Privacy Policy

1. Introduction

LuxeSurgeons ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical tourism platform and services.

By using LuxeSurgeons, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, phone number, date of birth
• Medical Information: Health history, procedure interests, medical conditions (with your explicit consent)
• Payment Information: Credit card details, billing address (processed securely through Stripe)
• Identification: Government-issued ID, passport information (for travel bookings)
• Communication Data: Messages with surgeons, support tickets, consultation notes

2.2 Automatically Collected Information

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, clickstream data
• Cookies: Session cookies, analytics cookies, preference cookies
• Location Data: Approximate location based on IP address

3. How We Use Your Information

• To provide and maintain our services
• To process bookings and payments
• To match you with qualified surgeons
• To communicate with you about your account and bookings
• To send you updates, newsletters, and promotional materials (with consent)
• To improve our services through analytics
• To detect and prevent fraud and security threats
• To comply with legal obligations

4. HIPAA Compliance

As a healthcare-related service, we take medical privacy seriously:

• All medical information is encrypted both in transit and at rest
• Access to medical data is restricted to authorized personnel only
• We maintain detailed audit logs of all access to medical records
• We have strict data retention and deletion policies
• Business Associate Agreements (BAAs) with all third-party service providers

5. Data Sharing and Disclosure

We share your information with:

• Surgeons: When you request a consultation or book a procedure
• Payment Processors: Stripe for payment processing
• Service Providers: Cloud hosting, email services, analytics
• Legal Authorities: When required by law or to protect our rights

We do NOT sell your personal information.

6. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we use your data
• Object: Object to processing for marketing purposes
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@luxesurgeons.com

7. Data Security

We implement industry-standard security measures:

• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Multi-factor authentication for admin access
• Regular backups and disaster recovery plans
• Employee training on data protection

8. Cookies and Tracking

We use cookies for:

• Essential Cookies: Required for the site to function
• Analytics Cookies: Google Analytics to improve our service
• Preference Cookies: Remember your settings
• Marketing Cookies: Track ad performance (with consent)

You can control cookies through your browser settings or our Cookie Consent Manager.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Privacy Shield certification (where applicable)
• Adequate data protection measures in receiving countries

10. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (typically 7 years for medical records)
• Resolve disputes and enforce agreements

After this period, we securely delete or anonymize your data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered address
• Prominent notice on our website
• In-app notification

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices: