Privacy Policy
.png)
This Privacy Policy explains how Chore LLC dba Better Med Spa ("we," "us," or "our") collects, uses, protects, and manages personal and health information through our website (bettermedspa.com) and in-clinic services. By using our website or services, you acknowledge that you have read, understood, and agree to this Privacy Policy.
We are committed to protecting your privacy and complying with all applicable federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), Illinois state privacy laws, and other relevant healthcare data regulations.
Information We Collect
Personal Information
We collect various types of personal information to provide our medical spa services:
Contact Information: Full name, address, phone number, email address
Demographic Information: Date of birth, age, gender, emergency contacts
Payment Information: Credit card details, billing address, insurance information
Identification Information: Driver's license number, social security number (when required for treatment)
Health and Medical Information
As a healthcare provider, we collect protected health information (PHI) including:
Medical History: Currentand past health conditions, allergies, medications, previous treatments
Treatment Records: Details of services provided, medical notes, treatment plans, progress reports
Clinical Documentation: Before and after photographs (with separate written consent),procedure outcomes
Health Assessments: Consultation notes, treatment recommendations, follow-up care instructions
Information Collected Automatically
When you visit our website, we automatically collect:
Device Information: IP address, browser type and version, operating system, device type
Usage Data: Pages visited, time spent on site, referring websites, search terms used
Cookies and Tracking Technologies: See our "Cookies & Tracking" section below
Location Data: General geographic location based on IP address
Information from Communications
We collect information from:
Online Forms: Contact forms, appointment requests, consultation inquiries
Email Communications: Messages sent to and from our practice
Phone Calls:Information discussed during phone conversations (documented in your medical record)
Text Messages: SMS communications (only with your explicit written consent)
How We Use Your Information
We use your information for the following purposes:
Healthcare Services
Providing medical spa treatments and aesthetic services
Conducting consultations and assessments
Creating and maintaining treatment plans
Scheduling and managing appointments
Following up on treatments and monitoring progress
Coordinating care with other healthcare providers when necessary
Business Operations
Payment Processing: Processing payments, billing, and insurance claims
Customer Service: Responding to inquiries, resolving issues, providing support
Appointment Management: Sending appointment reminders via phone, email, or text (with consent)
Quality Improvement: Analyzing service effectiveness and patient satisfaction
Marketing and Communications (With Consent)
Sending promotional materials about our services and special offers
Providing educational information about treatments and skincare
Sharing newsletters and health tips
SMS marketing messages (only with explicit written opt-in consent)
Legal and Compliance
Complying with federal and state healthcare regulations
Responding to legal processes, court orders, or government requests
Protecting our legal rights and interests
Meeting professional licensing and accreditation requirements
Information Sharing and Disclosure
Healthcare Operations
We may share your information with:
Medical Staff: Licensed physicians, nurses, and aestheticians involved in your care
Healthcare Partners: Other healthcare providers coordinating your treatment (with your authorization)
Medical Consultants: Specialists consulted regarding your treatment (when medically necessary)
Business Associates
We may share information with trusted third-party vendors who help us operate our business, including:
Payment Processors: Companies that process credit card and other payments
IT Service Providers: Companies that maintain our electronic systems and data security
Appointment Software Vendors: HIPAA-compliant scheduling and management platforms
Communication Services: HIPAA-compliant email, text messaging, and phone services
Professional Services: Attorneys, accountants, and consultants (under strict confidentiality agreements)
All business associates are required to sign a HIPAA Confidentiality and Security Agreement and maintain the same level of privacy protection for your information.
Legal Requirements
We may disclose your information when required by law:
Public Health Authorities: For disease reporting, outbreak investigations, or other public health purposes
Legal Proceedings: In response to court orders, subpoenas, or other legal processes
Law Enforcement: When required for criminal investigations or to prevent imminent harm
Regulatory Bodies: To medical boards, licensing authorities, or other oversight agencies
Insurance Companies: For coverage verification, claims processing, and audit purposes (with your authorization)
Important Commitment
We do not sell, rent, or share your personal information for commercial purposes. Your trust is paramount to our practice, and we maintain strict policies against unauthorized disclosure.
