Site logo

Privacy Policy

1. Introduction.

This Privacy Policy of SUR MedSpa(referred to as the “Company”, “we”, “our” or “us”) outlines how your personally identifiable information and other personal data will be collected, used, and shared in connection with your access to and/or use use of our services through the Platform (as defined below), the Company’s website ( or the “Site”), or other mobile applications (collectively, the “Services”). The platform services provided by the Company, the Site and mobile applications together are hereinafter collectively referred to as the “Platform”. This Privacy Policy describes what information we collect and how we use that information.  If you have questions about this Privacy Policy, please in accordance with Section 8, “Contacting Us”, below.

Your use of the Platform constitutes your acceptance of and agreement to all of the terms and conditions in this Privacy Policy available at, our Terms of Service (the “Terms”) available at, and any community guidelines, policies, or rules now in force or enacted in the future, and any amendments and additions to these Terms as we may publish from time to time, as well as your compliance with all applicable laws.  The Terms, and any community guidelines, policies, or rules now in force or upon their future enactment, are incorporated by reference into this Privacy Policy and together form and are hereinafter referred to collectively as this “Agreement”.  Any terms not defined herein have the meanings ascribed to them in the Terms of Service.  This Agreement governs the use of the Platform offered by us, and you are giving the Company permission to use and store such information consistent with this Agreement.

SUR MedSpaprovides a Platform, which includes a mobile application, which allows an individual who is registered with the Platform (a “Consumer”) to request and schedule a session with a qualified medical professional who is registered with the Platform (a “Provider”) to provide minimally invasive medical aesthetic services (a “Treatment(s)”), which may improve the appearance of facial lines and wrinkles or add volume to various areas of the face.  Treatment products may include but are not limited to products with the brand names of Botox®, Dysport®, Juvederm®, Restylane®, or Voluma®.  As used herein, the term “User” refers to any user of the Platform, including both Consumers and Providers, as the context requires.  As used herein, the term “Account” may refer to the registered account of a Consumer or Provider, as the context requires.  A User who requests a Treatment through the Platform may be referred to as the “Recipient” of that Treatment.

2. Information We Collect.

As part of the operation of the Platform and the provision of our Services to you, we will collect both personally identifying and non-personally identifying information from you (collectively, “Collected Information”).

By downloading an SUR MedSpa mobile application, registering an Account with the Platform, or using our Services, you agree that we can collect and use the information as described in this Privacy Policy.  If you do not agree, you are neither permitted nor authorized to register or maintain an Account with our Platform, request or provide Treatments via our Platform, access our website(s), download or access our mobile applications, or otherwise use or interact with our Services.

The types of Collected Information are described below in Section 2.1.

2.1 Types of Collected Information.

  1. Personal Information.

As part of the operation of the Platform and the provision of Services to you, we will collect, store, and use data that is (or may be combinable with other data in such a way as to be) personally identifiable to you (“Personal Information”), including but not limited to the following:

  1. “Contact Information” – e.g. name, address, phone, email;
  2. “Demographic Information” – e.g. sex, age;
  3.  “Location Information” – information about your geographic location or that of the device via which you access the Platform;
  4. “Protected Health Information” – all individually identifiable health information, including demographic data, medical histories, test results, insurance information, and other information used to identify a patient or provide healthcare services or healthcare coverage as may be further defined under HIPAA;
  5. “Professional Information” – for Providers, information related to your ability and qualifications to practice medicine, and your identity, credentials, and experience, e.g. your medical license, driver’s license, professional references, medical practice contact information, and information obtained via background check;
  6. “Financial Information” – information related to your banking or credit accounts;
  7. “Tracking Information” – information related to the device you use to access the Platform, e.g. cookies and related technologies; and
  8. “Other Information” – miscellaneous information, e.g., your uploaded photograph, reviews you’ve submitted.

When you register your Account and utilize our Services, we collect and store Personal Information.  You also may choose to send the Company Personal Information in an email message containing information or inquiries about the Platform. Many of the types of information described below in this Section 2.1 are, or can comprise, Personal Information.  We take the safety and integrity of your Personal Information very seriously.  

Other than General Information, which may include Protected Health Information aggregated and/or anonymous information that is de-identified, we do not sell your information to third parties, and only share Personal Information under limited circumstances, as described in Section 4.  We employ industry standard security measures as described in Section 6.

  1. Location Information.

When you visit the Platform via a mobile application, we may use GPS technology (or other similar technology or your direct submission) to determine your current location in order to furnish Treatment pricing, determine availability of providers, facilitate requests for Treatment, perform Consumer-Provider matching, and facilitate the provision of Treatment.  We will not share your current location with other Users, except to facilitate the request or provision of Treatment.

If you do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your mobile phone settings; provided, however, accurate information regarding your location is required to ensure Treatment can be provided as (and at the location) requested, and that failure to be present at the location of a scheduled Treatment may be subject to penalty under our Terms of Service.

