Aesthetic Atlas is managed by Lumara Systems.
Privacy Policy
1. Who we are
Aesthetic Atlas is a service operated by Lumara Systems, LLC (“Lumara Systems,” “we,” “us,” “our”). We provide a guided 3D body-atlas tool that lets visitors of a participating medical spa or aesthetic practice (the “Practice”) select aesthetic concerns and receive an AI-generated treatment plan branded as that Practice. This Privacy Policy applies to every host that serves the Aesthetic Atlas experience, including aesthetic-atlas.com and any subdomain or custom domain operated under the Practice's brand. The Practice may have its own additional privacy practices that govern your relationship with them directly.
2. Information we collect
When you use Aesthetic Atlas you may provide: the aesthetic concerns you select on the 3D body atlas; free-text notes you choose to add about your concerns; your first and last name, email address, and phone number; and your consent to receive marketing or informational SMS messages from the Practice if you check the SMS opt-in box. We also automatically capture your IP address, the user-agent string of your browser, and a session identifier when you submit the form. This automatic information is used only for fraud prevention, abuse monitoring, and to audit-log your SMS consent.
3. How we use your information
We use the information you provide to generate your tailored treatment plan, deliver it to your email and (if you opt in) to your phone, create or update a contact record in the Practice's customer-relationship-management (CRM) system so the Practice can follow up with you, and send the Practice's automated SMS follow-up if you opted in and have not yet booked a consultation. We also retain a record of your SMS consent for legal and audit purposes under the Telephone Consumer Protection Act, and use IP and user-agent data to prevent fraud and abuse of the service. We may use de-identified or aggregated information for product improvement; this kind of information cannot reasonably be linked back to you.
4. Service providers we share information with
We do not sell your information. We rely on a small number of third-party service providers to operate Aesthetic Atlas: Vercel, Inc. for website hosting and content delivery; Supabase, Inc. for the secure database that stores your concerns, free-text notes, and SMS consent record; Anthropic, PBC and Google LLC as the large-language-model providers that generate your treatment plan from the concerns you selected (we do not transmit your name, email, or phone number to these providers); HighLevel, Inc. (GoHighLevel) as the CRM platform the Practice uses to receive your contact record and run their email and SMS follow-ups; and Cal.com, Inc. for the booking widget embedded on the results page. These providers process your information solely to deliver their service to us under their own contractual and security obligations. We disclose information to law enforcement only when required by law or valid legal process.
5. The Practice's role
When you submit the form, your contact information becomes part of the Practice's patient or prospect record in their CRM. The Practice is an independent business and a separate data controller for your information once it reaches their CRM, and their use of your information is governed by their own privacy practices. Lumara Systems acts as a service provider to the Practice for the steps that move your information from the form to their CRM.
6. Data retention
Free-text notes you submit are automatically deleted 90 days after submission, and your tailored treatment plan link expires 90 days after submission and is no longer accessible after that point. Your concerns selection, treatment plan text, and access-token record are retained for as long as your record exists, which you can delete at any time using the “Manage Your Data” option on your treatment plan page (see Section 7). SMS consent records — including the timestamp, IP address, exact consent text shown to you, and phone number — are retained for 4 years to satisfy our audit obligations under the Telephone Consumer Protection Act and Federal Communications Commission rules; deletion of your other data does not delete the consent record, which remains for legal compliance. The Practice's CRM record is retained according to the Practice's own data-retention practices, which Lumara Systems does not control.
7. Your rights
You can delete your data at any time. On your treatment plan page, click “Manage Your Data” to delete your concerns, free-text notes, and plan from our database. You may also email us at contact@lumara.systems to request deletion, access, or correction of any record we hold for you; we will respond within 45 days. The SMS consent record described in Section 6 is retained for legal compliance even after a deletion request. You can opt out of SMS at any time by replying “STOP” to any text message from the Practice (reply “HELP” for assistance). To remove your record from the Practice's CRM, contact the Practice directly. If you are a California, Colorado, Connecticut, Utah, or Virginia resident, you may have additional rights under your state's privacy law, including the right to know, correct, delete, opt out of certain processing, and appeal any denial of these rights — contact us at the email above to exercise any of those rights.
8. Security
We use industry-standard security measures, including TLS encryption in transit, encryption at rest in our database, and strict access controls. No method of transmission or storage is 100% secure, but we work to keep your information safe and to alert you in the event of a breach as required by law.
9. Cookies and tracking
Aesthetic Atlas does not use cookies for advertising or third-party tracking. Your browser may store a session identifier as part of normal web-application operation. The Practice's CRM and the booking platform may use their own cookies as described in their respective policies.
10. Children
Aesthetic Atlas is not directed to children. We do not knowingly collect information from anyone under 18. If you believe a minor has submitted information through our service, please contact us at contact@lumara.systems and we will delete it.
11. International users and not medical advice
Aesthetic Atlas is operated from the United States, and our service providers may store information in the United States or other countries. By using our service, you consent to the transfer of your information to the United States. The treatment plan generated by Aesthetic Atlas is for educational and informational purposes only and does not constitute medical advice, diagnosis, or treatment — see our Medical Disclaimer.
12. Changes and contact
We may update this Privacy Policy from time to time. The “Effective Date” at the top of this page reflects the latest revision; material changes will be posted prominently. Your continued use of Aesthetic Atlas after such posting constitutes acceptance of the updated policy. For privacy questions or to exercise any right described above, email contact@lumara.systems.