Skip to main content

Privacy Policy

Last Updated: May 2024

Welcome to Persana, Inc. (“Persana”), a technology platform (“Platform”) that matches individual clients (“Clients”) with high-quality and sought-after physicians and surgeons (“Providers”), such as dermatologists or plastic surgeons, The Platform enables Providers to provide our Clients with live or asynchronous audio/visual virtual introductory chat sessions as well as schedule in-person visits with respect to non-invasive procedures (each a “Session”) and related services. When we say “you” or “user,” we’re referring to anyone who interacts with our Services (defined below), including Clients and Providers. Persana may also be referred to herein as “us,” “we,” or “our.”

First, a note about Persana’s commitment to your privacy:

Persana deeply values its role in assisting Clients with accessing and receiving Sessions and matching Providers with Clients for that purpose. Central to that role is respecting and safeguarding the privacy of personal information, including Clients’ personal information that is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (referred to as protected health information (“PHI”)) and Clients’ and Providers’ personal information that may not be considered PHI. Persana’s commitment to privacy is built upon a foundation of transparency, trust and choice. We have created this Privacy Policy to tell you how Persana collects, uses and discloses your information.

If a specific Provider does not have a Notice of Privacy Policy available to you, then this Provider’s Notice of Privacy Practices (“NPP”) and our Privacy Policy describe our privacy practices in user-friendly terms, including what information we collect in order to facilitate Sessions, what we use your information for, how we may share your information when needed, and the rights and preferences you may have with respect to your personal information. If a Provider provides you with a different Notice of Privacy Policy, then such Notice of Privacy Policy would govern. 

Here are a few things we want you to know:

  1. Definitions. So we are clear about the terms we are using, when we use the term “personal information” in this Privacy Policy, we mean information about you that is personally identifiable to you, such as your contact information (e.g., name, address, email address, or telephone number) and any other nonpublic information that is associated with such information. And when we use the term “cookies,” which is defined further below, we mean the small pieces of information that a website sends to your browser while you are viewing that website.
  2. We collect only the personal information we need in order to provide you with access to, or allow you to access our website, Platform and any other technology we make available to you, such as a mobile app (collectively, the “Services”). We do not collect more information than we need. The personal information that we ask Clients to provide us, or give Clients the option to provide us, is intended to help us provide the Services and, in turn, Providers to deliver high-quality services to Clients. The information we ask Providers to give us is intended to help Clients receive Sessions from them.
  3. We do not use your personal information for purposes unrelated to the reasons for which it was collected or unrelated to your reasonable expectations. We know it is important to you that you be aware of all the reasons your information is handled by Persana and Providers. 
  4. We do our best to minimize the amount of data we store. We understand the importance of keeping to a minimum the personal and sensitive data that we may maintain.
  5. We do not sell your identifiable personal information without your consent. 
  6. We offer you ways to control your personal information and express your preferences. We provide you with a variety of ways to exercise control over your personal information, including making certain data collection optional on intake forms, providing you with direct control over updating and editing your user profile, and providing you with unsubscribe options.

This Privacy Policy describes how Persana handles personal information that we collect through our digital properties that link to this Privacy Policy, including our Services, as well as through social media, our marketing activities, and other activities described in this Privacy Policy. The website and/or Services do not constitute professional advice, including medical advice or medical care, but are intended to help facilitate Sessions with Providers. Providers who use our Services and deliver services through the Platform may provide professional advice and services.

We may collect or receive certain personal information and other data about you that are governed by federal law, such as HIPAA, on behalf of Providers who use the Platform. Our collection and use of that personal information is subject to the business associate agreement between us and Providers, if applicable, and Provider’s NPP, if applicable, which governs their use of, disclosure of, and access to information protected by HIPAA. This Privacy Policy does not cover how we handle HIPAA-regulated PHI. 

Information we collect from you may be subject to state data privacy laws and the Federal Trade Commission’s authority.

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services. We also encourage you to review our Terms of Use to understand other requirements and limitations related to your use of the Services. Unless otherwise defined in this Privacy Policy, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use.

Personal information we collect

We may collect your personal information when you interact with us through our Services or by other means. We may also automatically collect information regarding your use of our website and any other technology we make available to you, as you use it.

