Privacy policy

Who We Are

CGT Aesthetics (CGT Aesthetics, we, us, or our) operates medical spa and aesthetic treatment centers in Evergreen Park and Westmont, Illinois, under the medical direction of Dr. George Thomas. We provide aesthetic and wellness services including injectables, laser treatments, facial services, and body contouring.

We offer a patient-facing mobile application (the App) available on iOS and Android, a website at cgtaesthetics.com, and related online services (collectively, the Services). Appointment management and patient account services are powered by Booker, a third-party scheduling platform operated by Mindbody, Inc.

This Privacy Policy explains how we collect, use, share, and protect personal information obtained through our Services, and the choices available to you.

Information We Collect

Information You Provide Directly

When you create an account, book an appointment, or contact us, we may collect:

  • Full name, date of birth, and gender
  • Email address, phone number, and mailing address
  • Account credentials (username/password managed via Booker)
  • Payment and billing information (processed by PCI-compliant third parties; we do not store full card numbers)
  • Health-related information relevant to your treatments (e.g., medical history, allergies, treatment preferences)
  • Appointment history and service preferences
  • Communications you send us via the App, email, or phone

Information Collected Automatically

When you use the App or visit our website, we and our service providers may automatically collect:

  • Device identifiers (device ID)
  • Operating system, device type, and browser type
  • App usage data, session duration, and feature interactions
  • Crash reports and performance diagnostics

Information from Third Parties

Our appointment management is powered by Booker (a Mindbody company). When you create or access an account through our App, relevant profile and appointment data is retrieved from Booker. Your use of our booking services is also subject to Booker's privacy policy at mindbodyonline.com.

Note on Health Information

Health-related information you provide in connection with your treatments is used exclusively to deliver and improve your care. We do not sell health-related personal information and take additional precautions to protect its security.

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Creating and managing your account, scheduling appointments, processing payments, and providing related support.
  • Communications: Sending appointment reminders, confirmations, follow-ups, and (where you have consented) promotional offers.
  • App Functionality: Enabling features such as online booking, calendar integration, push notifications, and account management.
  • Analytics & Improvement: Understanding how Services are used, improving user experience, and diagnosing technical issues.
  • Safety & Security: Detecting and preventing fraud, unauthorized access, and other harmful activities.
  • Legal Compliance: Complying with applicable laws, regulations, and healthcare recordkeeping obligations.
  • Marketing (with consent): Sending promotional content and special offers where you have opted in or as permitted by law.

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Booker / Mindbody: As our appointment platform, Booker receives appointment, account, and transaction data to operate our booking services on our behalf.
  • Analytics Providers: Usage data may be shared with services such as Firebase or Google Analytics to understand App performance.
  • Service Providers: Third-party vendors for email delivery, push notifications, cloud hosting, and support — all contractually bound to use your data only to perform services on our behalf.
  • Legal & Regulatory Disclosure: To law enforcement, regulators, or courts as required by law or to protect our legal rights.
  • Business Transfers: If CGT Aesthetics is acquired or merged, your information may transfer to the successor entity subject to equivalent privacy protections.
  • With Your Consent: For any other purpose with your explicit consent.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to operate the site, remember your preferences, and gather analytics. Types of cookies used include:

  • Essential Cookies: Required for website operation (session management, login state).
  • Analytics Cookies: Help us understand how visitors interact with our site, using tools such as Google Analytics.
  • Marketing Cookies: May be used to deliver relevant advertising where you have consented.

You can manage or disable cookies through your browser settings. To opt out of Google Analytics tracking visit the Google Analytics Opt-Out page.

App Tracking Transparency (iOS)

On iOS 14.5 and later, we request your permission before tracking your activity across other companies' apps and websites for advertising purposes, as required by Apple's App Tracking Transparency (ATT) framework. A system prompt will appear the first time a relevant feature is accessed.

