Privacy Policy

Our Commitment to Your Privacy

At Lustra Skin ("Company," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website lustraskin.com, use our services, or purchase our exosome skincare products. Please read this policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when registering, making purchases, or contacting us:

• Identity Information: Full name, professional credentials, and National Provider Identifier (NPI) for healthcare provider verification
• Contact Information: Email address, phone number, billing address, and shipping address
• Payment Information: Credit card details, bank account information for ACH payments (processed securely through Stripe)
• Verification Documents: Government-issued identification for identity verification through our KYC process
• Professional Information: Medical specialty, practice location, and professional affiliations
• Communications: Records of correspondence when you contact our customer service

Information Collected Automatically

When you access our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
• Location Data: General geographic location based on IP address
• Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies

How We Use Your Information

We use the collected information for the following purposes:

• Order Processing: To process transactions, fulfill orders, and arrange shipping via cold chain logistics
• Provider Verification: To verify your status as a licensed healthcare provider through NPI registry lookup and identity verification
• Account Management: To create and manage your account, maintain your preferences, and provide customer support
• Communication: To send order confirmations, shipping updates, and respond to inquiries
• Marketing: With your consent, to send promotional materials, newsletters, and product updates
• Compliance: To comply with legal obligations, including healthcare regulations and tax requirements
• Security: To detect, prevent, and address fraud, unauthorized access, and other illegal activities
• Improvement: To analyze usage patterns and improve our website, products, and services

Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you for product purchases
• Legal Compliance: Processing required to comply with healthcare regulations and provider verification requirements
• Legitimate Interests: Processing for fraud prevention, security, and service improvement
• Consent: Processing based on your explicit consent for marketing communications

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information with:

• Service Providers: Third-party vendors who assist with payment processing (Stripe), identity verification (Didit), authentication (Clerk), shipping, and email services
• Verification Services: NPI registry (NPPES) for healthcare provider verification
• Legal Requirements: Government authorities when required by law, court order, or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
• With Your Consent: Other parties when you have given explicit permission

Data Security

We implement comprehensive security measures to protect your information:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• PCI-DSS compliant payment processing through Stripe
• Secure identity verification through certified KYC providers
• Regular security assessments and vulnerability testing
• Access controls limiting employee access to personal information
• Secure data storage with encryption at rest

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Provider verification records are retained as required by healthcare regulations. You may request deletion of your data subject to legal retention requirements.

Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request transfer of your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis
• Restriction: Request restriction of processing under certain circumstances
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at info@lustra-skin.com. We will respond within 30 days.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising CCPA rights

Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality like authentication and shopping cart
• Analytics Cookies: Understand how visitors interact with our website
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

Children's Privacy

Our services are intended for licensed healthcare professionals and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection laws.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries or to exercise your privacy rights, please email us with "Privacy Request" in the subject line.