PRIVACY POLICY

INTRODUCTION

We at Blissful Basics LLC ("we," "us," "our") respect your privacy. This Privacy Policy is designed to explain how we collect, use, and protect the personal information you provide to us when you visit our website, book our esthetics services, visit our spa location, or engage with us on social media, as well as your own rights to the information we collect.

Please read this Privacy Policy carefully. We will alert you to any changes to this Policy by changing the "last updated" date at the top of this Policy. Any changes become effective immediately upon publication on our website, and you waive specific notice of any changes to the Policy by continuing to use and access our site(s). We encourage you to review this Privacy Policy periodically, when you use our website for any purpose or engage with us on social media. You are deemed to have accepted any changes to any revised Privacy Policy by your continued use of our website after the revised Privacy Policy is posted.

INFORMATION THAT WE COLLECT

We collect a variety of information from you when you visit our website, book appointments, receive services at our spa, or interact with us on social media. By accepting this Privacy Policy, you are specifically consenting to our collection of the data described below, to our use of the data, to the processing of this data, and to our sharing of the data with third-party processors as needed for our legitimate business interests. The information we collect may include:

PERSONAL DATA

Personal Data is information that can be used to identify you specifically, including your name, address, email address, telephone number, or demographic information like your age, gender, or hometown. You consent to giving us this information by providing it to us voluntarily on our website or in our spa. You provide some of this information when you book an appointment, register for services, or make purchases from our spa. You may also provide this information by participating in various activities associated with our spa, including responding to reviews, contacting us with questions, or participating in promotions or events. Your decision to disclose this data is entirely voluntary. You are under no obligation to provide this information, but your refusal may prevent you from accessing certain benefits from our website or from receiving our esthetics services.

HEALTH-RELATED DATA

As an esthetics spa, we may collect certain health-related information that is necessary to provide safe and effective services. This may include information about allergies, skin conditions, medical treatments you are undergoing, medications you are taking, and other health-related information relevant to the services we provide. This information is collected solely for the purpose of providing appropriate esthetics services and ensuring your safety. You consent to providing this information by voluntarily sharing it during consultations, through intake forms, or in discussions with our licensed estheticians.

APPOINTMENT AND SERVICE HISTORY

We collect information about the services you receive, including the types of treatments, products used, your preferences, and the dates and times of your appointments. This information helps us provide consistent service and maintain appropriate records of your treatment history.

DERIVATIVE DATA

Derivative data is information that our servers automatically collect about you when you access our website, such as your IP address, browser type, the dates and times that you access our website, and the specific pages you view. If you are using a mobile application, our servers may collect information about your device name and type, your phone number, your country of origin, and other interactions with our application. Derivative data may also include data collected by third-party service providers, such as advertising and analytics providers, and may include cookies, log data, or web beacons. Cookies are discussed more fully below. Derivative data collected by third-party service providers generally does not identify a specific individual.

FINANCIAL DATA

Financial data is data that is related to your payment method, such as credit card or bank transfer details. We collect financial data in order to allow you to purchase our services and products. We store limited financial data. Most financial data is transferred to our payment processors and you should review these processors' Privacy Policy to determine how they use, disclose, and protect your financial data.

SOCIAL NETWORKING DATA

We may access personal information from social networking sites and apps, including Facebook, Instagram, LinkedIn, Twitter, or other social networking sites or apps not named specifically here, which may include your name, your social network username, location, email address, age, gender, profile picture, and any other public information. If you do not want us to access this information, please go to the specific social networking site and change your privacy settings.

MOBILE DEVICE DATA

If you use our website via a mobile device or app, we may collect information about your mobile device, including device ID, model and manufacturer, and location information.

OTHER DATA

On occasion, you may give us additional data in order to enter into a contest or giveaway or to participate in a survey. You will be prompted for this information and it will be clear that you are offering this kind of information in exchange for an entry into such a contest or giveaway.

ARTIFICIAL INTELLIGENCE USE

AI SYSTEMS AND VOICE TECHNOLOGY

At Blissful Basics LLC, we employ various artificial intelligence (AI) technologies and voice recognition systems to enhance our marketing, customer service, appointment scheduling, and business operations. This section outlines how we collect, use, process, and protect your information in connection with these technologies.

