Skip to content
BeautIQ
FeaturesPricingContact
Sign inStart free trial
Legal · Privacy

Privacy Policy

Effective: May 20, 2026 · Last updated: May 20, 2026

This Privacy Policy explains how BEAUTIQAPP LLC — a Florida-registered company providing scheduling, intake, and communication software to U.S. beauty, wellness, and medical-aesthetic businesses — handles personal information. It covers our website, the BeautIQ workspace, branded micro-sites, and the SMS confirmation and reminder service we operate on behalf of our customers. Each Business Customer also publishes its own client-facing privacy notice at /sites/<subdomain>/privacy — that policy, not this one, governs each Business Customer’s relationship with its own clients.

1. Overview

BEAUTIQAPP LLC ("BeautIQ," "we," "us," or "our") provides a cloud-based scheduling, client-management, intake, billing, and communication platform for beauty, wellness, and medical-aesthetic businesses ("Business Customers"). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit beautiq.app, sign up for an account, or interact with any BeautIQ product or service (collectively, the "Services").

BeautIQ operates exclusively within the United States. The Services are not directed to, or intended for use by, individuals located outside the United States. By using the Services, you confirm that you are accessing them from within the United States.

We act in two distinct roles: (a) as a "controller" of personal information collected directly from website visitors, prospects, and Business Customer administrators; and (b) as a "processor" or "service provider" of personal information that Business Customers upload or generate when using the Services to manage their own clients ("Client Data"). When BeautIQ processes Client Data on behalf of a Business Customer, that Business Customer is the controller of the data and its own privacy policy governs the relationship with its clients.

2. Information We Collect

2.1 Information you provide directly

  • Account information: name, email address, mobile phone number, password (hashed), business name, business address, professional license details (where required for medical-aesthetic services), and business tax identification information (including the Employer Identification Number where required for A2P 10DLC SMS brand registration — see Section 5.1).
  • SMS registration information (Business Customers only): legal entity name, EIN or equivalent business tax identifier, registered business address, business website, privacy-policy URL, opt-in flow description, and sample message content. The Business Customer authorizes BeautIQ to transmit this information to The Campaign Registry on its behalf as described in Section 5.1.
  • Billing information: payment card data (processed by our PCI-DSS Level 1 payment processor — BeautIQ does not store full card numbers), billing address, and invoice history.
  • Communications: messages you send to support, demo requests, survey responses, and feedback.
  • Profile and content: photographs, business logo, signature images, service catalog descriptions, pricing, and other content you upload.

2.2 Client Data processed on behalf of Business Customers

When a Business Customer uses the Services to schedule appointments, intake clients, document treatments, store consent forms, send confirmations, or process payments, BeautIQ processes personal information about that Business Customer's clients. This may include name, date of birth, email, mobile number, address, intake questionnaire responses, medical history (where the Business Customer has elected to use HIPAA Compliance Mode and has executed a Business Associate Agreement with BeautIQ), photographs, treatment notes, signatures, and payment records.

BeautIQ treats Client Data as confidential and only uses it to provide the Services in accordance with our agreement with the Business Customer.

2.3 Information collected automatically

  • Usage data: pages viewed, features used, clicks, session duration, referring URLs, and timestamps.
  • Device and connection data: IP address, browser type and version, operating system, device identifiers, and approximate location (derived from IP).
  • Cookies and similar technologies: session cookies, authentication tokens, and analytics identifiers. See Section 7 for details and your choices.

2.4 Information from third parties

  • Identity providers (e.g., when you sign in using a third-party authentication service).
  • Payment processors (transaction status, fraud signals, and limited card metadata such as last four digits and brand).
  • SMS and email delivery providers (delivery status, bounce, and unsubscribe signals).
  • Publicly available business information (e.g., for sales outreach to professionally listed businesses).

3. How We Use Information

We use personal information for the following purposes:

  • Provide, operate, and maintain the Services, including authentication, billing, scheduling, and customer support.
  • Send transactional communications such as appointment confirmations, reminders, password resets, billing notices, and security alerts. See Section 5 for SMS-specific terms.
  • Personalize and improve features, troubleshoot errors, and develop new offerings.
  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
  • Comply with legal obligations, court orders, lawful requests by public authorities, and applicable industry regulations (including, where elected by a Business Customer, HIPAA).
  • Send marketing communications about BeautIQ products to Business Customers and prospects, subject to your right to opt out at any time.