Data Protection & Security
Technical Safeguards
We implement comprehensive security measures to protect your information:
Encryption: All sensitive data is encrypted both in transit and at rest using industry-standardAES-256 encryption
Secure Networks: HIPAA-compliant servers with multiple layers of security protection
Access Controls: Multi-factor authentication and role-based access to limit who can view your information
Firewalls and Anti-Malware: Advanced cybersecurity tools to prevent unauthorized access
Regular Security Updates: Ongoing system updates and security patches
Physical Safeguards
Secure Facilities: Locked offices, restricted access areas, and surveillance systems
Device Security: Password-protected computers, tablets, and mobile devices
Document Storage: Locked filing cabinets for physical records
Workstation Controls: Automatic logout features
Clean Desk Policy: Ensuring PHI is not left unattended or visible to unauthorized individuals
Administrative Safeguards
HIPAA Compliance Officer: Designated privacy officer responsible for overseeing data protection
Employee Training: Regular HIPAA training for all staff members handling patient information
Risk Assessments: Annual security risk assessments and vulnerability testing
Incident Response: Comprehensive breach notification and response procedures
Vendor Management: Due diligence and monitoring of all business associates
Data Retention
We retain your information in accordance with legal requirements and professional standards:
Medical Records: Maintained for a minimum of 6 years after your last visit, or longer as required by Illinois state law
Administrative Records: HIPAA compliance documentation retained for 6 years
Minor Patients: Records retained until age 21 or 6 years after last treatment, whichever is longer
Secure Disposal: When retention periods expire, records are destroyed using HIPAA-compliant methods (shredding for paper, secure deletion for electronic files)
Your Rights
Under federal and Illinois state law, you have the following rights regarding your personal and health information:
Access Rights
Right to Access: Request copies of your medical records and other personal information we maintain
Right to Inspect: Review your records at our facility during business hours
Response Time: We will respond to access requests within 30 days
Correction Rights
Right to Amend: Request corrections to inaccurate or incomplete information in your records
Amendment Process: Submit written requests with supporting documentation
Notification: We wil lnotify you of our decision and any actions taken
Control Rights
Right to Restrict: Request limitations on how we use or disclose your information
Right to Confidential Communications: Request that we communicate with you through alternative means or locations
Right to Object: Object to certain uses of your information for marketing purposes
Consent Management
Right to Withdraw Consent: Revoke previously given consent for marketing communications or non-essential uses
Right to Opt-Out: Unsubscribe from email newsletters, SMS messages, and promotional communications at any time
Right to Request Deletion: Request deletion of your personal information (subject to legal and medical record retention requirements)
Notification Rights
Right to Accounting: Request a list of disclosures we have made of your information
Right to Notification: Be notified of any breaches of your personal information
Right to Complaint: File complaints with us or with regulatory authorities
How to Exercise Your Rights
To exercise any of these rights, please:
Contact Us: Call (312) 285-2618 or email privacy@bettermedspa.com
Submit Written Requests: Send written requests to our Privacy Officer
Provide Identification: Valid photo ID required for all requests to protect your privacy
No Fees: We do not charge fees for most requests (copying fees may apply for extensive records)
Cookies & Tracking Technologies
What Are Cookies
Cookies are small text files stored on your device when you visit our website. We use cookies to improve your experience, analyze website performance, and provide personalized content.
Types of Cookies We Use
Essential Cookies (Always Active)
Session Management: Maintain your session while navigating our site
Security: Protect against fraud and unauthorized access
Functionality: Remember your preferences and settings
Analytics Cookies (With Consent)
Website Performance: Google Analytics to understand how visitors use our site
Usage Statistics: Track page views, bounce rates, and user behavior
Improvement Data: Information to enhance website functionality and content
Marketing Cookies (With Consent)
Advertising: Display relevant ads on other websites you visit
Social Media: Enable sharing of content on social platforms
Remarketing: Show you relevant ads based on your interest in our services
Cookie Consent Management
Granular Control: You can accept or reject different categories of cookies
Preference Center: Manage your cookie preferences at any time
Opt-Out Options: Easy methods to withdraw consent for non-essential cookies
Third-Party Services
We use the following third-party services that may place cookies:
Google Analytics: Website traffic analysis (privacy policy: policies.google.com/privacy)
Google Ads: Online advertising (opt-out: www.google.com/settings/ads)
Facebook Pixel: Social media marketing (privacy policy: www.facebook.com/privacy)
