserved. Designed by 4Arcs Consulting