DR. SHARON AESTHETICS
Effective Date: June 25, 2026
IMPORTANT NOTICE: This Privacy Policy applies to the website located at https://drsharonaesthetics.com/, any associated mobile applications (collectively, the "Services"), and all interactions you have with Dr. Sharon Aesthetics, whether online or in our clinic. Please read this policy carefully before using our Services or providing us with any personal information.
INTRODUCTION AND OVERVIEW
Dr. Sharon Aesthetics ("we," "us," "our," or "the Practice") is a medical aesthetics and wellness clinic located at 1014 Wirt Road, Bldg 290, Suite 118, Houston, TX 77055, operated under the medical direction of Dr. Sharon Smith. We are committed to protecting the privacy, confidentiality, and security of all personal information and protected health information ("PHI") entrusted to us by our patients, visitors, and users.
This Privacy Policy describes the types of information we collect, how we use and share that information, the steps we take to protect it, and the rights you have with respect to your information. This policy is intended to comply with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), applicable Texas state privacy laws, the California Consumer Privacy Act ("CCPA") as applicable to out-of-state visitors, the Children's Online Privacy Protection Act ("COPPA"), and the privacy requirements of Apple App Store and Google Play Store policies.
By accessing our website, using our mobile application, or receiving services at our clinic, you acknowledge that you have read and understood this Privacy Policy.
INFORMATION WE COLLECT
We collect various categories of information in the course of providing medical aesthetics, wellness, and related services to you.
2.1 PERSONAL IDENTIFIERS
We collect information that identifies you as an individual, including but not limited to: your full legal name, home address, email address, telephone number, date of birth, gender, emergency contact information, and government-issued identification numbers when required for treatment or verification purposes.
2.2 PROTECTED HEALTH INFORMATION (PHI) UNDER HIPAA
As a healthcare provider, we collect and maintain Protected Health Information as defined by HIPAA. PHI includes any information that relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or payment for healthcare services provided to you, when that information can reasonably identify you. This includes your medical history, treatment records, clinical notes, procedure photographs, lab or diagnostic results, medication information, and information about cosmetic and wellness procedures you have received or inquired about.
2.3 HEALTH AND MEDICAL INFORMATION
In connection with the services we provide, including neurotoxin injections, dermal fillers, microneedling, vampire facials and facelifts, O-Shot, P-Shot, hair restoration, Bio-Identical Hormone Replacement Therapy (BHRT), IV drip therapy, and other cosmetic and wellness treatments, we collect detailed health histories, allergy information, contraindication screening data, pre- and post-treatment photographs, consent forms, and treatment outcome records.
2.4 PAYMENT AND BILLING INFORMATION
We collect payment-related information necessary to process transactions, including credit card or debit card information, billing address, insurance information (when applicable), health savings account (HSA) or flexible spending account (FSA) information, and transaction history. We use secure, third-party payment processors to handle financial transactions and do not store complete payment card numbers on our systems.
2.5 TECHNICAL AND DEVICE INFORMATION
When you visit our website or use our mobile application, we automatically collect certain technical and device-level information. This may include your Internet Protocol (IP) address, device identifier, device type and model, operating system version, browser type and version, app version, mobile network information, pages viewed, links clicked, time and date of your visit, referring URLs, session duration, and crash logs. This information is collected through cookies, web beacons, pixels, and similar tracking technologies, as described further in Section 7 of this policy.
2.6 COMMUNICATIONS DATA
We collect records of communications between you and our Practice, including emails, text messages (SMS), appointment confirmation and reminder messages, online form submissions, chat messages, social media interactions, and records of telephone conversations to the extent permitted by applicable law.
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
3.1 TREATMENT, PAYMENT, AND HEALTHCARE OPERATIONS
We use your PHI and personal information to provide, coordinate, and manage your medical care; to process billing and payment for services rendered; and to conduct healthcare operations, including quality assurance activities, staff training, practice administration, business planning, and legal compliance. These uses are permitted under HIPAA's core Treatment, Payment, and Healthcare Operations framework.