BeautIQ does not sell personal information, and we do not share personal information with third parties for their independent advertising or cross-context behavioral advertising purposes.

4. Protected Health Information (HIPAA)

When a Business Customer is a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), and that Business Customer has executed a written Business Associate Agreement ("BAA") with BeautIQ, certain Client Data may constitute "Protected Health Information" ("PHI") as defined under HIPAA.

In those cases, BeautIQ acts as a Business Associate and uses, discloses, and safeguards PHI strictly in accordance with HIPAA, the HITECH Act, and the executed BAA. The BAA — not this Privacy Policy — governs BeautIQ's treatment of PHI. To the extent of any conflict between the BAA and this Privacy Policy with respect to PHI, the BAA controls.

Business Customers that have not enabled HIPAA Compliance Mode and have not executed a BAA must not upload PHI to the Services. Each Business Customer is solely responsible for determining whether its data constitutes PHI and for enabling the appropriate Compliance Mode.

5. SMS and Text Messaging Program

BeautIQ enables each Business Customer (typically a salon, clinic, or wellness studio) to send appointment confirmations, appointment reminders, intake-form reminders, and other transactional text messages ("Text Messages") to its own clients. Text Messages sent on behalf of a Business Customer always originate from that Business Customer's own dedicated phone number — never from a shared BeautIQ sender. BeautIQ also sends a limited set of platform Text Messages directly to Business Customer administrators (account verification codes, security alerts, and billing notices). The terms in this Section apply to both flows.

5.1 Sender identity and per-Business-Customer 10DLC registration

United States wireless carriers require every business sending application-to-person SMS to a U.S. number to be registered under the A2P 10DLC framework with The Campaign Registry ("TCR"). Each BeautIQ Business Customer registers its own brand and messaging campaign with TCR. The Business Customer's legal entity name is what appears on the registry, and a dedicated phone number is provisioned and linked to that approved campaign — every Text Message sent to that Business Customer's clients originates from that number.

BeautIQ acts as the Business Customer's authorized agent and submits the brand and campaign registration to TCR on the Business Customer's behalf, based on information the Business Customer provides during onboarding and an explicit, non-pre-checked authorization. The data the Business Customer authorizes BeautIQ to transmit to TCR includes the Business Customer's legal entity name, Employer Identification Number (EIN) or equivalent business tax identifier, registered business address, business website, privacy-policy URL, opt-in flow description, and sample message content. TCR processes this data to assess sender legitimacy and to assign the "brand score" that U.S. carriers use to gate delivery. BeautIQ does not use the data the Business Customer authorizes for TCR submission for any purpose other than enabling that Business Customer's registered SMS sending.

From your perspective as a recipient, the sender of any appointment-related Text Message is the Business Customer named on the registered brand, not BeautIQ. Each Business Customer is the controller of its own client relationships and is solely responsible for maintaining its own privacy notice and consent records with respect to those clients; BeautIQ acts as a processor in providing the underlying messaging infrastructure.

5.2 Consent

The Services capture and enforce per-Business-Customer consent before any Text Message is sent. When you book an appointment through a Business Customer's online booking page, a non-pre-checked consent checkbox is shown that names the specific Business Customer, states that message and data rates may apply, and explains how to opt out. Submitting the booking with the checkbox checked creates an immutable opt-in record that includes the timestamp, your phone number, the Business Customer's ID, the booking ID, and the exact consent text shown to you at that moment. Subsequent changes to the consent text do not alter consent records previously captured.

Where a Business Customer's staff enters an appointment on your behalf and BeautIQ has no prior opt-in record for your number at that Business Customer, the Services may send you a single double opt-in Text Message that asks you to "Reply YES to receive appointment reminders" and includes "Msg & data rates may apply" and "Reply STOP to opt out". This double opt-in Text Message is itself the consent request and is the only Text Message that may be sent to you for that appointment before consent is captured. Replying YES creates an opt-in record; replying STOP creates an opt-out record; not replying means no further Text Messages are sent for that appointment.

Consent to receive marketing Text Messages is never a condition of purchase. Consent to receive transactional Text Messages (such as appointment reminders) may be a condition of using certain features of the Services that exist for the purpose of sending those messages.

5.3 Message frequency

Message frequency varies based on the Business Customer's configuration and your appointment activity. Typical frequency ranges from one (1) to ten (10) messages per appointment cycle — for example, one booking confirmation, reminders at 24 hours and 2 hours before the appointment, and optionally one intake-form reminder.