Information you provide to us. Personal information you provide to us through the Services or otherwise may include:

  • Contact data, such as your name, pronouns, email address, mailing address(es), and phone number.
  • Demographic information, such as your city, state, country of residence, and postal code.
  • Profile data, such as your date of birth, your biographical details, and any other information that you add to your account profile.
  • Communications that occur over the Platform, including during Sessions (such as notes taken by Providers and persons acting on their behalf during such Sessions);other communications you may have with Providers, such as through asynchronous chats, or when you share photos or videos with your Provider; or when you contact us through the Services, social media, or otherwise (including for support).
  • Questionnaire, survey, and Session data, such as information you provide when completing one of our surveys or well-being questionnaires.
  • Transactional data, such as information relating to or needed to complete your payment for the Services, including confirmation numbers and transaction history.
  • Payment information needed to complete transactions, such as credit card information, which is collected by our third-party payment processor, Stripe, as described further below.
  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Data providers, such as information services and data licensors that provide demographic and other information.
  • Marketing partners, unless you have opted out of receiving marketing communications.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications, and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 5G), and general location information such as city, state, or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

Cookies and similar technologies. Some of the automatic collection described above may be facilitated by the following technologies:

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies can include “session cookies”, which are deleted when a session ends; “persistent cookies,” which remain longer; and “third-party” cookies, which our third-party business partners and service providers store. We use the following types of Cookies:
    • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested, including the functionality of our website and Platform. Given these Cookies are required, they shall still operate even if you click “Reject” on the Cookie banner.
    • Functional Cookies. Functional Cookies are used to record your choices and setting regarding our website and Platform, maintain your preferences over time and recognize when you return to the website and Platform. These Cookies help us to personalize our content for you and remember your preferences.
    • Performance/Analytical Cookies. Performance/Analytic Cookies allow us to understand how visitors use our website and Platform such as by collecting information about the number of visitors to the website and Platform, what pages visitors view and for how long.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device, outside your browser, in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Data about others. We may offer features that help you invite others to use the Services, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal information to:

  • Provide, operate, safeguard, and improve the Services and our business, including develop new product tools and features;
  • Establish and maintain your user profile on the Services;
  • Connect Clients and Providers for Sessions;
  • Schedule Sessions;
  • Enable security features of the Services, such as by sending you security codes via email, phone or other and remembering devices from which you have previously logged in;
  • Communicate with you about the Services, including by sending notifications, appointment reminders, questionnaires, announcements, updates, security alerts, and support and administrative messages;
  • Communicate with you regarding promotional opportunities or activities we think may be relevant to you;
  • Understand your needs and interests, and personalize your experience with the Services and our communications; and
  • Provide support for the Services and respond to your requests, questions, and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze, measure and improve the Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. Aggregated information is information about a group of people which is presented in such a way that no specific individual may be reasonably identified. We convert personal information to anonymous or de-identified data by removing information that makes the data personally identifiable to you. Aggregated, de-identified and anonymous data is not subject to HIPAA or most state data privacy laws. Accordingly, we may use this aggregated, de-identified and anonymous data and share it with third parties for our lawful business purposes, including to analyze, measure and improve the Services and to market and promote our business.

Registries/clinical trials. We may ask whether Clients want to contribute their data to certain clinical registries related to the receipt of cosmetic services and/or be contacted to participate in clinical trials related to the use or receipt of cosmetic services.

Marketing. We and our service providers may collect and use your personal information for marketing purposes. We may send you direct marketing communications, including product recommendations. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below, in which case, we will not collect or use your personal information for marketing purposes.

Compliance and protection. We may use your personal information to:

  • Comply with applicable laws, lawful requests, and legal processes, such as to respond to valid subpoenas from government authorities;
  • Protect our, Clients’, Providers’, or others’ rights, privacy, safety, or property (including by making and defending legal claims);
  • Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
    Enforce the terms and conditions that govern the Services; and
  • Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including privacy violations, cyberattacks, and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information, including when consent is required by law. Your Providers may request your consent to use “before and after” photographs upon completion of a procedure for your Providers’ and our promotional purposes.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Services, such as by remembering your selections and preferences as you navigate the Services and whether you are logged in when you visit password-protected areas of the Services.
  • Functionality. To enhance the performance and functionality of our Services.

