1. Introduction

At SPALI, we are committed to protecting your privacy and safeguarding your personal and health information. As a medical spa operating in Pinehurst, we comply with all applicable federal and North Carolina laws, including the Health Insurance Portability and Accountability Act (HIPAA).

This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our facility, website, or receive services from us.

2. Information We Collect

A. Personal Information

We may collect:

  • Full name

  • Date of birth

  • Address

  • Phone number

  • Email address

  • Emergency contact information

B. Health Information (Protected Health Information – PHI)

  • Medical history

  • Current medications and allergies

  • Treatment records and provider notes

  • Photographs for clinical documentation (before/after)

C. Payment Information

  • Credit or debit card details

  • Billing and transaction information

D. Website & Digital Information

  • IP address

  • Browser type and device information

  • Pages visited and interaction data

  • Cookies and tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide medical and aesthetic services

  • Develop and manage individualized treatment plans

  • Communicate appointment reminders, updates, and follow-ups

  • Process payments and maintain billing records

  • Improve our services and patient experience

  • Comply with legal and regulatory obligations

4. HIPAA Compliance & Use of PHI

SPALI complies with HIPAA regulations to protect your health information.

Your Protected Health Information (PHI) may be used or disclosed for:

  • Treatment: Coordination and delivery of care

  • Payment: Billing and collections

  • Healthcare Operations: Administrative, quality improvement, and training purposes

We will not disclose your PHI without your written authorization, except as required or permitted by law.

5. Disclosure of Information

We may share your information with:

  • Licensed healthcare providers involved in your care

  • Trusted third-party service providers (such as electronic medical record systems and payment processors)

  • Government or legal authorities when required by law

All third parties are required to maintain the confidentiality and security of your information.

6. Patient Photos & Marketing

  • Photos may be taken for clinical documentation and treatment planning

  • Photos will only be used for marketing, advertising, or social media with your explicit written consent

  • You may withdraw consent at any time by contacting us

7. Data Security

We take appropriate measures to protect your information, including:

  • Secure electronic medical record systems

  • Encrypted data storage and transmission

  • Restricted access to sensitive information

  • Staff training on privacy and security protocols

8. Your Rights

You have the right to:

  • Access and request copies of your medical records

  • Request corrections to inaccurate information

  • Request restrictions on certain uses or disclosures

  • Receive a list of disclosures of your PHI

  • Request confidential communications

  • File a complaint without fear of retaliation

To exercise these rights, please contact us using the information below.

9. Cookies & Website Tracking

Our website may use cookies and similar technologies to:

  • Improve website performance and functionality

  • Analyze visitor behavior

  • Enhance user experience

You may disable cookies through your browser settings.

10. Third-Party Links

Our website may contain links to third-party websites. SPALI is not responsible for the privacy practices or content of those websites.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Updates will be posted with a revised effective date.

12. Contact Information

SPALI
Pinehurst, North Carolina

Phone: 910-684-1588
Email: hello@sopinelaser.com