Aesthetics To GoThe Clinical Platform for Mobile PAs
All protected health information (PHI) is encrypted in transit using TLS and at rest using AES-256 encryption. This includes charting, digital consents, before-and-after photos, AI simulator images, and medical records.
PHI is accessible only by the treating provider and authorized platform administrators. Role-based access controls ensure that patient data is never exposed to unauthorized personnel. Audit logs track all data access.
The mobile EHR produces structured SOAP notes, digital consents, injection site maps, lot number tracking, and before-and-after photos โ all stored in a HIPAA-compliant environment with exportable records for supervising physician review.
Aesthetics To Go never sells, rents, or trades patient data, provider data, or any personally identifiable information. PHI is never shared for marketing or advertising purposes. Period.
In the unlikely event of a data breach affecting PHI, Aesthetics To Go will notify affected individuals and the U.S. Department of Health and Human Services in accordance with the HIPAA Breach Notification Rule within the required timeframe.
You have the right to access, correct, and request deletion of your personal data. You may also request restrictions on how your PHI is used or disclosed. Contact info@aestheticstogo.com to exercise any of these rights.
Aesthetics To Go ("we," "us," or "our") operates the website aestheticstogo.com and the Aesthetics To Go mobile application (together, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use our application, or interact with our services.
We are committed to protecting the privacy of our patients, providers, and website visitors. As a clinical platform facilitating mobile aesthetic medical services, we maintain strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and state privacy laws.
By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Platform.
Patient Information: When you submit an inquiry form, book an appointment, or use the AI diagnostic simulator, we may collect your name, email address, phone number, zip code, treatment area preferences, timeline preferences, and any additional notes you provide. During treatment, your provider collects protected health information (PHI) including medical history, treatment records, SOAP notes, injection details, lot numbers, digital consents, and before-and-after photographs.
Provider Information: When you apply to join the provider network, we collect your name, professional credentials, license information, state(s) of licensure, malpractice insurance details, email address, phone number, anticipated patient volume, and practice information.
General Inquiries: When you contact us via email or form submission, we collect the information you provide including your name, email address, and message content.
Website Analytics: When you visit our website, we may automatically collect standard technical information including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and general geographic location. This data is collected through standard web server logs and may be supplemented by third-party analytics services.
Cookies: Our website may use cookies and similar tracking technologies to improve your browsing experience and analyze site traffic. You can control cookie preferences through your browser settings.
We use the information we collect for the following purposes:
Service Delivery: To connect patients with licensed aesthetic providers, facilitate appointment scheduling, enable treatment documentation, process payments, and deliver the clinical services offered through the Platform.
Provider Credentialing: To verify provider licenses, malpractice insurance, and supervisory agreements during the onboarding and credentialing process.
Platform Operations: To operate, maintain, and improve the Platform including the mobile EHR, AI diagnostic simulator, scheduling system, and payment processing.
Communication: To respond to your inquiries, send appointment confirmations, provide treatment-related notifications, and share relevant platform updates. We will not send unsolicited marketing communications without your consent.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests including HIPAA requirements.
Safety and Security: To detect, prevent, and respond to fraud, security incidents, or other harmful activity.
Aesthetics To Go functions as a Business Associate under HIPAA with respect to the protected health information processed through our Platform. We maintain administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI in compliance with the HIPAA Privacy Rule and Security Rule.
PHI Includes: Medical history, treatment records and SOAP notes, injection site mapping, unit and volume counts, lot numbers and expiration dates, digital consent forms, before-and-after photographs, AI diagnostic simulator images, and any other individually identifiable health information created or received through the Platform.
PHI Safeguards: All PHI is encrypted in transit (TLS) and at rest (AES-256). Access to PHI is restricted through role-based access controls to the treating provider and authorized platform administrators. We maintain audit logs of all PHI access, conduct regular security assessments, and have established incident response procedures.
PHI Disclosure: We do not disclose PHI except as permitted or required by HIPAA. Permitted disclosures include: for treatment purposes (to the treating provider and supervising physician as applicable), for payment processing, for healthcare operations, when authorized by the patient in writing, or as required by law.
Business Associate Agreements: Where required by HIPAA, we maintain Business Associate Agreements (BAAs) with third-party service providers who may have access to PHI in the course of providing services to Aesthetics To Go.
