Privacy Policy

1. Introduction

Elegant Lashes by Katie ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you visit elegantlashesbykatie.com, interact with our booking or social media links, communicate with us, sign a client consent or waiver, visit a salon, or receive services at our Orange County locations in Irvine, Tustin, Santa Ana, Costa Mesa, and Newport Beach.

This Privacy Policy works together with our Terms of Service, Cancellation Policy, Refund Policy, 3-Day Fix Policy, and any signed or electronically accepted Beauty Services Consent, Waiver, Release & Arbitration Agreement, media authorization, or similar appointment-specific form that applies to your appointment.

2. Information We Collect

Personal and Contact Information

• Name, phone number, email address, mailing address, and other contact details.
• Appointment requests, booking details, location, technician, date, time, service selected, service history, preferences, and notes.
• Payment-related information, transaction records, deposits, gift card details, tips, and receipts. Payment card information is generally processed by third-party payment processors.
• Communications with our staff, including texts, emails, direct messages, phone notes, voicemail, customer service messages, complaint records, review-related communications, and follow-up notes.

Service, Consent, and Waiver Information

• Electronic or paper consent forms, waivers, release agreements, arbitration agreements, media authorizations, version identifiers, signature records, timestamps, electronic signature evidence, and related authentication or audit details.
• Allergy, sensitivity, medication, pregnancy, procedure, skin, eye, lash, brow, hair, product-use, aftercare, prior reaction, and other health-related service information you provide or that we reasonably observe during service.
• Patch test records, service documentation, before-and-after notes, aftercare guidance, incident records, safety concerns, removal requests, fix requests, refund requests, and management decisions.

Salon Recordings and Client Media

• Visible audio and video monitoring in permitted common, reception, retail, open lash bar, open studio, treatment, one-on-one service, or service spaces separated by curtains or doors after front-area signage or posted notice, check-in notice or waiver presentation, appointment consent, or other legally required notice or consent is provided.
• Photos, videos, audio, recordings, images, name, voice, photograph, likeness, appearance, service results, portfolio media, marketing media, training media, and related edited or AI-assisted versions of that media, where collected with applicable consent or another legal basis allowed by law.
• We do not authorize hidden audio or video recording through our public policies or appointment forms. We do not record in restrooms, changing areas, undressing areas, waxing or body-service areas where clothing is removed, or other areas where recording would be prohibited by law or where a person would reasonably expect complete privacy for undressing or similar private activity, unless separate specific consent is obtained and recording is allowed by law.

Website and Device Information

• IP address, browser type, device type, operating system, screen size, language, timezone, pages visited, button clicks, scroll depth, session duration, referral source, and approximate country-level location.
• UTM parameters and similar campaign details if you arrive from an ad, social post, email, text, QR code, or referral link.
• Device characteristics used to generate a privacy-respecting, one-way hashed visitor fingerprint for first-party analytics.

3. How We Use Information

We use information for the following purposes:

• To schedule, confirm, manage, reschedule, cancel, document appointments, and administer cancellation or no-show policies.
• To provide beauty services, evaluate service suitability, personalize service choices, support safety, and provide aftercare guidance.
• To process payments, deposits, tips, gift cards, cancellation or no-show fees, refunds where required, and transaction records.
• To communicate appointment reminders, service updates, policy notices, client support responses, promotions, and business announcements, where allowed.
• To maintain consent, waiver, release, arbitration, media authorization, electronic signature, incident, safety, quality assurance, and dispute records.
• To operate visible audio and video monitoring in permitted areas for safety, security, quality assurance, training, service documentation, operations, dispute handling, insurance, liability defense, and other legitimate business purposes.
• To create, edit, publish, display, distribute, and manage service documentation, educational, training, advertising, marketing, website, portfolio, social media, internal business, and other commercial media, consistent with applicable consent, authorization, or other legal basis.
• To improve our website, services, staff training, salon operations, booking flow, location pages, marketing attribution, and customer experience.
• To prevent fraud, abuse, spam, unsafe conduct, privacy violations, false or misleading public content, unauthorized recording, and misuse of our website or business systems.
• To comply with legal obligations, respond to lawful requests, enforce agreements, protect rights and safety, resolve disputes, and defend legal claims.

4. Salon Recordings, Photography, and AI-Assisted Media

Our salon is generally open-concept for lash services and operates as a visibly recorded salon environment in permitted areas. Conversations in open lash bar, open studio, common, reception, retail, treatment, one-on-one service, and service spaces separated by curtains or doors may be overheard by staff or other clients. We may use visible audio and video monitoring in those permitted areas after front-area signage or posted notice, check-in notice or waiver presentation, appointment consent, or other legally required notice or consent is provided, as further described in our Terms of Service.

