Privacy Policy

a. Information you submit through the Site. When you request a free revenue-leak audit through our lead form, we collect your business email address, the name of your med spa, and the city your med spa operates in. If you contact us through any other form on the Site, we collect the information you choose to provide in that form (typically name, email, business name, and message content).

b. Information you submit through Facebook or Instagram lead ads. We run paid advertising on Meta platforms (Facebook and Instagram). If you submit a Facebook or Instagram "Instant Form" connected to one of our ads, Meta provides us with the information you submitted in that form, which typically includes your full name, email address, phone number, and information about your business (such as spa name, location, and role). Submitting that form is your request that we follow up with you about our services.

c. Scheduling information. If you book a discovery call with us, our scheduling provider (Cal.com) collects the information you provide on the booking page (name, email, time zone, calendar event details, and any answers to intake questions).

d. Information from email and phone communications. If you email us, call us, or text us, we receive the contents of your communication, your email address or phone number, and any attachments or other information you choose to send.

e. Information collected automatically. When you visit the Site, we and our hosting and analytics providers automatically collect certain technical information, including IP address, browser type and version, device type, operating system, referring URL, pages viewed, time and date of visits, and similar log and diagnostic data. We use Vercel for hosting and Vercel Analytics for aggregated, privacy-friendly traffic measurement.

f. Cookies and similar technologies. We use a limited number of cookies and similar technologies that are necessary for the Site to function and to measure aggregate traffic. We also use the Meta Pixel (also known as the Facebook Pixel) on the Site to measure how our Facebook and Instagram ads perform and to enable Meta to attribute conversions back to specific ads. The Meta Pixel sets a small number of cookies and reports actions you take on the Site (such as page views and form submissions) to Meta. You can control or block these cookies through your browser settings, and you can manage Meta-related ad personalization through your Facebook and Instagram ad settings. We do not currently use other third-party advertising cookies or behavioral cross-site tracking on the Site. If we add such technologies in the future, we will update this Privacy Policy and, where required by law, request your consent.

g. Information about your business. As part of delivering a revenue-leak audit, discovery call, or paid engagement, we may review publicly available information about your med spa, including your website, online reviews, social media profiles, advertising on public ad libraries, and how your business responds to typical inbound inquiries (for example, response time on commonly used contact channels). We do not collect protected health information (PHI) about your patients through the Site.

We use the information described above to:

• Respond to your inquiry, deliver the audit, send the audit report, and follow up about your business
• Schedule, confirm, reschedule, or follow up on discovery calls and other meetings
• Provide, operate, support, and improve our Site, services, and client deliverables
• Send you transactional and relationship messages (for example, audit delivery, scheduling confirmations, replies to your inquiries)
• Send marketing emails and, where you have provided your phone number and consent (including through a Facebook or Instagram lead form), marketing or follow-up SMS or calls about our services
• Measure and analyze how the Site and our advertising perform, in the aggregate
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service
• Comply with legal obligations, enforce our agreements, and protect our rights, our clients' rights, and the rights and safety of others

We do not sell your personal information, and we do not share your personal information with third parties for their own independent marketing purposes. We share information only as described below:

a. Service providers. We share information with vendors that help us run our business under contractual obligations to use the information only on our behalf. Categories of providers we use or expect to use include:

• Hosting and infrastructure: Vercel (hosts the Site and processes request and log data)
• Analytics: Vercel Analytics (aggregated traffic measurement)
• Advertising measurement: Meta Platforms, Inc. (the Meta Pixel measures Facebook and Instagram ad performance and reports conversion events from the Site to Meta)
• Email delivery: Resend (delivers transactional and follow-up email, including audit deliveries and confirmations)
• Lead-form processing: Meta Platforms, Inc. (operator of Facebook and Instagram lead ads, which deliver the information you submit on Instant Forms to us)
• Scheduling: Cal.com (handles discovery-call booking)
• Telephony and SMS: Twilio (handles outbound and inbound calls and text messages where applicable)
• Productivity and storage: Google Workspace (email, calendar, document storage for our internal operations)
• Artificial intelligence services: providers such as Anthropic and OpenAI may process content on our behalf to help us draft audits, marketing copy, and replies. We do not use these providers to make automated decisions that produce legal or similarly significant effects about you.