You may change your choice at any time in Settings → Privacy & Security → Tracking. Analytics used solely to improve our own Services do not require ATT permission.

Mobile App Permissions

Our App may request the following device permissions. All permissions are optional and denying any of them will not prevent you from booking or managing appointments.

Calendar Access

Requested solely to let you save booked appointments to your device calendar. This is entirely optional. If you deny it, you can still book and manage appointments normally within the App. We will never re-request a permission you have denied. You may change this at any time in Settings → CGT Aesthetics → Calendar.

Push Notifications

Requested to send appointment reminders, confirmations, and account updates. Manageable at any time in your device Settings or within the App.

Important Permission Denials

Denying any permission will never block access to core Services such as booking appointments, viewing your history, or managing your account. Permissions are only requested at the moment a related feature is used. We never force or re-prompt a denied permission.

Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at info@cgtaesthetics.com and we will promptly delete it.

Minors between ages 13 and 17 may use our Services only with the involvement and consent of a parent or legal guardian.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. We may also retain information as required by law, including Illinois healthcare recordkeeping regulations, to resolve disputes, or for other legitimate business purposes.

When personal information is no longer required, we delete or anonymize it per our internal data retention schedule. Information maintained within the Booker platform is subject to Booker's own retention policies.

Your Privacy Rights

Depending on where you reside, you may have the following rights with respect to your personal information:

  • Right to Access / Know: Request confirmation of whether we hold personal information about you and a copy of that data.
  • Right to Correction: Request correction of inaccurate personal information we hold.
  • Right to Deletion: Request deletion of your personal information (see Section 10 for the full account deletion process).
  • Right to Portability: Request your data in a portable, structured format where technically feasible.
  • Right to Opt-Out: We do not sell personal information. To opt out of cross-context behavioral advertising, see Section 5.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any privacy right.
  • Right to Appeal: If we decline a privacy request, you may appeal our decision by contacting us as described below.

Illinois Residents: We handle personal information consistent with the Illinois Personal Information Protection Act (PIPA) and other applicable Illinois law.

To exercise any of these rights, email info@cgtaesthetics.com with the subject line "Privacy Request." We will respond within 45 days of receipt, or within any period required by applicable law. We may need to verify your identity before processing certain requests.

Account Deletion

You have the right to request deletion of your account and associated personal information. Because your patient account is managed through the Booker platform, deletion involves both our systems and Booker's records.

How to Request Account Deletion

In the App: Tap the menu icon (☰) and select Delete My Account, then follow the on-screen prompts.

By Email: Email info@cgtaesthetics.com with subject "Account Deletion Request."

What Happens After You Request Deletion

  1. We will process your verified deletion request within 30 days of confirmation.
  2. Your Booker-managed patient profile will be deactivated or deleted per Booker's data deletion capabilities and policies.
  3. Any personal information we hold independently (marketing preferences, in-app data) will be deleted or anonymized.
  4. You will receive a confirmation email once the deletion is complete.
Exceptions to Deletion

We may be required to retain certain records under applicable law, including Illinois healthcare recordkeeping requirements, tax records, and records needed to resolve disputes or enforce agreements. We will inform you of any information retained and the legal basis for doing so.

Please note that deleting your account will cancel any upcoming appointments. We recommend reviewing your schedule before submitting a deletion request.

Security

We implement industry-standard technical, administrative, and physical security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest for sensitive fields
  • Secure, access-controlled cloud infrastructure
  • Regular security reviews and staff training on data handling practices

No method of internet transmission or electronic storage is 100% secure. If you believe your account has been compromised, contact us immediately at info@cgtaesthetics.com.

Third-Party Links

Our App and website may contain links to third-party websites and services, including the Booker booking platform, social media pages, and partner sites. These third parties operate under their own privacy policies and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party services you access through our Services.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via the App or email.

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, wish to exercise a privacy right, or have a concern about how your information is handled, please contact our privacy team:

We aim to respond to all privacy-related inquiries within 10 business days.