5.4 Charges

Message and data rates may apply. Neither BeautIQ nor the originating Business Customer is responsible for charges imposed by your wireless carrier. Carriers are not liable for delayed or undelivered messages.

5.5 Opt-out and help

  • Reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT (case-insensitive, with or without surrounding whitespace) to any Text Message from a Business Customer to unsubscribe from further Text Messages from that specific Business Customer. You will receive an automatic confirmation Text Message naming the Business Customer.
  • Reply HELP or INFO to any Text Message for instructions and contact details for that Business Customer.
  • Opt-in and opt-out are scoped per Business Customer. Opting out of Text Messages from one Business Customer does NOT opt you out of Text Messages from any other Business Customer at which you have opted in separately. To stop receiving Text Messages from multiple Business Customers, opt out of each one individually.
  • Reply START or UNSTOP at any time to re-subscribe to Text Messages from a Business Customer you previously opted out of.
  • For BeautIQ platform Text Messages (account-level alerts sent directly by BeautIQ rather than by a Business Customer), contact privacy@beautiq.app.

5.6 Quiet hours

Non-urgent transactional Text Messages (booking confirmations, appointment reminders, and form reminders) are subject to a default quiet-hours window of 21:00 to 08:00 in your local time, and are deferred to the next morning if they would otherwise dispatch during that window. Business Customers may adjust or disable the quiet-hours window for their own brand. Compliance-related responses — STOP confirmations, HELP responses, and START / UNSTOP re-subscribe confirmations — are exempt from quiet hours and are sent immediately upon trigger, regardless of time of day, as required by U.S. messaging compliance rules.

5.7 Supported carriers

The SMS program is compatible with major U.S. wireless carriers, including AT&T, Verizon Wireless, T-Mobile, US Cellular, Boost Mobile, Cricket Wireless, Metro by T-Mobile, and others. Service may be available through additional carriers, but neither BeautIQ nor the originating Business Customer guarantees delivery on any specific carrier.

5.8 TCPA and 10DLC compliance

BeautIQ, its Business Customers, and the SMS infrastructure operated by BeautIQ comply with the U.S. Telephone Consumer Protection Act ("TCPA"), 47 U.S.C. § 227, the A2P 10DLC framework administered by The Campaign Registry, and rules promulgated by the Federal Communications Commission and the CTIA. Business Customers are contractually required to obtain prior express consent (or prior express written consent for marketing messages) before any Text Message may be sent to a recipient through the Services, and the BeautIQ platform refuses to dispatch absent a recorded opt-in for the (Business Customer, phone number) pair.

6. How We Share Information

We share personal information only in the following limited circumstances:

  • Service providers (sub-processors): cloud hosting (Vercel, Inc. and Neon, Inc. — U.S. regions only), payment processing, SMS delivery (Plivo, Inc.), SMS brand and campaign registration with The Campaign Registry, LLC (the U.S. A2P 10DLC registry — see Section 5.1), email delivery, error monitoring, and customer support tooling. Each sub-processor is contractually bound to use the data only to provide services to BeautIQ and to maintain confidentiality and security.
  • Business Customers: when you are a client of a Business Customer, that Business Customer has access to information about your interactions with their account, including appointments, intake responses, and treatment records.
  • Legal and safety: when required to comply with applicable law, valid legal process, or a lawful request by a public authority, or to protect the rights, property, or safety of BeautIQ, our users, or others.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to the acquirer honoring this Privacy Policy or providing notice and an opportunity to object where required by law.
  • With your consent: any other disclosure for which we obtain your specific consent.

BeautIQ does not "sell" personal information as that term is defined in the California Consumer Privacy Act ("CCPA"), nor do we "share" personal information for cross-context behavioral advertising.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, measure how the Services are used, and protect against fraud and abuse. We classify them as follows:

  • Strictly necessary: required for authentication, session management, and security. These cannot be disabled.
  • Functional: remember settings such as time zone, language, and last-used view.
  • Analytics: aggregated usage statistics to help us improve the Services. We do not use analytics cookies for cross-site tracking or advertising.

You can configure your browser to refuse cookies or to alert you when cookies are being sent. Note that some portions of the Services may not function properly if cookies are disabled. Where required by law, we will request your consent before placing non-essential cookies.