DATA COLLECTION AND PROCESSING FOR AI SYSTEMS

Types of Information Collected: When you interact with our AI systems (including chatbots, voice assistants, automated messaging systems, and other AI-powered tools), we may collect and process:

• Voice recordings and transcriptions (when you interact with voice-based systems)
• Text messages and chat histories
• Query and response data
• Customer service requests and resolutions
• Appointment preferences and scheduling information
• Service feedback and preferences

Automated Decision Making: Our AI systems may use your information to make certain automated decisions, such as:

• Suggesting appropriate services based on your treatment history and preferences
• Recommending products that complement your skin type and concerns
• Scheduling appointments based on your availability and service provider preferences
• Generating personalized marketing communications

Transparency and Explanation: You have the right to know when you are interacting with an AI system rather than a human representative. All of our AI-powered communications will clearly identify themselves as automated systems at the beginning of the interaction. You may request human intervention at any time during these interactions.

VOICE DATA PRIVACY

When you interact with our voice-enabled systems:

• Voice recordings may be processed to convert speech to text, authenticate your identity, or fulfill your requests
• We retain voice recordings only for the minimum time necessary to complete the requested service, improve our systems, or as required by law
• You can request deletion of your voice recordings at any time by contacting us at meghan@blissfulbasics.com
• Voice data is encrypted in transit and at rest
• We do not use voice prints or voice recognition to identify you across different sessions without your explicit consent

THIRD-PARTY AI SERVICES

We may utilize third-party AI service providers to power our AI systems. These providers include:

• AI-powered appointment scheduling services
• Customer service automation platforms
• Marketing automation tools
• Voice recognition and transcription services

These third-party providers may process your data according to their own privacy policies in addition to ours. We select partners who maintain high standards of data protection and require them to implement appropriate safeguards for your information.

YOUR RIGHTS REGARDING AI PROCESSING

In addition to the rights outlined elsewhere in this Privacy Policy, you have the following specific rights regarding AI processing:

Right to Opt Out: You may opt out of AI-powered marketing, voice data collection, or automated decision-making at any time by contacting us at meghan@blissfulbasics.com or by using the opt-out mechanisms provided in our communications.

Right to Human Review: You have the right to request human review of any decision made solely by an automated system that has legal or similarly significant effects on you.

Right to Explanation: You may request information about how our AI systems made specific decisions that affect you, including the factors considered and the logic involved, to the extent technically feasible.

Profiling Limitations: While our AI systems may analyze your preferences and behavior to provide personalized services, we limit the scope and impact of such profiling and do not use it in ways that might significantly affect your rights or create legal consequences without human oversight.

AI DATA SECURITY AND PROTECTION

We implement enhanced security measures specifically designed to protect data processed by our AI systems:

• Regular AI system audits and security assessments
• Monitoring for bias and discrimination in AI outputs
• Data minimization principles to limit AI access to only necessary information
• Employee training on responsible AI use and data protection
• Secure deletion of training data when no longer needed

AI POLICY UPDATES

As AI technology and regulations evolve rapidly, we may update this section of our Privacy Policy more frequently than other sections. The most current version will always be available on our website, and significant changes will be communicated to you through email or notices on our website.

CHILDREN'S DATA AND AI

We do not knowingly collect or process children's data (under 16 years of age) through our AI systems. If we discover that a child has provided information to our AI systems, we will promptly delete such information and deactivate any associated accounts or profiles.

AI LIABILITY LIMITATION

To the maximum extent permitted by applicable law, Blissful Basics LLC disclaims all liability for any damages, losses, or harm arising from:

• Inaccuracies, errors, or misunderstandings in AI-generated content or recommendations
• Technical failures or outages of AI systems
• Unauthorized access to AI systems or data processed by them
• Any decision you make based on information or recommendations provided by our AI systems

You acknowledge that our AI systems are tools designed to assist and enhance our services, but they are not substitutes for professional judgment or advice. All final decisions regarding your esthetics treatments should be made in consultation with our licensed professionals.

GENERATIVE AI CONTENT DISCLAIMER

Some of our marketing materials, communications, or website content may be created or assisted by generative AI technologies. We review and verify AI-generated content before publication, but we do not warrant that such content is entirely free from errors or inaccuracies. We maintain editorial control and responsibility for all published content regardless of whether AI tools were used in its creation.

