Privacy Policy

Introduction

Dalphene ("we," "us," or the "Platform") is a comprehensive medical spa management platform designed to help medical spas and aesthetic practices manage patient information, appointments, billing, and communications. We are committed to protecting the privacy and security of all information entrusted to us.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Platform, whether as a medical spa operator ("Business User"), a staff member, or a patient whose information is processed through our Platform.

Information We Collect

Patient Information

When medical spas use Dalphene to manage patient relationships, the following data may be collected:

• Personal Identification: Name, date of birth, gender, photographs
• Contact Information: Address, email, phone numbers, emergency contacts
• Health Information: Medical history, allergies, treatment records, consent forms, before/after photos
• Financial Information: Payment details (processed securely via Stripe), billing history, insurance information
• Communication Records: SMS correspondence, email communications, appointment confirmations

Automatically Collected Information

• IP addresses and device information
• Browser type and operating system
• Usage data and feature interactions
• Performance and error logs

How We Use Your Information

• Service Delivery: Appointment management, patient care coordination, billing and payments
• Communication: Appointment reminders, treatment instructions, follow-up messages
• Platform Improvement: Analyzing usage to improve features and user experience
• Legal Compliance: Meeting regulatory obligations including HIPAA requirements

Information Sharing

We do not sell personal information. We share information only with:

Service Providers

• Stripe: Payment processing (PCI-DSS Level 1 certified)
• Twilio: SMS and voice communications (SOC 2 Type II compliant)
• Google Cloud Platform: Secure cloud infrastructure (HIPAA, SOC 2, ISO 27001)

Legal Requirements

We may disclose information when required to comply with applicable laws, respond to lawful requests from authorities, or protect our rights and safety.

HIPAA Compliance

Dalphene is designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA). As a Business Associate under HIPAA:

• We sign Business Associate Agreements (BAAs) with all medical spa customers
• All subcontractors with PHI access maintain BAAs with us
• We implement required administrative, physical, and technical safeguards
• We apply the minimum necessary standard to all PHI access
• We maintain comprehensive audit trails of all PHI interactions

Data Security

Your Rights

Depending on your location, you may have rights to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your information (subject to legal retention requirements)
• Receive your data in a portable format
• Opt out of marketing communications

For patients: Contact your medical spa provider directly to exercise these rights.

Data Retention

Cookies

We use strictly necessary cookies for authentication, session management, and security. We also use performance cookies to understand Platform usage and improve our services. We do not use advertising cookies.

Contact Us

For privacy-related questions or to exercise your rights:

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Business Users of material changes via email and update the "Last Updated" date. Continued use of the Platform after changes become effective constitutes acceptance of the revised policy.