  1. Protected Health Information.

Our collection and use of your Personal Information, which we receive pursuant to this Agreement, is not governed by HIPAA.  We will collect and use your Personal Information, including non-HIPAA covered Protected Health Information, consistent with the terms of this Agreement.

When you use the Service to upload, transmit, or receive Protected Health Information, you agree that, to the extent applicable, you shall comply with all applicable state and federal laws including, but not limited to, the Privacy Laws. You represent and warrant that you will, at all times, comply with all laws directly or indirectly applicable to you that may now or hereafter govern the gathering, use, transmission, processing, receipt, reporting, disclosure, maintenance, and storage of Protected Health Information. You agree that the Company, and all other persons or entities involved in the operation of the Service, have the right to monitor, retrieve, store, review, and use Protected Health Information, if applicable, in connection with the transmission of any Protected Health Information.

  1. Professional Information.

Providers that seek to register with the Platform are required to submit evidence verifying their medical licensure, good standing with the applicable medical board, and other indicia of professional and personal qualification.  Professional Information includes but is not limited to information concerning your education, medical license, practice specialty (if applicable), name of supervising physician, professional experience, and insurance coverage.

As part of your registration for an Account and acceptance of this Agreement (and as further described in the Terms), you consent to the Company performing a background check, and storing and using the result of that background check.  You further consent to the Company, at its discretion, inquiring into and verifying by other means information you submit as a Provider.

  1. Financial Information.

To facilitate the request and provision of Treatments via the Platform and/or payment to Providers for Treatments they provide, Users may be asked to input banking and credit card information, such as credit card numbers, bank routing numbers, and/or other information related to payments and financial transactions.  For your security, we utilize a third-party payment processor for all transactions.  We do not store or maintain on our servers any of your banking or credit card information.

  1. Tracking Information.

Cookies” are elements of data that a website can send to your browser and store on your computer.  The Platform and aspects thereof, and communications therewith, may use cookies, tracking pixels and related technologies.  Cookies may also be used to track how you use the Platform.  Our cookies are not designed to collect Personal Information, but in some instances, may be combinable with other information to be personally identifiable.  Our system may automatically gather information about the areas you visit on our Website or Platform and about the links you may select from within our site to other areas of the Internet or elsewhere online.

We may use such information in the aggregate to understand how our users as a group use the services and resources provided on our sites.  We may link such usage information to Collected Information in order to securely verify your identity, to personalize aspects of your experience on our Platform, to better understand which information or services are of greater value to our Users, and to send follow-up communications regarding our products and services to website visitors.  As with all other Personal Information, we do not sell Tracking Information to third parties.

You can choose whether to accept cookies by changing the settings of your browser.  You can reset your browser to refuse all cookies, or allow your browser to show you when a cookie is being sent.  You can also erase cookies already stored on your computer.  If you choose not to accept these cookies or if you erase them, your experience on our Platform, and other websites, may be diminished and some features may not work as intended.

We may also collect Tracking Information from our mobile applications to determine how Users utilize the applications and how we can improve the experience for Users.

  1. Other Information.

We may also collect other various data as part of the operation of the Platform and the provision of our Services.  For example, as a measure to promote mutual security and trust between our Users, we ask that both Consumers and Providers upload pictures of themselves so that each can visually verify the other’s identity at the outset of a scheduled Treatment.  We may also collect various other information, such as reviews, and your usage of promotional features.

2.2 General Information.

The Company may also collect, store, and utilize information related to the usage and operation of the Platform and our Services that is aggregated, statistical, regional, anonymized, de-identified, or otherwise not identifiable to a natural person (collectively, “General Information”).  The Company may publish or share, without restriction, General Information with third parties or the public.  For example, the Company may compile and publish data related to numbers of registered Users, numbers of Treatments provided, Company revenue, average delivery time of Treatments, etc.  General Information is not Personal Information, and is expressly excluded from any restrictions in this Agreement upon Personal Information. 

We provide and may sell General Information to third parties.

3. How Does the Company Use My Information?

We may use Collected Information to facilitate the use and operation of our Platform and our Services, including the request and provision of Treatments, to service your Account, to communicate with you, to obtain your opinions on our Services, to send communications regarding our products and Services, to alert you to new features or information, and to improve the operation of the Platform and our provision of Services to you.  We may also collect and record information about usage of the Website and Platform in order to better serve our Users and enhance our products and Services.

4. Will the Company share my information?

The Company owns all the information collected from and about Users, as detailed in our Terms of Service.  We do not rent, sell, or trade Personal Information to any third party.  We may disclose or provide access to Personal Information to a third party in one of the following limited circumstances:

  1. Where necessary for security purposes, to protect against fraud or unauthorized transactions, to resolve Consumer disputes or inquiries, or to respond to requests from persons who are acting in a fiduciary or representative capacity for you, or who hold a legal or beneficial interest in your Account;
  2. Where necessary for a third-party contractor, contracted by the Company, to perform services related to the Platform;
  3. To perform necessary identity and professional verification;
  4. As permitted by applicable law, including in response to legal process or requests from government authorities; or
  5. In the event that the Company or substantially all of its assets are acquired, Accounts and information collected from and about Users will be part of the transferred assets.