8. Data Retention

We retain personal information for as long as your account is active, as needed to provide the Services, and as required to comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by data category and applicable law:

  • Account records: retained for the life of the account and up to seven (7) years after termination, to meet tax, accounting, and dispute-resolution obligations.
  • Client Data (including PHI under a BAA): retained according to the instructions of the Business Customer and applicable law. On account termination, Client Data is returned or deleted in accordance with the BeautIQ Master Services Agreement.
  • SMS logs and message audit trail: retained for four (4) years from the event timestamp, aligned with the federal statute of limitations applicable to the TCPA (47 U.S.C. § 415), to demonstrate consent and provide dispute support. Opt-in and opt-out records that represent the currently active consent state for a phone number at a Business Customer are retained for as long as that state is active, plus an additional four (4) years after the state is superseded or revoked.
  • Marketing records: retained until you unsubscribe or object, plus a suppression-list record sufficient to honor your opt-out indefinitely.

9. Data Security

BeautIQ maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
  • Role-based access controls, audit logging, and the principle of least privilege.
  • Regular vulnerability scanning, dependency monitoring, and security reviews.
  • Background checks and confidentiality obligations for personnel with access to production systems.
  • Incident-response procedures and notification of affected individuals and regulators as required by law.

No method of transmission over the internet or electronic storage is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security.

10. Your U.S. State Privacy Rights

Depending on the U.S. state in which you reside, you may have the following rights with respect to personal information that BeautIQ controls:

  • Right to know or access: request confirmation of, and a copy of, the personal information we hold about you.
  • Right to correct: request correction of inaccurate personal information.
  • Right to delete: request deletion of personal information, subject to legal exceptions.
  • Right to portability: request a copy in a portable, machine-readable format.
  • Right to opt out of "sale" or "sharing" for targeted advertising: BeautIQ does not sell or share personal information for these purposes; nonetheless, you may submit a request and we will confirm.
  • Right to limit the use of "sensitive personal information," where applicable.
  • Right to non-discrimination for exercising your privacy rights.
  • Right to appeal a denied request, where applicable under state law.

These rights are granted under, among others, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), the Florida Digital Bill of Rights (FDBR), and other applicable U.S. state laws.

To exercise any of these rights, email privacy@beautiq.app from the email address on file or use the in-product privacy request form. We will verify your identity before fulfilling the request and respond within the time period required by applicable law (typically 45 days). You may also designate an authorized agent to submit a request on your behalf.

If you are a client of a Business Customer and your request concerns Client Data, we will forward your request to the relevant Business Customer, who is the controller of that data.

11. California "Shine the Light"

California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for those third parties' direct marketing purposes. BeautIQ does not disclose personal information to third parties for their own direct marketing purposes.

12. Children's Privacy

The Services are intended for use by adults aged 18 and older, and by professionals using the Services in the course of their work. BeautIQ does not knowingly collect personal information directly from children under the age of 13. Where a Business Customer (such as a pediatric or family-oriented wellness practice) uploads Client Data concerning a minor, the Business Customer is responsible for obtaining any required parental consent under the Children's Online Privacy Protection Act ("COPPA") and applicable state law. If you believe a child under 13 has provided personal information directly to BeautIQ, please contact us at privacy@beautiq.app and we will promptly delete it.

14. U.S.-Only Operations

BeautIQ's Services are hosted and operated entirely within the United States. We do not knowingly accept registrations from, or offer Services to, individuals or businesses located outside the United States. If you are accessing the Services from outside the United States, you must discontinue use. Any data you submit will be stored and processed in the United States, and you acknowledge that the laws of the United States may differ from those of your country of residence.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date at the top of this page and, where required by law, notify you by email or through the Services at least thirty (30) days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised Privacy Policy.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida and the federal laws of the United States, without regard to conflict-of-laws principles. Any dispute arising out of or relating to this Privacy Policy shall be resolved exclusively in the state or federal courts located in the State of Florida, and you consent to the personal jurisdiction of those courts.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise a privacy right, or need to file a complaint, please contact us:

  • Privacy inquiries: privacy@beautiq.app
  • General inquiries: hello@beautiq.app
  • Mailing address: BEAUTIQAPP LLC, 19790 W Dixie Hwy, Unit 1007, Miami, FL 33180, USA
  • Principal office: 811 SE 116th Street, Apt 211, Fort Lauderdale, FL 33316, USA

We will respond to verifiable requests within the time period required by applicable law. If you are not satisfied with our response, you may contact your state attorney general or, for residents of California, the California Privacy Protection Agency.

Questions? privacy@beautiq.app · Or contact us.