No hidden audio or video recording is authorized by our public policies or appointment forms. Recording is not authorized in restrooms, changing areas, undressing areas, or other areas where recording would be prohibited by law or where a person would reasonably expect complete privacy for undressing or similar private activity.

We may use photos, videos, audio, recordings, name, voice, photograph, likeness, appearance, and service results for service documentation, training, education, advertising, marketing, website, portfolio, social media, internal business, and other commercial business purposes only with applicable consent, authorization, or another legal basis allowed by law.

Media may be retouched, cropped, resized, color-corrected, background-adjusted, filtered, enhanced, stylized, composited, edited with generative fill, or edited with AI-assisted tools. Edited or AI-assisted media may not be a literal documentary depiction of the original setting, lighting, background, or appearance.

5. Information Sharing and Disclosure

We do not sell your personal information. We do not knowingly sell or share personal information for cross-context behavioral advertising. We may disclose information in the following situations:

• Service providers: Booking platforms, payment processors, website hosting providers, analytics providers, email or text tools, storage providers, customer support tools, marketing tools, security vendors, and professional service providers who help operate our business.
• Salon operations: Owners, managers, technicians, employees, contractors, and representatives who need information to provide service, manage appointments, handle safety issues, respond to concerns, or operate the business.
• Media and marketing platforms: Website, portfolio, social media, advertising, and related platforms when client media is used as allowed by applicable consent terms.
• Legal, safety, and rights protection: Courts, arbitrators, government agencies, law enforcement, lawyers, insurers, advisors, platforms, or other parties when required or permitted by law, subpoena, court order, legal process, dispute handling, safety needs, evidence preservation, policy enforcement, or defense of claims.
• Business transfers: In connection with a merger, sale, restructuring, financing, acquisition, transfer, or similar business transaction involving all or part of the business.

6. Website Analytics, Cookies, and Device Fingerprinting

We use first-party analytics to understand how visitors interact with our website. Our custom analytics system is designed to be privacy-respecting: it does not use cookies, does not intentionally store personally identifying information, and uses a one-way hashed fingerprint to help count unique visitors and sessions.

The one-way hashed fingerprint may be based on browser and device characteristics such as user agent, language settings, screen resolution, color depth, timezone, system preferences, CPU cores, memory, canvas or WebGL rendering patterns, and audio processing characteristics. The hash is used for website analytics and is not intended to identify you personally.

We may also use third-party analytics or platform tools, such as Google Analytics, booking platforms, maps, social media, or advertising platforms. Those providers may use cookies, pixels, local storage, or similar technologies according to their own policies.

You can control cookies through your browser settings. Disabling cookies may affect some website, booking, payment, map, social media, or third-party platform features.

7. Private Communications and Business Records

Private communications and business records may include appointment notes, text messages, direct messages, emails, voicemail or phone records, staff contact information, internal records, refund or fix requests, incident notes, and similar materials.

We use these records to operate the business, document service history, respond to concerns, enforce policies, protect privacy and safety, resolve disputes, and defend claims. Our Terms of Service explain limits on public posting or distribution of private business communications and records.

8. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. No method of transmission, storage, messaging, booking, payment, or online communication is completely secure.

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including appointment management, cancellation and no-show records, service records, client communications, marketing records, consent, waiver, release, arbitration, media authorization, electronic signature, payment, safety, analytics, legal compliance, dispute resolution, policy enforcement, and defense of claims records.

Retention periods may vary by record type. We may keep certain records longer when needed for legal, tax, accounting, insurance, arbitration, litigation, safety, fraud prevention, or legitimate business purposes.

10. California Privacy Rights

California residents may have rights regarding personal information, subject to legal exceptions. These may include the right to know, access, delete, correct, receive information about certain disclosures, opt out of certain sale or sharing practices, limit certain sensitive personal information uses where applicable, and not be discriminated against for exercising privacy rights.

We do not sell personal information and do not knowingly share personal information for cross-context behavioral advertising. If our practices change, we will update this Privacy Policy and provide any required opt-out mechanism.

To submit a privacy request, contact us at [email protected] or call 657-334-9919. We may need to verify your identity before completing a request. Some records may be retained or withheld where allowed by law, including records needed for transactions, safety, security, legal compliance, dispute handling, consent documentation, or defense of claims.

11. Third-Party Links and Platforms

Our website may link to third-party websites, booking platforms, payment processors, maps, review platforms, social media platforms, advertising platforms, and other services. We are not responsible for their privacy practices, security, content, or terms. Please review their policies before using those services.

12. Children's Privacy

Our website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13 through the website. Clients under 18 may need parent or legal guardian consent for services, and appointment-related records may be collected when allowed by law and salon policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective when posted unless a different effective date is stated or notice is required by law.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: