10 / privacy

Privacy.

Effective April 26, 2026

Fractional Aesthetics is a marketing and operations consultancy serving aesthetic medical practices. This page tells you what we collect from visitors to fractionalaesthetics.com and from clients we work with, why we collect it, how it's handled, and your rights. We collect very little. We don't sell data. We don't train AI on your information. We keep this written in plain English on purpose.

01What we collect

When you contact us. If you email lazar@fractionalaesthetics.com, we receive your email address and whatever you write to us. If you book a call through our scheduling tool (Calendly), we receive your name, email, and the meeting time you select.

When you engage us as a client. During an active engagement we may collect or receive information you provide for the purpose of the work: practice operational details, marketing performance data, access credentials to systems we are authorized to touch on your behalf, and similar materials. We treat this information as confidential, see Section 06.

Automatically when you visit the site. Like most websites, fractionalaesthetics.com may collect basic technical information when you visit: IP address, browser type, the pages you view, and the time of your visit. This is used to operate the site and understand how it's being used.

Forms and tools. The current site does not host forms or interactive tools that collect additional data. When we add such tools (for example, the practice scorecard product currently in development), this page will be updated to describe what they collect and how it's handled.

02How we use it

To respond to inquiries you send us. To deliver services you've engaged us to deliver. To improve the website. To send communications you've requested or that relate to an active engagement with us. We do not send unsolicited marketing email.

03AI and your data

Fractional Aesthetics is an AI-native consultancy. We use AI tools (large language models, image and video generation, automation pipelines) as part of how we deliver work. We want to be explicit about the limits of that:

• We do not submit client data, practice operational information, or any patient information to AI training pipelines.
• When we use AI tools that touch information related to our work for you, we use them in modes that do not retain or train on submitted content. This means enterprise tiers, no-training API endpoints, or self-hosted equivalents.
• We do not use AI for automated decision-making about individuals (no profile-based eligibility determinations, denials, or scoring of people).
• If we materially change any of the above, we will tell you before the change applies to your engagement.

04Subprocessors

We use a small number of trusted third-party tools to operate the business. Each only sees the data necessary for its function. The categories of tools we use include:

• Email and document handling
• Meeting scheduling
• Website hosting and infrastructure
• Customer relationship and data management
• Email marketing and audience tools
• AI tooling for service delivery (used only on no-training tiers)

Our complete and current list of named subprocessors is available on request. Email lazar@fractionalaesthetics.com and we will share it. We update the list as our tooling evolves; the request-based approach lets us keep that list accurate without revising this page every time a single tool changes.

All current subprocessors store data within the United States. If we begin using a subprocessor that stores data outside the US, we will note it in the request-based list and, where required by law, update this page directly.

05How long we keep it

We hold information only as long as we need it for the purpose it was collected, plus what's required by law. Specific retention windows:

• General website inquiries: 24 months from last contact, then deleted unless an active engagement is in place.
• Active client engagement records: duration of the engagement plus 7 years for regulatory and legal compliance, after which we delete or anonymize.
• Calendly meeting records: 12 months, after which Calendly's automated retention policies apply.
• Anonymous website analytics, if added: 26 months maximum, per industry standard.

You can ask us to delete information about you sooner. See Section 10.

06Client confidentiality

Privacy and confidentiality are related but distinct. This privacy policy describes what happens to information about visitors to fractionalaesthetics.com and people we communicate with. Confidentiality is a separate commitment we make to the practices we work with.

We do not share, sell, or publicly discuss the operational details of our client engagements without permission. We treat practice financials, patient flow data, marketing performance, internal team dynamics, and similar engagement context as confidential by default.

Specific confidentiality obligations are typically formalized in the engagement letter or, where the work involves protected health information, in a Business Associate Agreement. We're happy to sign a Mutual NDA at the start of an engagement if a practice prefers that.

07HIPAA

Fractional Aesthetics is not, in itself, a HIPAA covered entity. Our clients (plastic surgery practices, med spas, aesthetic medical providers) typically are. When an engagement requires us to access, process, or store protected health information (PHI), we operate as a Business Associate under HIPAA. That means:

• We sign a Business Associate Agreement (BAA) with the covered entity before any PHI is shared.
• We use administrative, physical, and technical safeguards to protect PHI in our possession, including encryption in transit and at rest, access limited to personnel with a legitimate work need, and workforce confidentiality agreements.
• We notify the covered entity of any unauthorized use or disclosure of PHI without unreasonable delay, and within timeframes required by HIPAA's breach notification rule (45 CFR 164.410).
• We do not use PHI for any purpose outside the scope of the BAA. Specifically: no AI training, no marketing, no analytics, no secondary research.

If you are a practice owner or administrator and want to discuss BAA-covered work, contact lazar@fractionalaesthetics.com. We have a BAA template ready to share.

08Information security

We employ standard administrative, technical, and physical safeguards:

• All data in transit between you, our website, and our subprocessors is encrypted via TLS.
• Data at rest in our subprocessors' systems is encrypted at the storage layer.
• Access to client information is limited to personnel with a legitimate work need.
• Personnel and contractors sign confidentiality agreements before being granted access to client information.
• We do not store client login credentials in plain text. Credentials we are authorized to hold are stored in a password manager with encryption at rest.
• We do not store unencrypted financial information.

No system is perfect, and we do not claim otherwise. We commit to reasonable diligence, ongoing improvement, and prompt notification if we discover a breach affecting your information. Notification timelines follow applicable law and any contractual obligations we have to you.

09What we don't do

For the avoidance of any doubt:

• We do not sell personal information. Ever.
• We do not share personal information with advertisers, ad networks, or data brokers for marketing purposes.
• We do not use AI systems to make automated decisions about individuals.
• We do not use cross-site tracking pixels or behavioral retargeting.
• We do not require you to give up legal rights (forced arbitration, class-action waivers) to interact with us.
• We do not knowingly retain data beyond the windows in Section 05.

10Your rights

You can ask what information we have about you. You can ask us to correct it. You can ask us to delete it. You can ask us to send you a copy in a portable format. Email lazar@fractionalaesthetics.com with your request. We will respond within 30 days, or sooner where legally required.

To protect against fraudulent requests, we may ask you to verify your identity before fulfilling certain requests. Our verification will be proportional to the sensitivity of the data involved.

California residents (CCPA/CPRA). You have specific rights to access, delete, correct, and opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising. You also have the right to limit the use of sensitive personal information, though we do not knowingly collect any.

Other US states. Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights. We honor all such requests on the same terms as CCPA requests.

EU and UK residents (GDPR/UK GDPR). You have additional rights, including data portability, the right to object to processing, the right to withdraw consent, and the right to lodge a complaint with your local supervisory authority. We will honor these requests.

11Cookies and analytics

This site uses Microsoft Clarity to understand how visitors navigate and engage with the page. Clarity records anonymous interaction data (clicks, scroll depth, navigation paths, aggregated heatmaps) and sample session recordings. It does not capture form input by default, and we have configured it to mask sensitive content. Data is processed by Microsoft under their privacy practices: clarity.microsoft.com/privacy.

To opt out, you can use your browser's tracking-protection settings or a privacy-focused browser extension. Most major browsers will block Clarity if tracking protection is enabled.

If we add additional analytics tools in the future, this page will be updated before they are enabled.

12Children

This website is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact us at lazar@fractionalaesthetics.com and we will delete it.

13Changes to this policy

We may update this policy from time to time. The effective date at the top of this page reflects the most recent change. Material changes are noted in the revisions log at the bottom of this page, and where reasonable, communicated by email to anyone we are actively engaged with.

14Contact