Privacy Policy

Last updated: April 16, 2026 · MedSpa Performance Academy, LLC

1. Who We Are

MSPAloyal is a loyalty rewards platform for medical spas and wellness practices, operated by MedSpa Performance Academy, LLC, located at 21305 NE 189th St, Woodinville, WA 98077. Owners: Dr. George Birnbach and David Goldman.

For privacy questions contact: privacy@mspaloyal.com

2. What Information We Collect

We collect information you provide directly:

• Name, email address, and phone number when you create an account
• Date of birth (optional, for birthday rewards)
• Payment information (processed securely by Stripe — we never store card numbers)
• Appointment and visit history at participating practices
• Points earned, rewards redeemed, and membership status
• Referral activity and gifts sent

We collect information automatically:

• Device type and browser information
• Pages visited and features used within the app
• IP address and approximate location

3. How We Use Your Information

We use your information to:

• Operate your loyalty rewards account and track your points
• Process membership subscriptions and reward redemptions
• Send transactional emails (account creation, redemption confirmations)
• Enable participating practices to verify your check-ins and award points
• Improve our platform and fix bugs
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for advertising purposes.

4. Health-Related Information

MSPAloyal is a loyalty and rewards platform. We record visit history and treatment categories at participating medical spas for the purpose of awarding loyalty points. We do not store medical diagnoses, prescriptions, clinical notes, or other protected health information (PHI) as defined under HIPAA.

If you have questions about how a specific participating practice handles your health information, please contact that practice directly.

5. How We Share Your Information

We share your information only in the following circumstances:

• With your participating practice: The medical spa you are enrolled with can see your name, contact info, points balance, visit history, and membership status through their practice dashboard.
• With service providers: We use Supabase (database), Stripe (payments), Vercel (hosting), and Anthropic (AI features). These providers process data on our behalf under confidentiality agreements.
• With your consent: For example, when you send a gift to a friend.
• For legal compliance: If required by law, court order, or to protect the rights and safety of our users.

6. Data Retention

We retain your account information for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as financial records).

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your information
• Opt out of certain data uses

To exercise any of these rights, email privacy@mspaloyal.com. We will respond within 30 days.

Washington State residents: Under the Washington My Health MY Data Act, you may have additional rights regarding health-related data. Contact us at privacy@mspaloyal.com for more information.

8. Cookies

We use essential cookies to keep you logged in and remember your session. We do not use advertising or tracking cookies. We do not display ads in our platform.

9. Children's Privacy

MSPAloyal is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us at privacy@mspaloyal.com and we will delete the account promptly.

10. Security

We use industry-standard security measures including encrypted connections (HTTPS), row-level security on our database, and access controls to protect your information. No system is 100% secure — if you believe your account has been compromised, contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice in the app. Your continued use of MSPAloyal after changes take effect constitutes acceptance of the updated policy.