ALGORITHMIC FAIRNESS AND NON-DISCRIMINATION

We are committed to ensuring our AI systems do not engage in or perpetuate unlawful discrimination. We regularly test and audit our AI systems to identify and mitigate potential biases related to race, gender, age, or other protected characteristics. If you believe you have experienced discrimination through our AI systems, please contact us immediately at meghan@blissfulbasics.com.

CONTACT INFORMATION FOR AI PRIVACY CONCERNS

If you have specific questions, concerns, or requests regarding our use of AI technology and your data, please contact:

Email: meghan@blissfulbasics.com with the subject line "AI Privacy Inquiry"

Address: 9 Madison Street, Morristown, NJ

HOW WE USE YOUR INFORMATION

Your information allows us to offer you certain products and services, including the use of our website, to fulfill our obligations to you, to customize your interaction with our spa and our website, and to allow us to suggest other products and services we think might interest you. We generally store your data and transmit it to a third party for processing. However, to the extent we process your data, we do so to serve our legitimate business interests (such as providing you with the opportunity to book our services and interact with our website).

Specifically, we may use the information and data described above to:

• Create and administer your account;
• Book appointments and deliver any services purchased by you;
• Correspond with you;
• Process payments or refunds;
• Contact you about new offerings that we think you will be interested in;
• Interact with you via social media;
• Send you a newsletter or other updates about our spa;
• Request feedback from you about our services;
• Notify you of updates to our service offerings;
• Resolve disputes and troubleshoot any problems;
• Administer contests or giveaways;
• Generate a profile that is personalized to you, so that future interactions with our website and spa will be more personal;
• Create and maintain appropriate client records for esthetics services;
• Ensure the safety and effectiveness of treatments based on your health information;
• Compile anonymous statistical data for our own use or for a third party's use;
• Assist law enforcement as necessary;
• Prevent fraudulent activity on our website;
• Analyze trends to improve our website and service offerings.

HOW WE PROTECT YOUR INFORMATION

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

HEALTH INFORMATION PROTECTION

We take additional precautions to protect the health-related information you provide to us. Access to this information is restricted to licensed professionals who need the information to provide you with appropriate services. We maintain physical, electronic, and procedural safeguards to protect this sensitive information and comply with applicable laws and regulations governing the privacy of such information.

SECURITY MEASURES

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information:

• All transactions are processed through a secure gateway provider
• Our website is protected with SSL encryption
• Physical records are kept in secure, locked locations
• Electronic records are password-protected and access is limited to authorized personnel
• Staff are trained in privacy and security procedures
• Regular security assessments are conducted

DATA SHARING COMMITMENT

WE DO NOT SELL YOUR DATA

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information for marketing or promotional purposes. Your information will never be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.

LIMITED SHARING WITH SERVICE PROVIDERS

We may share your information with trusted third parties who assist us in operating our website, conducting our business, processing payments, or servicing you, so long as those parties agree to keep this information confidential. These service providers include:

• Payment processors - solely for the purpose of processing your payments
• Email service providers - solely for sending communications you have opted in
• Website hosting services - solely for the purpose of hosting our website and its content
• Appointment scheduling software - solely for managing your appointments
• RevleNet esthetics management software - for managing client records, services, and products

REVLENET ESTHETICS MANAGEMENT SYSTEM

We use RevleNet software to manage our esthetics business, including client records, appointment scheduling, service history, product recommendations, and billing information. Please be aware of the following regarding our use of this software:

• Limited Data Sharing: Your information is entered into the RevleNet system solely for the purpose of managing your spa services and appointments. This information is not shared with RevleNet for marketing purposes.
• Data Security: RevleNet employs industry-standard security measures to protect your information, including encryption, secure servers, and access controls.
• Data Processing: Your information stored in RevleNet may be processed according to RevleNet's own privacy policy in addition to our policies.
• Service Continuity: While we strive to maintain consistent access to your information through RevleNet, we cannot guarantee continuous availability of the system as this depends on the RevleNet platform.

