Privacy Policy

1. Who We Are

Beautissima Skin Studio ("Beautissima," "we," "us," or "our") is a laser hair removal studio located in Bothell, Washington. We offer professional laser hair removal services using the Cynosure Clarity II platform.

This privacy policy applies to information collected through our website at beautissima.skin, through our booking system, and during the course of providing services.

2. What We Collect

Information you provide directly

• Name, email address, and phone number (via our contact form or booking)
• Areas of the body you're interested in treating (e.g., underarms, legs, bikini/Brazilian, face)
• Any notes or questions you include in your inquiry

Consumer health data (WA MHMD Act)

Under the Washington My Health My Data Act, the following information we collect may qualify as "consumer health data" because it relates to physical conditions and body areas:

• Treatment area selections (body parts you wish to have treated)
• Skin tone or Fitzpatrick scale type (relevant to laser safety assessment)
• Appointment and session history
• Any health or medical information you voluntarily disclose that affects treatment eligibility

We collect this information solely to provide and improve our services. We do not use it for advertising profiling, and we do not sell it.

Information collected automatically

• Pages you visit and how you interact with our website
• Device type, browser, and approximate location (city-level, not precise)
• How you arrived at our site (e.g., Google search, Instagram ad)
• Which sections of the page you scroll to and how long you spend on the site

Cookies and tracking technologies

We use cookies and similar technologies for analytics and advertising measurement. We request your consent before enabling these cookies. If you decline, only essential session cookies are set.

• Google Analytics / Tag Manager — measures how visitors use our site (sessions, page views, conversions). Data is anonymized when consent is not given.
• Meta Pixel — measures the effectiveness of our Facebook and Instagram ads. Only fires after you consent.
• Square — our booking platform. When you book an appointment, Square's privacy policy also applies. See squareup.com/legal/privacy.

3. How We Use Your Information

• To respond to your inquiry and schedule appointments
• To provide safe, effective laser hair removal treatments tailored to your skin and body area
• To send appointment reminders and follow-up communications (you may opt out at any time)
• To measure the performance of our advertising and improve our website
• To comply with legal obligations

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

4. Who We Share Information With

We do not sell your personal information or consumer health data. We share information only as follows:

• Square (booking platform) — processes appointment bookings and payments. Square is a data processor acting on our behalf.
• Google LLC — receives anonymized analytics data and, when consent is given, advertising measurement data via Google Analytics and Google Ads conversion tracking.
• Meta Platforms, Inc. — receives advertising measurement data via Meta Pixel only when you consent to analytics cookies.
• Law enforcement or regulators — only when required by law or to protect rights and safety.

All third-party processors are contractually prohibited from using your data for their own purposes beyond the specific service they provide us.

5. Your Rights (Washington, California & General)

Washington State — My Health My Data Act

If you are a Washington State resident, you have the following rights regarding consumer health data:

• Right to access — request a copy of the consumer health data we hold about you
• Right to deletion — request that we delete your consumer health data
• Right to withdraw consent — withdraw consent for collection or sharing of health data at any time
• Right not to be discriminated against — we will not deny services or charge different prices based on your exercise of these rights

To exercise these rights, email nikita@groshin.com with subject line "MHMD Data Request." We will verify your identity and respond within 45 days.

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, opt out of sale (we do not sell data), and non-discrimination for exercising these rights. Contact us at the address below.

All users

• Opt out of marketing emails — use the unsubscribe link in any email we send
• Cookie preferences — click "Decline" on our cookie banner or clear your browser cookies to reset your choice
• Correct inaccurate data — contact us to update any incorrect information

6. How Long We Keep Your Data

• Contact form inquiries — 2 years, or until you request deletion
• Booking and appointment records — 5 years (required for business and tax purposes)
• Treatment records — 7 years (standard practice for aesthetics services)
• Analytics data — 14 months (Google Analytics default retention), then aggregated/anonymized

Consumer health data is retained no longer than necessary for the purpose collected. You may request earlier deletion at any time.

7. How We Protect Your Information

Our website is served over HTTPS (TLS encryption). Booking and payment data is handled exclusively by Square, which maintains PCI-DSS Level 1 compliance. We do not store payment card information on our systems.

Access to your personal information is limited to the studio owner and any staff directly involved in providing your treatment. We do not store health data in cloud-based marketing tools.

8. Children's Privacy

Our services and website are not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted information to us, please contact us immediately and we will delete it.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our site after changes are posted constitutes acceptance of the updated policy.