3.2 APPOINTMENT SCHEDULING AND REMINDERS
We use your contact information and appointment details to schedule consultations and procedures, send appointment reminders via email, text message, or telephone call, follow up on post-treatment care, and communicate about rescheduling or cancellations.
3.3 CUSTOMER SERVICE AND SUPPORT
We use your information to respond to your inquiries, address complaints, resolve billing issues, and provide general support related to our services. You may contact us at drsharon@drsharonaesthetics.com for any support-related matters.
3.4 MARKETING AND PROMOTIONAL COMMUNICATIONS
With your prior consent or where otherwise permitted by law, we may use your name, email address, and telephone number to send you information about our services, special promotions, upcoming events, newsletters, and wellness tips. You have the right to opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send you, replying "STOP" to any text message, or contacting us directly at drsharon@drsharonaesthetics.com. Opting out of marketing communications will not affect our ability to contact you for treatment-related purposes.
3.5 LEGAL AND REGULATORY COMPLIANCE
We may use your information as necessary to comply with applicable federal, state, and local laws and regulations; to respond to lawful requests from government authorities; to enforce our terms and agreements; and to protect the rights, property, and safety of our Practice, patients, employees, and the public.
3.6 WEBSITE AND APP IMPROVEMENT
We use technical and usage data to analyze trends, monitor the performance of our website and mobile application, troubleshoot issues, and improve the functionality and user experience of our digital services.
HIPAA NOTICE OF PRIVACY PRACTICES SUMMARY
This section provides a summary of our HIPAA Notice of Privacy Practices. A full Notice of Privacy Practices is available at our clinic and upon request. If you are a patient, you have certain rights under HIPAA regarding your Protected Health Information.
4.1 HOW WE MAY USE AND DISCLOSE YOUR PHI
Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example, we may share your records with a referring physician or specialist involved in your care.
Payment: We may use and disclose your PHI to obtain payment for services rendered. For example, we may submit claims to your insurance company or process charges through a third-party billing service.
Healthcare Operations: We may use and disclose your PHI for operational activities such as quality improvement reviews, staff training, accreditation, auditing functions, and general administration of the Practice.
As Required by Law: We may disclose your PHI when required to do so by federal, state, or local law, including reporting requirements related to public health, abuse, neglect, law enforcement, judicial proceedings, or national security.
Other Uses and Disclosures: All other uses and disclosures of your PHI not described in this policy require your written authorization. You may revoke any such authorization in writing at any time, subject to actions already taken in reliance on the authorization.
4.2 MINIMUM NECESSARY STANDARD
When using or disclosing PHI, or when requesting PHI from another covered entity, we make reasonable efforts to limit the PHI to the minimum necessary to accomplish the intended purpose, consistent with HIPAA's minimum necessary standard.
4.3 YOUR RIGHTS UNDER HIPAA
As a patient, you have the following rights with respect to your PHI:
Right of Access: You have the right to inspect and obtain a copy of your PHI that we maintain in our designated record set. Requests must be submitted in writing. We will respond within 30 days of receiving your request. A reasonable fee may be charged for copies.
Right to Amend: If you believe that PHI in your records is incorrect or incomplete, you may request that we amend the record. We may deny the request under certain circumstances, and we will explain any denial in writing.
Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI, other than disclosures for treatment, payment, healthcare operations, or disclosures made pursuant to your authorization.
Right to Request Restrictions: You have the right to request that we restrict the use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to a restriction, except that we must agree to restrict disclosure of PHI to a health plan when you pay out-of-pocket in full for a service.
Right to Confidential Communications: You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may request that we contact you only by email and not by telephone.
Right to Opt Out of Fundraising and Marketing: You have the right to opt out of receiving fundraising communications from us. You also have the right to withdraw any authorization for us to use your PHI for marketing purposes.
