Privacy Policy

1. Who we are

LuxeFlow(“we,” “us,” or “our”) is a mobile intravenous (IV) wellness service operating in the greater Phoenix metropolitan area. We provide hydration therapy, vitamin infusions, metabolic support, and related wellness services at client homes, hotels, and offices. Our services are delivered by licensed Arizona registered nurses under physician oversight.

2. Information we collect

a. Information you provide directly

• Contact details: name, email address, phone number, mailing / service address.
• Appointment details: date, time, selected drip or add-on, preferred contact method, and any notes you include in the booking form.
• Health information: medical history, current medications, allergies, pregnancy status, and any contraindications you disclose on our intake and consent forms. This information is collected only to the extent necessary to deliver care safely.
• Emergency contact: name and phone number for a contact you designate at booking.
• Payment information: card or bank details are entered directly into our payment processor, Stripe. We receive a tokenized reference and the last four digits — we do not store full card numbers on our systems.
• Membership details: if you enroll in a membership tier, we store the tier, current status, credit balance, and subscription lifecycle events.
• Communications: messages you send us by email, phone, or through our website forms.

b. Information collected automatically

• Device and usage data: IP address, browser type, pages visited, referring URL, and timestamps. Our site uses minimal first-party analytics — we do not run cross-site advertising trackers.
• Cookies: small text files used to keep you signed in to your account, remember your cart during booking, and measure basic site performance. You can disable cookies in your browser, but parts of the booking flow may not work.

c. Information from third parties

• Payment processor: Stripe provides us with confirmation of successful charges, refund status, and fraud signals.
• Geolocation / routing: we use the Google Distance Matrix API to determine whether an appointment time is feasible for our mobile tech to reach. Addresses you provide are sent to Google for this purpose.

3. How we use information

• To schedule, deliver, and document your treatments.
• To evaluate medical appropriateness and refuse or modify treatment when clinically warranted.
• To process payments, issue refunds, and manage memberships.
• To communicate with you — appointment confirmations, reminders, membership status changes, post-service review requests, and customer-service replies.
• To comply with Arizona and federal laws applicable to medical services, including recordkeeping and incident reporting.
• To improve our services — for example, looking at aggregate booking patterns to adjust hours.

4. Legal bases (for residents of jurisdictions that require them)

Where applicable, we rely on: performance of a contract (providing the service you booked); consent (for post-service review requests and marketing email you opt in to); legal obligation (medical recordkeeping, tax, and regulatory compliance); and legitimate interests (site security, fraud prevention, product improvement). You can withdraw consent at any time.

5. HIPAA and health information

Some of the information we collect is protected health information (PHI) under the Health Insurance Portability and Accountability Act. We treat PHI consistent with HIPAA’s Privacy and Security Rules and only share it as permitted: with the licensed staff who treat you, with the ordering / supervising physician, and with business associates who have signed appropriate agreements. PHI is not used for marketing without your authorization.

6. Who we share information with

• Our treating staff and medical director — as required to deliver care.
• Service providers: Supabase (database + auth), Stripe (payments), Resend (transactional email), and Google (routing / distance matrix). Each processes data under a written agreement and only for the purposes we authorize.
• Legal and safety: when required by subpoena, court order, or to protect the safety of our staff, clients, or the public.
• Business transitions: if we reorganize, merge, or sell assets, your information may be transferred, subject to the commitments of this policy.

We do not sell your personal information or share it with third-party advertising networks.

7. How long we keep information

Medical records and related intake/consent forms are retained for the period required by Arizona law for medical documentation (currently six years after the last date of service; longer for records of minors). Account, booking, and payment records are retained as needed to service the account and meet tax / accounting obligations. Site analytics logs are retained for twelve months.

8. Security

We use encryption in transit (HTTPS) and at rest for our databases, restrict administrative access to named staff, and log privileged actions. Payment data is handled by Stripe under PCI-DSS controls. Despite these measures, no system is perfectly secure — please notify us promptly if you suspect unauthorized access to your account.

9. Your choices and rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data (subject to medical-record retention requirements).
• Restrict or object to certain uses of your information.
• Opt out of marketing email at any time using the unsubscribe link. Transactional messages (appointment confirmations, receipts) will still be sent while you have an active booking or membership.

To exercise any of these rights, email hello@luxeflowiv.com. We may need to verify your identity before responding.

10. Children

Our services are intended for adults. We do not knowingly collect personal information from anyone under 18 without parental consent, and we do not treat minors without a parent or legal guardian present.

11. Changes to this policy

We will update this page if our practices change. The “Effective” date at the top reflects the most recent revision. Material changes will be communicated to active clients by email.

12. Contacting us

For privacy questions, data-access requests, or complaints, contact hello@luxeflowiv.com or call (480) 555-0100.