Privacy Policy

Who we are

Esthetics in Eden is a solo esthetician salon in Washington State offering lash extensions, lifts/tints, brow lamination/tint, waxing, and sugaring.

What we collect

• Contact & booking details: name, email, phone, appointment history.

• Preferences & consultation info: inspiration photos you upload and style notes.

• Health & safety info (consumer health data): allergies/sensitivities, eye conditions, recent procedures/medications relevant to service suitability. We collect this only with your consent to deliver services safely. 

• Payment details: we keep a card on file via a PCI DSS–compliant processor (tokenized). We do not store full card numbers on our servers/devices. Note on biometrics: We do not collect biometric identifiers (e.g., face geometry scans). If that ever changes (e.g., for check-in/security), we would provide clear notice and obtain consent as required by Washington law. 

Why we collect it (how we use your data)

• To book, confirm, and perform services; tailor services to your features and health considerations; process payments; manage cancellations/no-shows; and respond to inquiries.

• For safety, sanitation, and compliance with applicable health guidance.

• For transactional messages (confirmations, reminders, receipts) and service follow-ups (aftercare).

We do not sell consumer health data. If we ever share health-related data (for example, with our booking/payment vendors), we do so only to provide the requested services and subject to contractual safeguards. WMHMDA requires transparent disclosures about these purposes and any sharing. 

Your choices & Washington privacy rights

If WMHMDA applies to the data we collect from you, Washington gives you rights to:

• Confirm/access whether we collect/share/sell your consumer health data and obtain a copy;

• Delete consumer health data you provided or we obtained about you;

• Withdraw consent to collection/sharing; and

• Appeal our response to your request.
  To exercise these rights, email [your contact email] with the subject “Privacy Request – Esthetics in Eden.” We will verify your identity and respond within the time required by law. 

Geofencing: We do not use geofencing around health-care locations to target or track clients. WMHMDA restricts geofencing uses related to health services. 

Payment, cards on file & security

A card on file is required to secure appointments; it may be charged for late cancellations or no-shows per our policy. Card data is processed and tokenized by our third-party payment processor; we avoid storing sensitive cardholder data ourselves and follow PCI DSS principles (limit storage; encrypt; restrict access). 

Minors

Our site and services are not directed to children under 13. We do not knowingly collect personal information online from children under 13. If you believe a child has provided personal information, contact us and we will delete it consistent with COPPA. 

Data retention

• Booking/transaction records: retained for business, tax, and compliance purposes.

• Health & consultation notes: retained only as long as reasonably necessary to provide services and maintain safety records, then securely deleted.

• You may request deletion of consumer health data at any time (subject to lawful retention obligations). 

Sharing with service providers

We use vetted vendors (e.g., online booking, payment processing, messaging, file storage). They may process your data on our behalf under contracts that limit their use to providing the services we request.

Security

We use reasonable administrative, technical, and physical safeguards appropriate for a small business (secure accounts, least-privilege access, encrypted connections, and vendor due diligence). No method is 100% secure; please contact us immediately if you suspect unauthorized activity.

Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date will be revised accordingly. Material changes will be highlighted on our website.

​