Luna Allure

Advanced Aesthetics

Privacy Policy

Privacy Policy

Privacy Policy

Luna Allure Advanced Aesthetics

Last Updated: May 28, 2026

NOTICE PER TMB RULE 22 TAC §169.28: Medical services at this facility are provided under the medical direction of Vitali Azouz, M.D., Texas Medical Board License #U1231. All treatments are performed by trained, credentialed clinical staff under physician-approved protocols and standing delegation orders per TMB Rules 22 TAC §§169.25–169.28.

1. INTRODUCTION

This Privacy Policy applies to the website, online booking system, and related services provided by ORE Enterprise LLC d/b/a Luna Allure Advanced Aesthetics (“Company,” “we,” “us,” or “our”). Luna Allure operates physician-supervised medical spa locations in San Antonio, Texas, under the medical direction of Vitali Azouz, M.D., Texas Medical Board License #U1231.

We value your privacy and are committed to protecting your personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Texas Medical Records Privacy Act (TMRPA, Health & Safety Code Chapter 181), the Texas Identity Theft Enforcement and Protection Act (ITEPA, Business & Commerce Code Chapter 521), applicable Payment Card Industry Data Security Standards (PCI DSS), the Telephone Consumer Protection Act (TCPA), and all other applicable federal and state privacy laws.

By using our website, submitting information through any of our online forms, making a payment, or otherwise engaging with us, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our website or services.

2. HOW WE COLLECT YOUR INFORMATION — OUR TWO-STEP PROCESS

Luna Allure uses a deliberate two-step process to protect your privacy. We separate the collection of basic personal and payment information from the collection of medical and health information:

Step 1: Website Information & Payment (Personal Identifiable Information)

When you submit information through our website or through third-party booking and payment platforms operating on our behalf (such as our online scheduling and checkout systems) — including but not limited to lead capture forms, consultation request forms, booking forms, inquiry forms, or payment pages, whether or not you complete the booking or transaction — we collect the following:

  • Your first and last name
  • Phone number
  • Email address
  • Payment card details, if you proceed to payment (processed via tokenization; see Section 6)
  • Appointment preferences (service type, date, time, location), if applicable
  • Billing address (city, state, ZIP code), if you proceed to payment

We do not collect medical history, health conditions, medications, treatment records, or any other Protected Health Information (PHI) through our public website or online booking system. If you begin a form submission but do not complete it, the information you entered prior to abandonment may still be collected and used as described in Section 4 below.

Step 2: Medical Intake (Protected Health Information)

After your booking is confirmed, a Luna Allure Spa Coordinator will contact you by phone to conduct a preliminary health screening. Following that call, you will receive a separate, secure link to complete your official medical intake forms through a HIPAA-compliant platform. Your medical and health information is collected, transmitted, and stored exclusively through these secure clinical channels and is governed by our Notice of Privacy Practices, which is provided separately and is available at either clinic location or upon request.

This two-step design ensures that your sensitive medical information never passes through our public-facing website infrastructure.

3. TYPES OF INFORMATION WE HANDLE

We distinguish between two categories of information, each governed by different legal frameworks:

Personal Identifiable Information (PII): Your name, contact details, appointment preferences, and payment information. PII is collected during the website interaction and booking process and is governed by this Privacy Policy, applicable consumer privacy laws, and PCI DSS.

Protected Health Information (PHI): Your medical history, treatment records, clinical photographs, intake questionnaire responses, Good Faith Exam results, and other health-related data. PHI is collected during the clinical intake process (Step 2) and is governed by HIPAA, the Texas Medical Records Privacy Act (TMRPA), and our Notice of Privacy Practices.

This Privacy Policy addresses the collection, use, and protection of PII. Our Notice of Privacy Practices, provided separately as part of your medical intake, addresses the use and disclosure of PHI for treatment, payment, and health care operations.

4. HOW WE USE YOUR INFORMATION

We use the PII collected through our website for the following purposes:

Inquiry and Booking Assistance. If you submit your contact information through any form on our website — including a booking form you do not complete — we may use that information to contact you by phone, text, or email to assist with your inquiry, answer questions about our services, provide additional information, and help you complete your booking. We may continue follow-up communications until you schedule an appointment or request removal from further contact.

Appointment Scheduling and Follow-Up. We may call, text, or email you to confirm your booking, send appointment reminders, provide pre-care or post-care instructions, and conduct follow-up communications related to your treatment.

Medical Intake Coordination. Our Spa Coordinator will use your contact information to initiate the preliminary health screening by phone and to send you the secure link for your medical intake forms.

Payment Processing. We use your payment information to process deposits, prepayments, service charges, and any applicable fees as described in our Terms & Conditions.

Promotional Communications. With your consent, we send emails and text messages containing promotional offers, newsletters, and service updates. You may opt out of promotional communications at any time without affecting your appointments or care.

Service Improvement. Personalizing your experience, developing new features, improving service quality, and analyzing website usage through cookies and similar technologies.