Aesthetics To Go does not sell, rent, or trade your personal information or PHI to third parties. We may share information only in the following circumstances:
Service Providers: We engage trusted third-party service providers who perform services on our behalf, including hosting, payment processing, email delivery, and analytics. These providers are contractually obligated to protect your information and use it only for the purposes we specify. Where PHI is involved, Business Associate Agreements are in place.
Treatment Delivery: Patient information necessary for treatment delivery is shared with the assigned provider. Provider credentials are displayed to patients for transparency and informed consent.
Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any such change in ownership or control of your personal information.
We retain personal information and PHI for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
Medical Records: Treatment records and PHI are retained in accordance with applicable state and federal medical record retention requirements. In Nevada, medical records must be retained for a minimum of five (5) years from the date of the last treatment.
Provider Records: Provider credentialing and application records are retained for the duration of the provider's active status on the Platform and for a reasonable period thereafter as required for legal and regulatory compliance.
Website Data: Website analytics and visitor data is retained for up to twenty-four (24) months for operational analysis purposes.
Depending on your jurisdiction, you may have the following rights regarding your personal information and PHI:
Right to Access: You may request a copy of the personal information and PHI we hold about you.
Right to Correction: You may request that we correct inaccurate or incomplete personal information.
Right to Deletion: You may request deletion of your personal information, subject to legal retention requirements for medical records.
Right to Restriction: You may request that we restrict certain uses or disclosures of your PHI.
Right to an Accounting of Disclosures: You may request an accounting of certain disclosures of your PHI made by Aesthetics To Go.
Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with Aesthetics To Go or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
To exercise any of these rights, please contact us at info@aestheticstogo.com. We will respond to your request within thirty (30) days.
We implement industry-standard administrative, technical, and physical security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: All data is encrypted in transit using TLS (Transport Layer Security) and at rest using AES-256 encryption.
Access Controls: Role-based access controls ensure that personal information and PHI are only accessible to authorized personnel. Multi-factor authentication is required for administrative access.
Monitoring: We maintain audit logs and monitoring systems to detect and respond to unauthorized access attempts or security incidents.
Vendor Security: Third-party service providers are evaluated for security practices and required to maintain appropriate safeguards through contractual obligations and, where applicable, Business Associate Agreements.
While we take every reasonable precaution to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement of our security posture.
Our Platform may contain links to third-party websites or services that are not operated by Aesthetics To Go. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing your information.
Form Processing: Inquiry and application forms on our website are processed through Formspree, a third-party form handling service. Information submitted through these forms is subject to Formspree's privacy policy in addition to this policy.
Analytics: We may use third-party analytics services to analyze website usage. These services may collect information about your use of our website through cookies and similar technologies.
Aesthetics To Go services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under the age of 18. If we become aware that we have collected information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us at info@aestheticstogo.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or through the Platform. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy, our HIPAA practices, or wish to exercise your privacy rights, please contact us:
Aesthetics To Go
Email: info@aestheticstogo.com
Website: aestheticstogo.com
For HIPAA-related complaints, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint.
Yes. All PHI including charting, digital consents, before-and-after photos, AI simulator images, and medical records is encrypted in transit and at rest and stored in a HIPAA-compliant environment. Access is restricted to the treating provider and authorized administrators.
For patients: name, email, phone, zip code, treatment preferences. For providers: name, credentials, license info, insurance details, contact information. For website visitors: standard analytics data. PHI collected during treatment is governed separately under HIPAA.
No. We never sell, rent, or trade patient data, provider data, or any personally identifiable information. PHI is never shared for marketing or advertising purposes. Data is only shared for treatment delivery, payment processing, or as required by law.
All PHI is encrypted using TLS in transit and AES-256 at rest. Role-based access controls restrict data to the treating provider and authorized personnel. We maintain audit logs, conduct regular security assessments, and have incident response procedures in place.
Yes. Contact info@aestheticstogo.com to request deletion. Note that certain medical records may be subject to state and federal retention requirements (minimum five years in Nevada). We will fulfill your request to the fullest extent permitted by law.
Our team is available to answer any questions about how we collect, use, and protect your information. Privacy and HIPAA inquiries are prioritized.
info@aestheticstogo.com