Right to Receive Notice of Breach: You have the right to receive notification if there is a breach of your unsecured PHI that poses a significant risk of financial, reputational, or other harm to you.
To exercise any of the rights described above, please contact us in writing at: Dr. Sharon Aesthetics, 1014 Wirt Road, Bldg 290, Suite 118, Houston, TX 77055, or by email at drsharon@drsharonaesthetics.com.
HOW WE SHARE YOUR INFORMATION
5.1 BUSINESS ASSOCIATES
We may share your PHI with Business Associates -- third-party companies and individuals who perform services on our behalf and who have agreed, through a HIPAA-compliant Business Associate Agreement, to protect the privacy and security of your PHI. Business Associates may include electronic health record (EHR) vendors, billing companies, IT service providers, practice management software vendors, and transcription services.
5.2 SERVICE PROVIDERS
We may share non-PHI personal information with third-party service providers who assist us in operating our website, running our mobile application, processing payments, sending communications, providing analytics, and delivering other business functions. These service providers are contractually obligated to use your information only as directed by us and in a manner consistent with this Privacy Policy.
5.3 LEGAL REQUIREMENTS AND PROTECTION OF RIGHTS
We may disclose your information when we believe in good faith that such disclosure is necessary to: comply with a legal obligation or respond to valid legal process; protect the rights, property, or safety of our Practice, our patients, or the public; investigate fraud or security incidents; or enforce our policies and agreements.
5.4 WITH YOUR CONSENT
We may share your information with third parties not otherwise covered by this policy when we have obtained your explicit consent to do so, including consent for testimonials, before-and-after photographs used for marketing, or referrals to external specialists.
5.5 NO SALE OF PERSONAL INFORMATION
We do not sell, rent, or trade your personal information or PHI to third parties for their own marketing or commercial purposes. This commitment applies to all categories of personal information, including PHI and non-PHI data collected through our website and mobile application.
5.6 BUSINESS TRANSFERS
In the unlikely event of a merger, acquisition, sale of assets, or other business transfer involving our Practice, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy and applicable HIPAA requirements.
MOBILE APPLICATION SPECIFIC DISCLOSURES
This section applies to any mobile application made available by Dr. Sharon Aesthetics through the Apple App Store or Google Play Store (the "App"). If we do not currently offer a standalone mobile application, this section serves as a disclosure framework for any App we may develop or release in the future.
6.1 DATA TYPES COLLECTED THROUGH THE APP
The App may collect the following categories of data: contact information (name, email, phone number), health and fitness data related to wellness services, appointment and booking information, payment information processed through secure third-party processors, identifiers (device ID, user account ID), usage data (features accessed, session duration, in-app actions), crash data and diagnostics, and photos or images if you choose to upload them (such as treatment consultation photos).
6.2 THIRD-PARTY SDKS AND ANALYTICS TOOLS
The App may integrate third-party software development kits (SDKs) for analytics, crash reporting, push notifications, and payment processing. These may include providers such as Google Analytics for Firebase, Apple Analytics, Stripe or similar payment SDKs, and appointment scheduling platforms. Each third-party SDK is governed by that provider's own privacy policy. We take reasonable steps to ensure that any third-party SDK we integrate does not use your personal data for purposes beyond those disclosed in this policy.
6.3 PUSH NOTIFICATIONS
With your permission, the App may send you push notifications for appointment reminders, promotional offers, health tips, and other communications. You may disable push notifications at any time through your device settings.
6.4 LOCATION DATA
The App does not collect precise geolocation data unless you specifically grant location permission, which may be used solely to assist you in locating our clinic. We do not sell, share, or use location data for advertising or profiling purposes.
6.5 CAMERA AND MICROPHONE ACCESS
If the App includes features that require camera or microphone access (such as uploading consultation photos or participating in a telehealth visit), the App will request your permission before accessing these device features. Camera and microphone data is used solely for the purpose for which access was granted and is not stored beyond what is necessary.