OTHER LIMITED DISCLOSURES

We may also disclose your information:

• As required by law, such as to comply with a subpoena or similar legal process
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
• To enforce our Terms of Service
• In the event of a merger, acquisition, bankruptcy, or sale of assets, in which case the privacy policy of the new entity will govern

COOKIES

We may use cookies for tracking purposes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer, Chrome, Firefox, or Safari) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.

If you disable cookies, some features may be disabled and some of our services may not function properly.

SMS/TEXT MESSAGE PRIVACY

If you have opted in to receive SMS/text messages from us, we are committed to protecting your privacy regarding these communications:

• No Data Sharing: All text messaging originator opt-in data and consent information will not be shared with any third parties, excluding the aggregators and providers necessary to deliver the SMS service.
• Marketing Restrictions: Your mobile information will not be shared with any third parties or affiliates for marketing or promotional purposes.
• Limited Use: Your SMS opt-in data will only be used for the specific purposes you have consented to, such as appointment reminders, special offers, and service notifications you've explicitly opted into.
• Opt-Out Control: You can stop receiving text messages at any time by texting "STOP" to our shortcode. Upon doing so, we will confirm your opt-out status via SMS and will cease sending you text messages.

INTERNATIONAL DATA

Our website is hosted by servers located in the United States of America. Therefore, if you reside outside the United States of America, some of your data will be transferred internationally to and stored on those servers. We use all reasonable methods to protect the safety of your data during transfer, including hosting our website on reputable servers and engaging reputable third-party processors. By using this site and providing us with information, you consent to this transfer, processing, and storage of your information in the United States of America.

DATA RETENTION

We retain personal data as long as it is needed to conduct our legitimate business purposes or to comply with our legal obligations, or until you ask us to delete your data. For example, we will retain certain personal information indefinitely for the purposes of maintaining your client record, unless and until you request deletion of your data. Due to the nature of esthetics services, certain treatment records may be retained for longer periods as required by professional standards or applicable laws.

We will honor your request to delete your data, as described more fully below, unless we are required by law to retain access to the data. However, note that we cannot control the retention policies of third parties. If you wish to have any third parties, including those to whom we've transmitted your data, delete that data, you will need to contact those third parties directly.

SECURITY OF YOUR INFORMATION

We take all reasonable steps to protect your personal data and keep your information secure. We use recognized online secure payment systems and implement generally accepted standards of security to protect against personal data loss or misuse. However, no security measure is foolproof, and no method of data transmission can be guaranteed against interception or misuse. We cannot guarantee complete security of any information you transmit to us.

By consent to this Privacy Policy, you acknowledge that your personal data may be available, via the internet, around the world. We cannot prevent the use or misuse of your data by other parties.

We will notify you promptly of any known breach of our security systems or your data which might expose you to serious risk.

SENSITIVE DATA

We request that you only submit sensitive health-related information that is necessary for us to provide appropriate esthetics services to you. Do not submit any sensitive data to us via public postings, email correspondence with us, or any other method, including social security number, genetic data, or information related to your ethnic origin, religious beliefs, or criminal history that is not directly relevant to your treatment. If you do send us this information, then by doing so you are consenting to our use, storage, and processing of this information in accordance with this privacy policy and solely for the purpose of providing appropriate services to you.

UPDATE ACCOUNT INFORMATION

You have the right to update or change any information you have provided to us. To update or delete your information, please contact us at meghan@blissfulbasics.com.

CONFIRM PERSONAL DATA AND ITS USE

You have the right to request that we confirm what data we hold about you, and for what purposes. You also have the right to confirmation of whether we process your data or deliver your data to third-party processors, and for what purposes. We will supply you with copies of your personal data unless doing so would affect the rights and freedoms of others.

CHANGE CONSENT

You have the right to change your consent to our use of your information. In such cases, we may require you to delete your account with us, as described above, and you may not have full access to our website or services.

REQUEST A COPY OF DATA

You have the right to request a digital copy of the data that we hold about you. Your first request for a copy of your personal data will be provided free of charge; subsequent requests will incur a reasonable fee.

TRANSFER YOUR DATA

You have the right to request that we gather and transfer your data to another controller, in a commonly used and machine readable format, unless doing so would cause us an undue burden.

DELETE ALL DATA

You have the right to request that we delete all data that we hold about you, and we must delete such data without undue delay. There are exceptions to this right, such as when keeping your data is required by law, is necessary to exercise the right of freedom of expression and information, is required for compliance with a legal obligation, or is necessary for the exercise or defense of legal claims. Such a request may result in a termination of your account with us and you may have limited or no use of our website or services.