Legal and Regulatory Compliance. Complying with applicable federal and Texas state laws, responding to legal process, and protecting the rights, property, or safety of Luna Allure, our clients, and the public.

Customer Service and Communication Records. When you communicate with us via text message, email, or by calling our clinic, those communications may be recorded, logged, and retained for quality assurance, patient safety, customer service training, and legal compliance.

5. COOKIES, ANALYTICS & TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience, analyze website traffic, and improve our services. Cookies are small data files placed on your device when you visit our website.

Analytics and Advertising Technologies

In addition to first-party cookies, our website may use third-party analytics and advertising technologies, including but not limited to:

  • Website analytics services (such as Google Analytics) that collect anonymized or pseudonymized usage data — including pages visited, time on site, referring URLs, and device information — to help us understand how visitors use our website and improve our services.
  • Advertising platform pixels and tags (such as Meta/Facebook Pixel and Google Ads conversion tracking) that may collect information about your browsing activity on our website to measure the effectiveness of our advertising campaigns and to serve you relevant advertisements on other websites and social media platforms.
  • Retargeting technologies that may use cookies or similar identifiers to show you Luna Allure advertisements after you leave our website.

These third-party providers operate under their own privacy policies, which govern how they collect and use your data. We encourage you to review the privacy policies of these providers. Luna Allure does not control the data practices of third-party analytics or advertising providers.

You may adjust your browser settings to refuse cookies; however, some features of our website, including the online booking system, may not function properly without them. You may also opt out of interest-based advertising through industry tools such as the Digital Advertising Alliance’s opt-out page (optout.aboutads.info). We do not use cookies or tracking technologies to collect medical or health information. Our website does not currently respond to Do Not Track (DNT) browser signals. There is no uniform industry standard for recognizing or honoring DNT signals at this time. You may manage your tracking and advertising preferences through your browser settings and through the advertising opt-out tools described above.

6. PAYMENT DATA SECURITY

Online payments are processed through PCI DSS-compliant third-party payment processors that use tokenization technology. When you enter your payment card details during the booking process, your card number is immediately converted into a secure, randomly generated token by the payment processor. This means:

  • Luna Allure does not receive, store, process, or have access to your full credit card number, CVV/security code, or other sensitive cardholder authentication data on our systems.
  • All payment transactions are encrypted using industry-standard SSL/TLS encryption during transmission.
  • The secure token may be retained by the payment processor to facilitate authorized charges as described in our Terms & Conditions (including deposits, service balances, and applicable fees), but the underlying card data remains in the payment processor’s PCI-compliant environment at all times.

By submitting payment through our website, you acknowledge that your payment card data is subject to our payment processor’s terms of service and privacy policy in addition to this Privacy Policy. You may request information about our payment processor upon request.

7. DATA SHARING

No Sale of Data. We do not sell, rent, or trade your personal information to third parties for their marketing or promotional purposes.

Mobile Information. We will not share, sell, or provide your mobile phone number to third parties or affiliates for marketing or promotional purposes. This prohibition is absolute and has no exceptions. Mobile originator opt-in data and consent will not be shared with any third party.

Email Information. We will not share your email address with third parties or affiliates for their marketing or promotional purposes. All email originator opt-in data will not be shared beyond what is necessary for delivering our messaging services or as legally required.

Trusted Service Providers. We may share PII with service providers and partners — including but not limited to scheduling platforms, customer relationship management (CRM) systems, payment processors, SMS and email communication platforms, secure medical intake platforms, analytics providers, and hosting providers — solely for legitimate business operations. These providers are contractually obligated to protect your information and are prohibited from using it for any purpose other than providing services on our behalf. Sharing of data with trusted service providers for operational purposes (such as sending you appointment confirmations or processing your payment) is not considered sharing for marketing or promotional purposes.

Legal Disclosure. We may disclose information as required by law, in response to valid legal process (subpoena, court order, or government request), or to protect the rights, property, or safety of Luna Allure, our clients, or the public.

8. YOUR RIGHTS AND CHOICES

General Rights

  • Access and Updates: You may request to review or update your personal information at any time by contacting us.
  • Opt-Out of Promotional Communications: You can opt out of promotional messages by replying STOP to any text message, using the unsubscribe link in any email, or contacting us directly. Opting out of promotional communications will not affect transactional messages related to your appointments and care.
  • Opt-Out of Follow-Up for Incomplete Bookings: If you submitted information through a form but did not complete a booking, you may request at any time to be removed from follow-up communications by contacting us or replying STOP.
  • Restrict Processing: Where legally applicable, you may request that we restrict or object to specific data processing activities.
  • Deletion: You may request deletion of non-medical personal information by contacting us. Certain records may be retained as required by law (see Section 10).

Your Rights Under Texas Law

Under the Texas Medical Records Privacy Act (TMRPA, Health & Safety Code Chapter 181), you have additional rights regarding your Protected Health Information, including:

  • The right to request information about how your PHI is used and disclosed. We will respond to such requests in writing.
  • The right to request access to your medical records. We will provide access within 15 business days of receiving your written request, as required by TMRPA (compared to HIPAA’s 30-day standard).
  • The right to request amendments or corrections to your medical records.
  • The right to receive an accounting of certain disclosures of your PHI.

