MedSpa Institute, Inc. ("MSI", "we", "our") respects your privacy. This policy explains what we collect, why we collect it, who we share it with, and the choices you have. It applies to medspa-institute.com, msi.institute, our student academy at /app, and all related services. For questions, contact privacy@msi.institute.
01Information We Collect
We collect information you provide directly to us, including:
- Contact and lead data: name, email address, phone number, program interest, campus preference, prior education, residency, and similar fields you submit through our contact, apply, tour, reserve-a-seat, newsletter, guide-download, and call-request forms.
- Quiz and form responses: your answers to our program-match quiz and any free-text messages you send us.
- Enrollment records: government ID, enrollment agreement, transcripts, payment plan details (payment-card data is handled by our PCI-DSS-compliant processor, not stored by us).
- Academic records: attendance, grades, clinical hour logs, certifications, instructor evaluations.
- Account and profile data: credentials, display name, photo, biography, social handles, preferences.
- Communications: emails, SMS, support tickets, community posts, recordings of optional review sessions you opt into.
We also collect information automatically, including:
- IP address, device and browser identifiers, language, time zone, referring page, and approximate location derived from IP.
- Site usage data: pages visited, lessons viewed, time on task, click-through, form submissions, and similar product-usage analytics.
- Marketing attribution: UTM parameters, referrer, and first-touch source, stored for up to 90 days to attribute enrollments to the campaign that brought you to us.
- Cookies and similar technologies — see "Cookies, Pixels & Analytics" below and our Cookie Policy.
02How We Use Information
- Operate and deliver the programs and platform you enrolled in.
- Administer admissions, financing, billing, and refunds.
- Respond to inquiries you submit through our forms, quiz, or phone/SMS channels.
- Issue certificates, transcripts, and Florida licensing-exam eligibility documentation.
- Send transactional communications (enrollment, schedule, billing) and, where you have consented, marketing and informational SMS and email about programs, open houses, tuition deadlines, and events.
- Measure marketing performance, improve the site and curriculum, detect fraud or abuse, and meet legal and regulatory obligations.
05SMS Program
When you submit a form that includes a phone number, you are agreeing to receive marketing and informational calls, texts, and emails from MedSpa Institute at the phone number and email address you provided, including messages sent using automated technology. Consent is not a condition of enrollment or purchase.
- Message frequency varies based on your inquiry, application status, and the events you ask us about. You will typically receive a small number of messages per month.
- Message and data rates may apply — your mobile carrier may charge you for sending or receiving SMS.
- Reply STOP to any text to unsubscribe from marketing SMS at any time. Reply HELP for help and contact information.
- STOP requests are honored immediately and we suppress your number from further marketing SMS in both our database and AI.BRAIN. Transactional messages (e.g., schedule changes for an enrolled student) may continue where permitted by law.
06Your Rights & Choices
You can, at any time:
- Opt out of marketing SMS by replying STOP to any text from us.
- Opt out of marketing email by clicking the unsubscribe link in the footer of any marketing email or by emailing privacy@msi.institute.
- Withdraw cookie consent via the "Cookie preferences" link in the site footer.
- Request access to or a copy of the personal information we hold about you.
- Request correction or deletion of your personal information — use the self-serve flow at /data-deletion or email privacy@msi.institute. We will respond within 45 days (extendable once by an additional 45 days where permitted by law).
- Lodge a complaint with a supervisory authority if you believe we have not complied with applicable law.
We may need to verify your identity before acting on a rights request — typically by confirming the email or phone number associated with your record.
07Data Retention
We retain records for as long as needed to operate the school, honor accreditation and state-licensing record-retention requirements (generally five years after a student's last date of attendance), defend legal claims, and comply with our tax, accounting, and audit obligations. Lead and inquiry records from visitors who do not enroll are retained for up to 24 months, then deleted or de-identified. Aggregated or de-identified data may be retained indefinitely.
08Security
We use industry-standard technical and organizational measures to protect personal information, including encryption in transit and at rest, role-based and row-level access controls on our database, scoped service-role credentials kept server-side only, signed payloads between our site and AI.BRAIN, and audit logging. No system is perfectly secure; if we learn of a breach that affects your information, we will notify you as required by law.
09Children's Privacy
MSI's services are not directed to children under 16. We do not knowingly collect personal information from children under 13, and we do not knowingly sell or share the personal information of consumers under 16. If you believe a child has provided us information, please email privacy@msi.institute and we will delete it.
10Your California Privacy Rights (CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, the sources, the business and commercial purposes, and the categories of third parties we disclose it to.
- Access and obtain a copy of your personal information in a portable format.
- Correct inaccurate personal information.
- Delete personal information we have collected from you, subject to legal exceptions.
- Limit the use of sensitive personal information to what is necessary to deliver our services.
- Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising.
- Non-discrimination for exercising any of these rights.
Do Not Sell or Share My Personal Information. We do not sell personal information for money. To the extent our use of marketing pixels (Meta, Google) constitutes "sharing" for cross-context behavioral advertising under the CPRA, you can opt out in two ways: (1) click "Reject non-essential" in the cookie banner, or change your choice anytime via "Cookie preferences" in the footer; or (2) email privacy@msi.institute with the subject line "Do Not Sell or Share".
Global Privacy Control (GPC). We recognize and honor the GPC browser signal as a valid opt-out of "sale" and "sharing" of your personal information. When your browser sends GPC, we suppress non-essential trackers automatically and do not require you to take any further action on this site.
You may also designate an authorized agent to make a request on your behalf. We will require written authorization and may verify your identity directly.
11EEA / UK / Swiss Residents (GDPR)
We process your data on the following lawful bases: contract (delivering the program you enrolled in), legitimate interests (improving the platform, preventing fraud), consent (marketing SMS and email, non-essential cookies and pixels), and legal obligation (records retention).
You have the rights of access, rectification, erasure, restriction, portability, and objection. Email privacy@msi.institute to exercise these rights.
12Contact
MedSpa Institute, Inc. · 3250 NE 1st Ave, Suite 504, Miami, FL 33137 · privacy@msi.institute · +1 (813) 997-8839.
13Changes to this Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, give you reasonable notice before they take effect.
Questions about this document? Email admissions@msi.institute.
