Privacy Policy
Effective date: July 3, 2026
VISTA Interface ("VISTA," "we," "us") provides business software for medical aesthetics practices and their clients. This policy explains what information we collect, how we use it, and the choices you have. It covers our websites (vistainterface.com and subdomains), the VISTA platform used by medspa businesses, and the VISTA Connect mobile app used by medspa clients.
The short version: we collect what's needed to run your medspa's services — bookings, purchases, messages, and the forms your medspa asks you to complete. We don't sell your data, we don't run advertising, and we don't use third-party ad tracking. Health information you provide belongs to your relationship with your medspa.
1. Information we collect
From medspa clients (including the VISTA Connect app)
- Contact and identity: name, email address, phone number, date of birth, and your account login.
- Health information: responses to intake, consent, and treatment-related forms your medspa asks you to complete (for example, medical history relevant to a treatment). This information is collected on behalf of your medspa as part of your care.
- Photos: a profile photo if you choose to add one, and treatment photos taken by your medspa as part of your visit records.
- Purchases and appointments: bookings, visit history, memberships, packages, gift cards, order history, and loyalty activity. Payments are processed by Stripe — we never store full card numbers.
- Messages: conversations between you and your medspa within the platform.
- Device information: a push-notification token if you enable notifications, and basic app diagnostics.
From medspa businesses and site visitors
- Business account and staff information (names, emails, roles).
- Website analytics (Google Analytics) on our public marketing site only.
- Information you send us directly (consultation requests, support conversations).
2. How we use information
- To operate the services: bookings, checkout, memberships, messaging, forms, loyalty, and telehealth visits.
- To send service notifications you've enabled (appointment reminders, order updates, messages). Marketing notifications are sent only with your consent and can be turned off any time in the app's profile settings.
- To keep the services secure, prevent fraud, and meet legal obligations.
- To improve reliability (aggregate, de-identified usage and error information).
3. How information is shared
- With your medspa. If you're a client, the information above is shared with — and largely belongs to — the medspa you patronize. Their own privacy practices and medical-records obligations also apply to your relationship with them.
- With service providers that host and operate the platform on our behalf: payment processing (Stripe), cloud hosting and database (Supabase, Vercel), telehealth video (Daily.co), transactional email (Resend), and push notifications (Expo/Apple). Each receives only what it needs to provide its service.
- Legal. We may disclose information when required by law or to protect rights, safety, and the integrity of the services.
- We do not sell personal information, and we do not share it for cross-context behavioral advertising.
4. Your choices and rights
- Access and correction: you can view and edit your profile in the VISTA Connect app, or ask your medspa to correct records they hold.
- Push notifications: control them in the app's profile settings or your device settings.
- Account deletion: you can permanently delete your VISTA Connect account from within the app (Account → Delete account). This removes your login, device registrations, and app access. Your medspa retains the business and medical records it is legally required to keep (for example, treatment records subject to medical record-retention laws).
- Marketing email/SMS: every marketing message includes an opt-out, and you can change preferences in the app.
- Depending on where you live, you may have additional rights (access, deletion, portability). Contact us and we'll honor them as required by law.
5. Data retention
We keep information for as long as needed to provide the services and as required by law. Medical and treatment records are retained by your medspa according to the medical record-retention requirements that apply to their practice. When retention is no longer required, information is deleted or de-identified.
6. Security
Data is encrypted in transit, access is role-restricted, and health-related form data is handled with heightened controls. No system is perfectly secure, but we design for least-privilege access and audit sensitive operations.
7. Children
Our services are not directed to children under 13, and we do not knowingly collect information from them.
8. Changes
We'll post any changes to this policy here and update the effective date. Material changes will be communicated through the services.
9. Contact
Questions or requests: contact@vistainterface.com.
App support: see our Support page.