For a complete description of your privacy rights regarding PHI, please refer to our Notice of Privacy Practices, available at either clinic location or upon request.

9. COMMUNICATION METHODS AND CONSENT

By submitting your contact information through any form on our website or our third-party booking platforms, you may receive the following types of communications from Luna Allure via phone, text message (SMS/MMS), and email:

Transactional and Inquiry Communications (no separate opt-in required): These are sent based on your submission of contact information and your interaction with our website or booking system. They include:

  • Inquiry follow-up and booking assistance for incomplete or abandoned forms
  • Appointment confirmations, reminders, and scheduling communications
  • Pre-care and post-care instructions
  • Medical intake coordination
  • Follow-up communications related to your treatment or inquiry

Promotional Communications (affirmative opt-in required): Promotional offers, newsletters, service updates, and other marketing messages. Promotional communications require your affirmative opt-in consent, which you provide by checking the marketing consent box on our lead capture or booking form. You may revoke this consent at any time without affecting transactional or inquiry communications.

Transactional and inquiry communications are essential to your care, appointment management, and customer service and will be sent regardless of your promotional communication preferences.

Message frequency varies. Message and data rates may apply depending on your mobile carrier plan. Carriers are not liable for delayed or undelivered messages. Consent to receive communications is not a condition of booking or purchasing any service.

Reply STOP to any text message to opt out of all text communications. Reply HELP for assistance. You may also opt out by contacting us at (210) 332-5535 or Sonterra@lunallure.com.

10. DATA RETENTION

We retain personal information according to the following guidelines:

  • Booking and contact information: For the duration of your client relationship plus a reasonable period thereafter for follow-up, service improvement, and legal compliance.
  • Partial or abandoned form submissions: For a reasonable period to enable follow-up and booking assistance, unless you request deletion.
  • Payment transaction records: As required by applicable tax, accounting, and PCI DSS standards.
  • Medical records (PHI): In accordance with Texas medical record retention requirements, a minimum of seven years from the last date of treatment for adults; through the age of majority plus the applicable statute of limitations for minors.
  • Marketing consent records: For as long as consent is active, plus a reasonable period to demonstrate compliance with applicable laws.
  • Website usage data, cookies, and analytics: In accordance with applicable data retention standards and the retention policies of our analytics providers.

11. DATA BREACH NOTIFICATION

In the event of a breach of your personal information, Luna Allure will notify affected individuals within 60 days of discovery, as required by TMRPA, ITEPA (Business & Commerce Code Chapter 521), and HIPAA. Where required by law, we will also notify the Texas Attorney General and other applicable regulatory authorities. We maintain administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, or disclosure.

12. CHILDREN’S PRIVACY

Our website and online booking system are intended for individuals aged 18 or older. We do not knowingly collect personal information from individuals under 18 through our website. Individuals under 18 may receive certain services only when accompanied by a parent or legal guardian who provides in-person consent at the clinic. If we discover that we have inadvertently collected personal information from an individual under 13 without parental consent, we will delete such information promptly.

13. SECURITY MEASURES

We implement appropriate technical and organizational measures to protect your personal information, including SSL/TLS encryption for data in transit, access controls restricting data access to authorized personnel, secure hosting environments with industry-standard protections, and employee training on data privacy and security practices in accordance with TMRPA training requirements. While no system can guarantee absolute security, we are committed to maintaining safeguards that meet or exceed applicable regulatory standards.

14. THIRD-PARTY LINKS

Our website may contain links to third-party websites, including but not limited to our payment processor, social media platforms, review sites, mapping services, and our secure medical intake platform. These third-party websites have their own privacy policies and data practices, which we do not control. Luna Allure is not responsible for the privacy practices, content, or security of any third-party website. We encourage you to review the privacy policy of every website you visit. A link from our website does not constitute an endorsement of, or representation regarding, any third party’s privacy or data handling practices.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated “Last Updated” date. Material changes will be communicated through prominent notice on our website or by direct communication where required. Your continued use of our website or services after changes are posted constitutes acceptance of the revised Privacy Policy.

16. CONTACT US

If you have questions or concerns about this Privacy Policy, wish to exercise any of your privacy rights, wish to opt out of communications, or would like to request a copy of our Notice of Privacy Practices, please contact us at:

Phone: (210) 332-5535

Email: Sonterra@lunallure.com

Stone Oak: 1202 E. Sonterra Blvd, Suite 604, San Antonio, TX 78258

Alamo Heights: 555 E. Basse Rd, Suite 111, San Antonio, TX 78209

TEXAS MEDICAL BOARD COMPLAINT NOTICE

Complaints regarding this medical spa may be directed to the Texas Medical Board,

P.O. Box 2018, Austin, TX 78768-2018, (800) 201-9353, http://www.tmb.state.tx.us

© 2026 ORE Enterprise LLC d/b/a Luna Allure Advanced Aesthetics. All rights reserved.