6.6 APP STORE DATA NUTRITION LABEL
In compliance with Apple App Store requirements, the following is a summary of data practices that may appear in our App's privacy nutrition label on the App Store:
Data Used to Track You: None (we do not use your data to track you across other companies' apps and websites for advertising purposes).
Data Linked to You: Contact information, health and fitness data, user content, identifiers, usage data.
Data Not Linked to You: Crash data, diagnostic data.
Users may review and request deletion of their App-collected data by contacting us at drsharon@drsharonaesthetics.com.
COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies, web beacons, pixels, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts.
Strictly Necessary Cookies: These cookies are essential for the website to function properly. They cannot be disabled without affecting core site functionality.
Functional Cookies: These cookies allow the website to remember your preferences, such as language settings or previously entered form information.
Analytics Cookies: We use tools such as Google Analytics to collect aggregated information about how visitors use our website. This information helps us improve site content and usability. Data collected through analytics cookies is anonymized where possible.
Marketing and Advertising Cookies: With your consent, we may use cookies to deliver targeted advertisements or to measure the effectiveness of our marketing campaigns.
You may control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about how to manage cookies, visit your browser's help documentation.
We do not respond to browser "Do Not Track" (DNT) signals at this time. However, we support your right to opt out of certain tracking as described in Section 10 of this policy.
DATA SECURITY
We take the security of your personal information and PHI seriously and maintain administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements.
8.1 ADMINISTRATIVE SAFEGUARDS
We have implemented workforce training programs on privacy and security, documented policies and procedures for handling PHI, assigned a designated HIPAA Privacy and Security Officer, conducted risk assessments to identify and mitigate vulnerabilities, and established sanction policies for workforce members who violate our privacy and security policies.
8.2 PHYSICAL SAFEGUARDS
Access to our clinic facilities and areas where PHI is stored or processed is restricted to authorized personnel. Workstations are positioned to prevent unauthorized viewing. Physical records containing PHI are stored securely and disposed of through HIPAA-compliant destruction methods.
8.3 TECHNICAL SAFEGUARDS
We employ technical measures including access controls requiring unique user credentials, audit logging of access to electronic PHI, automatic logoff features on workstations, encryption of electronic PHI in transit and at rest where feasible, secure electronic messaging systems, and firewall and intrusion detection protection.
8.4 BREACH NOTIFICATION
In the event of a breach of unsecured PHI, we will notify affected individuals, the Secretary of the Department of Health and Human Services, and, in cases involving more than 500 residents of a state, prominent media outlets in that state, in accordance with HIPAA's Breach Notification Rule.
Despite our best efforts, no data transmission over the Internet or storage system can be guaranteed to be 100% secure. If you believe your interaction with us is no longer secure, please contact us immediately at drsharon@drsharonaesthetics.com.
DATA RETENTION
We retain your personal information and PHI for as long as necessary to fulfill the purposes for which it was collected, including for treatment continuity, legal compliance, dispute resolution, and enforcement of our agreements.
Medical records are retained in accordance with Texas state law, which generally requires that adult patient records be retained for a minimum of ten (10) years from the date of last treatment. Records for minor patients are retained until the patient reaches the age of majority plus ten (10) years, or for a minimum of ten (10) years from the date of last treatment, whichever is longer.
Non-PHI personal information, such as website usage data, marketing preferences, and contact records, is retained for as long as necessary for business operations or until you request deletion, subject to any applicable legal retention requirements.
When information is no longer needed and is no longer subject to a retention requirement, we securely destroy or de-identify it in a manner consistent with HIPAA and applicable law.
YOUR PRIVACY RIGHTS
10.1 HIPAA PATIENT RIGHTS
If you are a patient of Dr. Sharon Aesthetics, you have the rights described in Section 4.3 of this policy. To exercise those rights, please contact us in writing at the address or email listed in Section 14.