EMAILS AND COMMUNICATIONS

You may opt out of receiving future email correspondence from us by checking the appropriate box when you book an appointment or make a purchase. You may change your communication settings by contacting us at meghan@blissfulbasics.com.

MARKETING COMMUNICATIONS

You may opt out of receiving any third-party marketing communications or having your personal information used for marketing purposes. You may do this by contacting us at meghan@blissfulbasics.com.

HIPAA DISCLAIMER

While we collect health-related information necessary for providing safe and effective esthetics services, we are not considered a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA) unless we bill health insurance for our services. However, we still maintain appropriate safeguards to protect the confidentiality and security of your health-related information and only use such information for the purpose of providing you with appropriate services.

CAN SPAM ACT

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to appointments
• Send additional information related to your services and products

To be in accordance with CANSPAM, we agree to the following:

• NOT use false or misleading subjects or email addresses
• Identify the message as an advertisement in some reasonable way
• Include the physical address of our business
• Monitor third-party email marketing services for compliance, if one is used
• Honor opt-out/unsubscribe requests quickly
• Allow users to unsubscribe by using the link at the bottom of each email

If at any time you would like to unsubscribe from receiving future emails, you can email us at meghan@blissfulbasics.com or follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.

CALIFORNIA PRIVACY RIGHTS

The State of California has established its own unique regulations that apply to California residents. As of its effective date of January 1, 2020, we are also compliant with the California Consumer Privacy Act Of 2018, Cal. Civ. Code §§ 1798.100 Et Seq. (CCPA).

Any California resident may request, free of charge, the personal information we have collected or stored about themselves or about a member of their household. For security purposes, we reserve the right to ask for verification of your identity and proof of your California residency at the time of your request.

We DO NOT sell your personal information. California residents can specifically request to opt-out of having their data sold by contacting us at the email provided in this policy.

We agree to comply with any data request or deletion made pursuant to the CCPA in a reasonable timeframe.

COPPA (CHILDREN ONLINE PRIVACY PROTECTION ACT)

We do not specifically market to children under 16 and do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will promptly delete such information from our systems.

FORCE MAJEURE

We will not be liable for any failure or delay in the performance of our obligations under this Privacy Policy, including for any failure to protect your information, to the extent that such failure or delay is caused by circumstances beyond our reasonable control, including but not limited to acts of God, natural disasters, terrorist acts, war or other hostilities, labor disputes, civil disturbances, governmental acts, orders or regulations, third-party data breaches beyond our control, general Internet outages, and the failure of equipment or software not within our direct control.

SEVERABILITY

If any provision of this Privacy Policy is found to be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from this Privacy Policy and shall not affect the validity and enforceability of any remaining provisions.

GOVERNING LAW

This Privacy Policy and any disputes related thereto shall be governed by and construed in accordance with the laws of the State of New Jersey, without regard to its conflict of law principles. You agree to submit to the personal jurisdiction of the federal and state courts located in Morris County, New Jersey for any actions related to this Privacy Policy.

INDEMNIFICATION

You agree to indemnify, defend, and hold harmless Blissful Basics LLC, its officers, directors, employees, agents, licensors, and service providers from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to your violation of this Privacy Policy or your use of any information obtained through our website or services.

LIMITATION OF LIABILITY

IN NO EVENT SHALL BLISSFUL BASICS LLC, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, THAT RESULT FROM THE USE OF, OR INABILITY TO USE, THE SERVICES OR ANY INFORMATION OBTAINED THROUGH OUR WEBSITE OR SERVICES.

IN NO EVENT SHALL OUR TOTAL LIABILITY TO YOU FOR ALL CLAIMS RELATED TO THIS PRIVACY POLICY OR OUR SERVICES EXCEED THE GREATER OF $100 OR THE AMOUNT YOU PAID US DURING THE ONE (1) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AROSE.

THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

CONTACT INFORMATION

If you have any questions about this Privacy Policy, please contact us at:

Email: meghan@blissfulbasics.com

Address: 9 Madison Street, Morristown, NJ

Last Updated: March 25, 2025