5. What Happens When I Close My Account?

If you close your Account with us, we will make reasonable efforts to delete your Account and personally identifying information collected about you.  Please note that our ability to delete data is subject to any data retention requirements imposed by law, regulation, or court order, and to the operational needs of the Platform.  Upon deletion from our active Platform storage or database environment, information may persist in archival form.  We will endeavor, as is practicable, to periodically purge from archival storage information that has been so deleted from our active Platform storage or database environment, but make no guarantees as to the timing or our ability to do so.

We do not knowingly allow Users under the age of 18 to use our Platform, and we do not knowingly collect information from any person under the age of 18.  Use of our Platform or our Services by anyone under the age of 18 is a violation of our Terms of Service and is expressly prohibited.  If a person has nonetheless provided false information in order to register an Account, that person’s Account is subject to closure and any data associated therewith is subject to deletion.

6. Security.

The Company takes information security very seriously and has established physical and electronic security standards and procedures to protect against unauthorized access to Consumer information.  We use industry standard means such as physical, electronic and procedural safeguards, including, but not limited to data encryption and secure socket layer technology.  We update and test our technology regularly to maintain and improve the protection of our Consumers’ information.  We restrict access of personal information to employees and service providers for legitimate business purposes to assist in providing services to you.  Employees who violate our Privacy Policy are subject to disciplinary action.

Your Account is password protected.  If you have reason to believe that your Account has been compromised or is no longer secure (e.g. because of activity you do not recognize, or because of a breach of your email, banking, credit, or any other financial or personal account), please immediately notify us of the problem by contacting us in accordance with Section 8, “Contacting Us”, below.

7.  Notification of Changes.

This Privacy Policy is periodically reviewed and enhanced by the Company as necessary.  This Privacy Policy might change as the Company updates and expands the Platform.  The Company will endeavor to notify you of any material changes by email, but will not be liable for any failure to do so.  The Company also encourages you to review this Privacy Policy periodically.  If you do not understand any of the terms or conditions of any of the Company’s policies, you may inquire regarding the same.

8. Contacting Us.

If you have any questions or concerns related to this Agreement, how to remove or modify your user information or related consents your Account, a Treatment, another User, or anything else regarding the Platform or Services, please email us at or write to us at:

SUR MedSpa

310 Gold Creek Trail, #300

Woodstock, Georgia 30188


Last updated September 1, 2022

Table of Contents

Privacy Policy for our practice (hereinafter “the company”).

We follow a very strict privacy policy. We don’t sell information. When you fill out any of our forms on our website, you are asking for additional information about our products. We use your contact information to contact you to answer your questions and to follow up with your inquiries. We also use your mailing addresses and your email to send the information you requested and follow up with you. We may use software and track programs to better learn about our visitors and their needs.

Removal of Information

At any time, you can request (by written notice) to be removed from our marketing database. We will respect your request.

Secure Storage

Your contact information is stored in a secure database and is protected by firewalls and sophisticated anti-hacking software.

Working with Google

On occasion, we may use Google marketing technology to promote our products. To see a complete explanation, visit Google marketing program. As you will see, there is No identifiable information kept by us about the visitors that we can or will use.

Google randomly will show ads to our previous website visitors across its network. You can opt-out of this program from Google by visiting the Ads Preferences Manager. Alternatively, you can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page.

Here are more information about how we use Google’s tools to target potential clients.

The Company may collects data through Google and Facebook tools and scripts about your activities that does not personally or directly identify you when you visit our website, the website of entities for which we serve advertisements (our “Advertisers”), or the websites and online services where we display advertisements (“Publishers”). This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We use the information we collect to serve you more relevant advertisements (referred to as “Retargeting”). We collect information about where you saw the ads we serve you and what ads you clicked on.

We use Google Analytics’ 3rd-party audience data such as age, gender, and interests to better understanding the behavior of our customers and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this website or other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.

You may opt-out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising at and edit or opt-out your Google Display Network ads’ preferences at

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

Plugin: Smush

Note: Smush does not interact with end users on your website. The only input option Smush has is to a newsletter subscription for site admins only. If you would like to notify your users of this in your privacy policy, you can use the information below.

Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.

Smush uses the Stackpath Content Delivery Network (CDN). Stackpath may store web log information of site visitors, including IPs, UA, referrer, Location and ISP info of site visitors for 7 days. Files and images served by the CDN may be stored and served from countries other than your own. Stackpath’s privacy policy can be found here.


If you have any questions about our privacy policy, please don’t hesitate to contact us.

Table of Contents

Skip to content