Analytics. We may use your personal data for analytics purposes, such as to help us understand user activity on the Services, including which pages are most and least visited and how users move around the Services, as well as user interactions with our emails. We may also use your personal data for business analytics purposes, such as helping us build and scale our Services. We use Google Analytics for such purposes; you can learn more about how Google Analytics collects and uses data by visiting https://policies.google.com/technologies/partner-sites.

We also use Google APIs, which are application programming interfaces developed by Google that allow communication with Google Services and their integration with other services. Examples of these include Google Calendar, Search, Gmail, Translate, and Google Maps. Google APIs also provide analytics functions. Our use and transfer to any other site or app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. You can learn more about Google APIs and read this policy by visiting https://developers.google.com/terms/api-services-user-data-policy.

How we will NOT use your personal information

We do not sell your identifiable personal information to others. We will not sell your personal information to third parties without your consent.

We will not share your personal information with law enforcement absent special circumstances. Unless we are required to comply with a valid court order, subpoena, or search warrant for personal information, we will not share your personal information with law enforcement officials.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection. In all cases, we will share your personal data only as permitted by applicable state and federal laws.

Providers. We will share Clients’ information with Providers to facilitate access to and receipt of Sessions and other services from Providers.

Clients. We will share Provider information with Clients to facilitate access to and receipt of Sessions and other services Clients may choose to receive from Providers.

Service providers. We may share certain information with third parties that provide services on our behalf or help us operate, maintain, safeguard and improve the Services or our business (such as hosting, customer support, email delivery, marketing, consumer research, and website analytics).

Payment processors. Any payment card information you use to make a purchase on our Platform is collected and processed directly by our payment processors, Stripe. Stripe may use your payment data in accordance with its then in force privacy policy from time to time.

Professional advisors. We may share certain information with professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. We may share certain information with law enforcement, government authorities, and private parties, if and to the extent required pursuant to a valid court order, subpoena, or search warrant.

Business transferees. We have the right to share your data with or transfer it to acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Persana (including in connection with a bankruptcy or similar proceeding).

Your choices

Access or update your information. If you have registered for an account with us through the Services, you may review, change, or update certain account information by logging in to your account.

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions at the bottom of marketing-related emails sent by us or on our behalf, or via the Platform’s functionality, or by contacting us at support@persana.com. Please note that if you choose to opt out of marketing-related emails, you may continue to receive service-related and other non-marketing and transactional communications.

We cannot offer any assurances that the third parties we work with participate in the opt-out programs described above.

Do Not Track. Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to Do Not Track requests. To find out more about Do Not Track, please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain Services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those Services.

Other sites and services

The Services may contain links to websites, mobile applications, and other online services operated by third parties. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.

Security

We follow generally accepted standards, practices, and procedures to protect the personal information we collect, both during transmission and once it is received. We maintain appropriate technical, administrative, and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure, or misuse.

However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information beyond the protections we employ to the greatest extent of our ability.

Children

The Services are not intended for use by anyone under 18 years of age or the applicable age of majority in a particular state or jurisdiction unless an account is created by a parent or guardian. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us at support@persana.com and state “Receipt of Minor Information” in the subject line. If we learn that we have collected personal information through the Services from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Data Retention

We keep your personal information to enable your continued use of our Services, for as long as it is required to fulfill the relevant purposes described in this Privacy Policy, as permitted or as may be required by law, or as otherwise communicated to you.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our website or through other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

California Residents

If you are a Californian resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.

Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy.

Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” by emailing us at support@persana.com.

Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, email us at support@persana.com.

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA. If you do not wish for us or our partners to “sell” or “share” personal information, you can make your request by emailing us at support@persana.com.

Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the Services you request or as otherwise permitted by law.

Further, to provide, correct, or delete specific pieces of personal information, we may need to verify your identity to the degree of certainty required by law.

How to contact us

  • Email: support@persana.com
  • Mail: Persana, Inc., 9401 Wilshire Blvd, Suite 650, Beverly Hills, CA 90212, USA