10.2 TEXAS RESIDENTS' RIGHTS
Under the Texas Identity Theft Enforcement and Protection Act and other applicable Texas laws, Texas residents may have rights regarding the security and accuracy of their personal information. You have the right to request access to, correction of, and deletion of personal information we hold about you, to the extent required by Texas law and not superseded by HIPAA. To submit a request, please contact us at drsharon@drsharonaesthetics.com.
10.3 OPT-OUT OF MARKETING COMMUNICATIONS
You may opt out of receiving marketing emails, text messages, or other promotional communications from us at any time. To opt out: click the "unsubscribe" link in any marketing email; reply "STOP" to any SMS marketing message; or contact us directly at drsharon@drsharonaesthetics.com. Please allow up to ten (10) business days for your request to take effect. Opt-out requests do not apply to transactional or appointment-related communications.
10.4 DO NOT SELL / DO NOT SHARE (CALIFORNIA VISITORS)
Although we are a Texas-based business, we acknowledge that some visitors to our website may be California residents entitled to rights under the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA). We do not sell personal information as defined by the CCPA. If you are a California resident and wish to submit a request to know, delete, or correct your personal information, or to opt out of the sharing of your personal information for cross-context behavioral advertising, please contact us at drsharon@drsharonaesthetics.com with the subject line "California Privacy Request."
CHILDREN'S PRIVACY
Our Services are not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13 without verified parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA).
If you are the parent or legal guardian of a child under 13 and you believe that your child has provided us with personal information without your consent, please contact us immediately at drsharon@drsharonaesthetics.com. We will take prompt steps to delete such information from our records.
For patients who are minors receiving medical aesthetics or wellness services, a parent or legal guardian must provide consent, and all medical records for minor patients are handled in accordance with HIPAA and applicable Texas minor consent laws.
THIRD-PARTY LINKS
Our website and mobile application may contain links to third-party websites, social media platforms, online booking systems, or other external resources. This Privacy Policy does not apply to third-party websites or services, and we are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party site or service before providing them with your personal information.
Social media plugins, including links to platforms such as Instagram, Facebook, or YouTube, may allow those platforms to collect information about your visit to our website, subject to their own privacy policies and terms of service.
CHANGES TO THIS POLICY
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Effective Date" at the top of this policy and post the revised version on our website at https://drsharonaesthetics.com/. Where required by law, we will provide more prominent notice, such as an email notification to patients on file.
We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our website, mobile application, or our services after any changes become effective constitutes your acknowledgment of the revised policy.
CONTACT US AND HOW TO FILE A HIPAA COMPLAINT
14.1 CONTACTING US
If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal information or PHI, please contact us by any of the following methods:
Dr. Sharon Aesthetics
Attn: Privacy Officer
1014 Wirt Road, Bldg 290, Suite 118
Houston, TX 77055
Email: drsharon@drsharonaesthetics.com
Website: https://drsharonaesthetics.com/
We will respond to privacy-related inquiries within thirty (30) days of receipt.
14.2 HOW TO FILE A HIPAA COMPLAINT
If you believe that we have violated your privacy rights under HIPAA or have failed to comply with our obligations under this policy, you have the right to file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) without fear of retaliation.
To file a complaint with HHS OCR:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll-Free: 1-800-368-1019
TDD: 1-800-537-7697
Fax: 202-619-3818
Online: https://www.hhs.gov/ocr/complaints/
Complaints must be filed within 180 days of when you knew or should have known about the act or omission that is the subject of the complaint. HHS OCR may extend this deadline for good cause.
We will not retaliate against any individual for filing a complaint with HHS OCR or for exercising any rights provided under HIPAA or this Privacy Policy.
This Privacy Policy was last updated on June 25, 2026.
Dr. Sharon Aesthetics
1014 Wirt Road, Bldg 290, Suite 118
Houston, TX 77055
drsharon@drsharonaesthetics.com
https://drsharonaesthetics.com/