Privacy Policy

GlowClient, Inc. ("GlowClient," "we," "us," or "our") provides a HIPAA-compliant medical spa and aesthetic practice management platform. This Privacy Policy applies to information we collect through our website, web application, mobile applications, and any related services (collectively, the "Services").

Effective Date: December 8, 2025

By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use our Services.

2.1 Information You Provide

• Account Information: Name, email address, phone number, business name, and professional credentials when you register
• Patient Data: Medical histories, treatment records, photographs, consent forms, and other Protected Health Information (PHI) that you enter into the system
• Payment Information: Billing address and payment card details (processed securely through Stripe)
• Communications: Messages, support requests, and feedback you send to us

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and navigation patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Server logs including access times, error reports, and system activity
• Audit Logs: Records of all PHI access and modifications for HIPAA compliance

2.3 Protected Health Information (PHI)

We use the information we collect for the following purposes:

Lawful Bases for Processing

We process your information based on the following legal bases:

• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legal Obligation: Processing required to comply with HIPAA and other regulations
• Legitimate Interests: Processing for fraud prevention, security, and service improvement
• Consent: Processing based on your explicit consent where required

Our HIPAA Commitments

• Implement administrative, physical, and technical safeguards
• Encrypt all PHI at rest and in transit using AES-256-GCM
• Maintain comprehensive audit logs of all PHI access
• Limit PHI access to authorized personnel only
• Report any security incidents or breaches promptly
• Train all employees on HIPAA requirements
• Conduct regular security risk assessments

Patient Rights Under HIPAA

Patients have specific rights regarding their PHI, including:

We do not sell your personal information or PHI. We may share information only in the following circumstances:

5.1 Service Providers

We share information with carefully selected third-party service providers who assist us in operating our platform. All service providers handling PHI are required to sign Business Associate Agreements and maintain HIPAA compliance.

5.2 Legal Requirements

We may disclose information when required by law, including:

• Court orders or legal proceedings
• Public health activities
• Law enforcement requests with proper authorization
• Health oversight activities
• To prevent imminent serious harm

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

We implement industry-leading security measures to protect your information:

For detailed information about our security practices, please visit our Security Page.

We retain your information for as long as necessary to provide our Services and comply with legal obligations:

Depending on your location, you may have the following rights regarding your personal information:

To exercise any of these rights, please contact us at privacy@glowclient.com. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to enhance your experience:

Types of Cookies We Use

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect the functionality of our Services.

We use the following third-party services, all of which maintain appropriate security and privacy standards:

Each of these providers has their own privacy policy governing their use of your information. We encourage you to review their policies.

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For patients under 18, parental or guardian consent is required, and their information is handled with additional safeguards in accordance with applicable laws.

Our Services are primarily operated in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

We implement appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses (SCCs) where required
• Data processing agreements with international partners
• Technical measures to ensure equivalent levels of protection

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending an email notification for significant changes
• Displaying a prominent notice within the application

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For HIPAA-related concerns or to file a complaint, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights.