Privacy Policy

This draft is a starting point for legal review. Specific clinic facts marked [TO CONFIRM] require Paul McBride + franchise attorney to verify or replace before this page is made public.

This Privacy Policy describes how The Bluffs Med Spa & Massage ("The Bluffs," "we," "us," or "our") collects, uses, and shares information from visitors to our marketing website at book.thebluffs.com and from prospective and current patients who contact us through this site. Our flagship clinic is located at 375 Hope Pond Way, Suite 104, Bluffton, SC 29910.

This Policy applies to information collected on this marketing site. Patient health information collected through clinical care is governed by our separate HIPAA Notice of Privacy Practices, provided in-clinic.

1. Information We Collect

Information you give us

• Name, email address, phone number, and any message you provide when you complete our contact, consultation, newsletter, or photo-upload forms.
• Treatment interest, primary concern, and preferred contact method — only when you choose to share these on a consultation form.
• Marketing-consent selections (email and SMS opt-in checkbox).

Information collected automatically

• IP address, device type, browser, operating system, referring URL, pages viewed, and timestamps.
• Cookie and similar-technology identifiers used by our analytics and ad platforms.

2. How We Use Your Information

• Respond to your inquiry and schedule a consultation.
• Send appointment reminders, treatment information, and follow-up communications you've opted into.
• Improve the website and understand which pages and offers our visitors find useful.
• Measure and target our paid advertising on Meta (Facebook/Instagram), Google, and related platforms.
• Comply with legal obligations and protect against fraud.

3. HIPAA and Patient Health Information

Information you share through this website that relates to your health (for example, the "Primary Concern" field on a consultation form) is treated with care, but this website itself is not a HIPAA-secured patient portal. Once you become an established patient, your clinical records are protected by HIPAA and our separate Notice of Privacy Practices applies.

For a copy of our full Notice of Privacy Practices, ask any team member at the clinic, or email info@thebluffs.com.

4. Cookies and Tracking Technologies

This site uses cookies, pixels, and similar technologies for analytics and advertising. Specifically:

• Meta Pixel — measures the performance of our Meta (Facebook/Instagram) ads and supports retargeting.
• Google Analytics 4 (GA4) — measures site usage and conversion paths.
• Google Ads conversion tracking — measures the performance of our Google ads.
• GoHighLevel form analytics — captures form submissions and routes them to our patient-management system.
• Vercel Web Analytics — anonymous, aggregated page-view counts to monitor site speed and reliability.

You can opt out of most analytics and advertising cookies through your browser settings or platform-specific opt-out pages (Meta Ad Preferences, Google Ads Settings).

5. How We Share Your Information

We share information with the following categories of third parties, and only as needed to provide the services you've requested or to operate our business:

• Patient-management software — GoHighLevel (CRM) and Prospyr Med (booking and clinical records).
• Advertising and analytics providers — Meta, Google, and the platforms named above, under their respective data-processing terms.
• Service providers — email and SMS delivery, secure file hosting, and similar vendors operating under written confidentiality terms.
• Legal disclosures — when required by law, subpoena, or to protect rights, property, or safety.

We do not sell your personal information.

6. Email and SMS Communications

If you opt into marketing emails or SMS through one of our forms, you'll receive periodic updates about treatments, events, and promotions. You can unsubscribe from emails by clicking the link at the bottom of any message, or text STOP to opt out of SMS. Standard message and data rates may apply to SMS.

7. Data Retention

We retain marketing and inquiry information for as long as we have an ongoing relationship with you, plus a reasonable period afterward to comply with our legal obligations and to address claims. Clinical records are retained under separate medical-records retention rules.

8. Your Rights

Depending on where you live, you may have the right to access, correct, or request deletion of information we hold about you, and to opt out of certain types of processing. To make a request, email info@thebluffs.com with the subject line "Privacy Request." We may need to verify your identity before acting on a request.

[TO CONFIRM] Whether to expand this section with state-specific notices (e.g., California, Virginia, Colorado) and the franchise's footprint across the 5 states it operates in.

9. Children's Privacy

This website is not directed to children under 18, and we do not knowingly collect information from children under 18. If you believe a child has provided us with information, contact us and we'll delete it.

10. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be highlighted at the top of this page for 30 days following the update.

11. Contact Us

The Bluffs Med Spa & Massage
375 Hope Pond Way, Suite 104
Bluffton, SC 29910
(843) 707-0006
info@thebluffs.com

Last updated: 13 May 2026 — pending franchise attorney approval. This page is effective only after the DRAFT banner is removed.