Privacy Policy

Last updated November 2025

1. Who We Are

This website (“Site”) is operated by Aesthetics by AM, (“Aesthetics by AM,” “we,” “us,” or “our”). You can contact us as indicated under the “Contact” section below. Our registered address is 3502 Metro Drive, Ste 200., Council Bluffs, IA 51501.

The data controller responsible for your personal data is Aesthetics by AM, with whom you contract as a customer, member or membership applicant (“Aesthetics by AM,” “we,” “us” and/or “our”).

2. What This Privacy Policy Is For

This Privacy Policy (“Policy”) applies to personal data that we collect from you as a client or user of this Site. It provides information on what personal data we collect, why we collect it, how it is used, and what your rights are under applicable data protection and privacy laws, including the Iowa Consumer Data Protection Act (ICDPA) and other U.S. privacy regulations.

By using our Site or submitting your personal information, you agree to the terms of this Privacy Policy. Please read it carefully.

3. Personal Data We Collect

We collect the following types of personal data from you:

Client & Appointment Information

The personal details you provide when booking an appointment, purchasing a service, or creating a profile. This may include your name, date of birth, contact information (address, email, and phone), medical or health-related information relevant to your treatment, and payment details.

Payment Information

We collect debit/credit card or bank information provided to our payment service providers for processing your transactions. Aesthetics by AM does not directly store or process card data.

Health Information

Certain services require us to collect medical history, allergies, and treatment preferences to ensure safe and appropriate care. This information is kept confidential and used solely for clinical and operational purposes.

Other Information

We may also collect information you choose to share when contacting us by email, completing forms, subscribing to newsletters, or interacting on social media.

4. Automatically Collected Data

When you visit our Site, we may automatically collect:

  • Log data: including IP address, browser type, and time of visit.

  • Cookies: small text files to improve your browsing experience and site functionality.
    For more information, please review our Cookie Policy.

5. How We Use Your Personal Data

We use your personal data to:

  • Process and confirm your appointments or purchases.

  • Communicate with you about your treatments, account, or services.

  • Send updates, wellness tips, or promotional offers (only if you’ve opted in).

  • Improve our website, services, and client experience.

  • Comply with legal, health, and safety obligations.

We may also use anonymized data for internal analytics, trend analysis, and service improvements.

6. Disclosure of Your Information

We may share your information with:

  • Service Providers: such as payment processors, scheduling platforms (e.g., Acuity Scheduling), email or marketing platforms, and IT providers who assist in operating our business.

  • Legal Compliance: if required by law, regulation, or government request.
    We do not sell or rent your personal information to third parties.

7. Payment Information

All payments made through our Site are processed by secure third-party providers. Your card details are encrypted and protected under industry standards (e.g., PCI DSS).

You may choose to store payment details for convenience through our secure booking system or opt to re-enter them for each transaction.

8. Data Transfers & Security

Your information may be stored or processed in the United States or other jurisdictions where our service providers operate. We maintain appropriate safeguards to protect your personal data from unauthorized access, loss, or misuse.

Although we use modern encryption and secure servers, no system can guarantee 100% security.

9. Your Rights

You have the right to:

  • Access and request a copy of your personal data.

  • Request correction or deletion of inaccurate information.

  • Opt out of marketing communications at any time.

  • Withdraw consent for certain data uses.

Nebraska & Iowa residents have additional rights under the Nebraska Data Protection Act (NDPA) and the Iowa Consumer Data Protection Act (ICDPA), including the right to know what personal information is collected and to request its deletion or restriction.

To exercise these rights, please contact us at the address listed below.

10. Data Retention

We retain your personal data only as long as necessary to provide services, meet legal obligations, and resolve disputes. Health records and treatment documentation may be retained for the period required by law or professional regulation.

11. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted here with an updated “Last Updated” date. Material changes may also be communicated directly to you when appropriate.

12. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy, please contact us at:

Aesthetics by AM
3502 Metro Drive, Suite 200
Council Bluffs, IA 51501
✉️ allison@ccareclinic.com
(C) 402.709.5938
(O) 712.256.7172