Appointment Scheduling: HIPAA-compliant booking system cookies
Managing Cookies
You can control cookies through:
Browser Settings: Mostbrowsers allow you to block or delete cookies
Opt-Out Tools: Industry opt-out tools like the Digital Advertising Alliance
Do Not Track: We honor Do Not Track signals when technically feasible
Text Messaging (SMS) Communications
SMS Consent Requirements
Before sending any text messages, we obtain explicit written consent that includes:
Purpose: Appointment reminders, treatment follow-ups, and health information
Frequency: Estimated number of messages per month
Costs: Standardmessaging and data rates apply
Opt-Out:Instructions to reply "STOP" to unsubscribe at any time
Privacy Notice: Reference to this Privacy Policy
SMS Privacy and Security
HIPAA Compliance: We use only HIPAA-compliant text messaging platforms
Limited Information: Text messages contain minimal personal information
Encryption: All messages are encrypted in transit and at rest
Audit Trails: Complete records of all SMS communications are maintained
Patient Control
Voluntary Participation: SMS consent is never required for receiving treatment
Easy Opt-Out: Reply "STOP" to immediately unsubscribe
Selective Consent: Choose which types of messages you want to receive
Preference Updates: Contact us to modify your SMS preferences
Third-Party Links and Services
Our website may contain links to third-party websites, including:
Educational Resources: Links to medical and skincare information sites
Product Recommendations: Links to recommended skincare products
Social Media: Links to our social media profiles
Professional Organizations: Links to medical associations and licensing boards
Important Notice
Separate Privacy Policies: Third-party sites have their own privacy policies
No Control: We do not control the privacy practices of external websites
Your Responsibility: Please review the privacy policies of any sites you visit
No Endorsement: Links do not constitute endorsement of third-party privacy practices
Illinois-Specific Privacy Rights
Illinois Privacy Laws
As an Illinois business serving Illinois residents, we comply with:
Illinois Personal Information Protection Act (PIPA): Breach notification and data security requirements
Illinois Biometric Information Privacy Act (BIPA): Protection of biometric identifiers (fingerprints, facial recognition)
Illinois Genetic Information Privacy Act (GIPA): Protection of genetic testing information and family medical history
Genetic Information Protection
Under GIPA, we commit to:
Limited Collection: We only collect family medical history information necessary for your treatment
Confidential Treatment: Genetic information is treated with the highest level of confidentiality
No Discrimination: We do not use genetic information for employment or insurance purposes
Written Consent: Separate written consent is required for any genetic testing
Biometric Information
If we collect biometric identifiers (such as facial recognition for security), we will:
Informed Consent: Obtain written consent before collecting biometric information
Limited Retention: Retain biometric data only as long as necessary for the stated purpose or to the extent required to comply with legal, regulatory, or policy requirements
Secure Destruction: Permanently destroy biometric information when no longer needed
No Sale: Never sell, lease, or trade biometric information
Changes to This Privacy Policy
Policy Updates
We may update this Privacy Policy to reflect:
Legal Changes: New or modified privacy laws and regulations
Service Changes: Updates to our services or technology
Best Practices: Evolution of privacy and security standards
Notification of Changes
When we make material changes to this Privacy Policy:
Website Notice: Updated policy will be posted on our website with a new effective date
Direct Notice: Significant changes may be communicated via email or mail
Continued Use: Your continued use of our services indicates acceptance of the updated policy
Review Reminder: We encourage periodic review of this Privacy Policy
Contact Information
Privacy Officer
For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns:
Better Med Spa Privacy Officer
Address: 2117 N Halsted St, Chicago, IL 60614
Phone: (312) 285-2618
Email: privacy@bettermedspa.com
Business Hours:
Tuesday, 10:00AM - 7:00 PM CST
Wednesday - Saturday: 10:00AM - 5:00 PM CST
Sunday: 9:00AM - 5:00 PM CST
Complaints and Concerns
If you believe your privacy rights have been violated, youmay:
1. Contact Us First: Submit a complaint to our Privacy Officer
2. File with HHS: Contact the U.S. Department of Health and Human Services Office for Civil Rights
3. State Authorities: Contact the Illinois Attorney General's Office
4. No Retaliation: We will not retaliate against you for filing a complaint
By using our website or receiving services from Better Med Spa, you acknowledge that:
You have received and read this Privacy Policy
You understand how we collect, use, and protect your information
You consent to the practices described in this Privacy Policy
You understand your rights and how to exercise them
You may withdraw consent for non-essential uses at any time
This Privacy Policy is effective as of September 30, 2025.
Last Updated: September 30, 2025
Version 1.0
Better Med Spa is committed to protecting your privacy and maintaining the trust you place in us. If you have any questions about this Privacy Policy, please don't hesitate to contact us.