We may add or change service providers from time to time. Each provider has its own privacy policy that governs how it handles data it processes for us.

b. Meta Platforms (Facebook and Instagram). Because we advertise on Meta platforms, certain information is shared with Meta:

• When you submit a Facebook or Instagram lead form, Meta provides that form data to us
• We may, in the future, upload contact lists (such as hashed email addresses or phone numbers) to Meta to create "Custom Audiences" or "Lookalike Audiences" so we can show ads to similar businesses or exclude existing contacts from our ads
• Meta uses information it receives in accordance with Meta's own data policy and our agreements with Meta

You can opt out of being included in our Custom Audiences at any time by emailing us at jonathan@topdeckdigital.com and asking to be excluded. You can also adjust your ad preferences directly in Facebook and Instagram.

c. Professional advisors. We may share information with our accountants, lawyers, insurers, and similar advisors when necessary to receive their services, subject to their professional duties of confidentiality.

d. Business transfers. If we are involved in a merger, acquisition, financing, reorganization, sale of business assets, or bankruptcy, information about you may be transferred as part of that transaction. The recipient will be required to honor this Privacy Policy with respect to your information.

e. Legal and safety. We may disclose information if we believe in good faith that disclosure is required by applicable law, regulation, legal process, or governmental request, or necessary to enforce our Terms of Service, address fraud or security issues, or protect the rights, property, or safety of Top Deck Digital, our clients, our users, or others.

SMS / text messaging. If you provide us with your mobile phone number through a Facebook or Instagram lead form, the Site, or another channel, you consent to receive recurring transactional and marketing text messages from Top Deck Digital related to your inquiry and our services. Message frequency varies based on your interaction with us. Message and data rates may apply. You may opt out at any time by replying STOP to any text message; you may reply HELP for help, or email jonathan@topdeckdigital.com. Consent to receive marketing texts is not a condition of purchasing any goods or services.

Email. If you submit a form on the Site or otherwise share your email address with us, you agree that we may send you transactional emails (audit deliverables, scheduling confirmations, replies, account-related messages) and follow-up emails about our services. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email or by emailing jonathan@topdeckdigital.com. You may continue to receive transactional emails necessary to deliver services you have requested.

Phone. If you provide your phone number, we may call you to follow up on your inquiry. You may ask us not to call at any time.

We use commercially reasonable administrative, technical, and physical safeguards to protect information from unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit (TLS), use of reputable cloud infrastructure, access controls limited to personnel who need the information to do their work, and regular review of our practices. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

We retain personal information for as long as is reasonably necessary to fulfill the purposes for which it was collected, including to provide and improve our services, communicate with you, resolve disputes, comply with legal obligations, and enforce our agreements. When we no longer have a legitimate need to keep personal information, we will delete it, anonymize it, or, if that is not possible (for example, because the information is stored in backup archives), securely store it and isolate it from further processing until deletion is possible.

You may request deletion of your information at any time as described under "Your Rights" below. We will honor those requests except where retention is required by law (for example, tax, accounting, or recordkeeping obligations) or necessary to establish, exercise, or defend legal claims.

Depending on where you live, you may have rights with respect to your personal information, including:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate or incomplete information
• Deletion: request that we delete your personal information, subject to legal or operational retention requirements
• Opt-out of marketing: unsubscribe from marketing email, reply STOP to text messages, or ask us to stop calling
• Opt-out of Custom Audiences: ask us not to include you in Custom Audience or Lookalike Audience uploads to advertising platforms
• Non-discrimination: we will not retaliate against you for exercising any privacy right available to you under applicable law

To exercise any of these rights, email jonathan@topdeckdigital.com with the subject line "Privacy Request." We will verify your request before responding (typically by confirming control of the email address or other identifier the request is about) and will respond within the time required by applicable law.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you specific rights regarding your personal information, including the rights to know, delete, correct, and limit the use of sensitive personal information, as well as the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under California law.

We do not sell your personal information for money. However, our use of advertising platforms such as Meta (including the use of Facebook and Instagram lead ads, the Meta Pixel, and, in the future, the possible upload of hashed contact information for Custom Audience and Lookalike Audience targeting) may be considered "sharing for cross-context behavioral advertising" under California law. You can opt out of this sharing at any time by emailing jonathan@topdeckdigital.com with the subject line "Do Not Share My Personal Information."

To exercise your California rights, contact us using the email above or the contact information at the end of this policy. You may also designate an authorized agent to make a request on your behalf, subject to verification.

Our Site and services are intended for business decision-makers and are not directed to children. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information. If you believe a person under 18 has provided us with personal information, please contact us at jonathan@topdeckdigital.com.

We are based in the United States, and our service providers are located primarily in the United States. If you access the Site from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. By using the Site or sharing information with us, you consent to that transfer. If you are located in a jurisdiction with data protection laws different from those in the United States, please contact us for more information about your rights.

The Site may contain links to websites and services operated by third parties (such as Cal.com booking pages or social media profiles). We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page will be revised when we make changes. If we make material changes, we will provide additional notice as required by applicable law (for example, by email or by a prominent notice on the Site). Your continued use of the Site or our services after the updated policy takes effect constitutes acceptance of the updated policy.

For privacy-related questions, requests, or to exercise your rights, contact:

Top Deck Digital (a brand of JWF Group LLC)
San Diego, California, United States
Email: jonathan@topdeckdigital.com
Phone: (619) 784-3938
Website: topdeckdigital.com