top of page

PRIVACY POLICY

WHO WE ARE

  • Ethereal Studio (the “Company,” “we,” “us,” or “our”) provides permanent makeup services, training, and related products.

  • Business address: 6622 Mission Gorge Rd, San Diego, CA 92120, USA

  • Websites and pages covered by this Policy:

  • https://ethereal-studio.com

  • our booking pages, landing pages, and social profiles that link to this Policy

  • Contact: etherealstudiosd@gmail.com

SCOPE

  • This Policy applies to personal information we collect online and offline, including through our websites, booking and intake forms, online courses, messaging apps (e.g., WhatsApp Business, SMS, Instagram DMs), and in‑studio visits. This Policy does not cover third‑party websites or services that do not link to it.

INFORMATION WE COLLECT

The categories of personal information we may collect include:

  • Identifiers & contact details – name, email, phone number, postal address, social media handle, government ID (if required for payment, fraud prevention, or age verification).

  • Customer records – appointment history, service preferences, photos/videos you share with us (e.g., references), consultation notes, consent forms.

  • Sensitive information (as defined by some laws) – disclosures related to health/medical history relevant to service suitability (e.g., medications, allergies, skin conditions, pregnancy/nursing). We only collect what is necessary to assess eligibility and perform services safely.

  • Payment information – payment card details processed by our third‑party processors (e.g., Stripe, Square). We do not store full card numbers.

  • User‑generated content – reviews, testimonials, survey responses, messages you send us, and course submissions (for students).

  • Training & education data – enrollment details, progress, quiz results, certificates for our courses.

  • Device/usage data – IP address, cookie identifiers, pages viewed, referring/exit pages, approximate location, and interactions with our sites or emails (collected via cookies, pixels, and similar technologies).

  • Photo & media – before/after images with your consent; we will always ask before using your images for marketing/portfolio purposes.

  • We collect this information directly from you, automatically via your device, and from third parties such as booking platforms, payment processors, marketing/analytics providers, social networks, and referral partners.

Last updated: August 14, 2025

Thank you for choosing Ethereal Studio. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what we collect, why we collect it, how we use and share it, and the rights and choices you have.

Quick summary

  • We collect information you give us (like contact details, intake/consent forms, medical disclosures for service suitability), information we get automatically (like device/cookie data), and information from third parties (like payment processors or booking partners).

  • We use the data to provide services, process payments, book appointments, comply with law, improve our business, and—with your consent—send marketing.

  • We may “share” data for cross‑context behavioral advertising (e.g., via analytics/ads cookies). You can opt out using the links below.

  • California and EU/UK residents have specific rights described below.

HOW WE USE PERSONAL INFORMATION

We use personal information to:

  • Provide and improve services – schedule and manage appointments, perform services, provide aftercare guidance, manage courses and certifications, and maintain safety and sanitation.

  • Process transactions – manage bookings, payments, refunds, and fraud prevention.

  • Communicate with you – respond to inquiries, send confirmations, reminders, updates, support messages, and marketing (where permitted/with consent).

  • Personalize and measure – understand usage of our sites and emails, improve content and features, and measure the effectiveness of ads and campaigns.

  • Comply with law – meet tax, accounting, reporting, and legal obligations; respond to lawful requests and enforce our terms.

  • With consent – any other purpose you consent to at the time of collection (e.g., showcasing before/after photos).

Legal bases for EEA/UK/Swiss users. Where applicable, we process personal data under: (i) contract, to provide services/courses; (ii) legitimate interests, to secure and improve our services and market to existing customers; (iii) consent, for certain marketing, cookies, and any processing of sensitive data; and (iv) legal obligation.

COOKIES AND TRACKING

We and our partners use cookies and similar technologies for essential site functions, analytics, and advertising. You can control cookies via your browser settings and (where available) our cookie banner/preferences tool. Disabling certain cookies may impact site functionality.

  • Analytics/ads partners may include Google Analytics, Google Ads, Meta (Facebook/Instagram), and Thinkific analytics. See their policies for details.

  • Cross‑context behavioral advertising (California): Our use of analytics/ads cookies may be considered “sharing” personal information under California law. See Your privacy rights below to opt out.

HOW WE SHARE INFORMATION

We do not sell personal information for money. We may share personal information with:

  • Service providers/Processors – e.g., booking and forms providers (such as Wix/GlossGenius/Acuity), payment processors (Stripe/Square/PayPal), email/SMS and messaging tools (e.g., Mailchimp, WhatsApp Business), learning platforms (Thinkific), cloud hosting, analytics, and ad platforms.

  • Business partners – only as needed to fulfill a service you request (e.g., co‑hosted events or giveaways you enter).

  • Legal and safety – to comply with law, enforce our terms, protect rights, property, and safety of us, our clients, or others.

  • Business transfers – in connection with a merger, acquisition, or sale of assets.

We require service providers to use personal information only as instructed and to protect it appropriately.

YOUR PRIVACY RIGHTS AND CHOICES

Your rights depend on your location and applicable law. They may include:

  • Access/Portability – request a copy of your information.

  • Correction – request we correct inaccurate information.

  • Deletion – request we delete information, subject to legal exceptions.

  • Opt‑out of marketing – unsubscribe from promotional emails/SMS at any time. Transactional messages will still be sent.

  • Opt‑out of “sale”/“sharing” (California) – opt out of cross‑context behavioral advertising by using our cookie controls and the link below.

  • Limit use of sensitive personal information (California) – we only use sensitive data to deliver requested services and ensure safety; you may request additional limits using the link below.

  • Withdraw consent (EEA/UK/Swiss) – where processing is based on consent.

DATA RETENTION

We keep personal information for as long as needed for the purposes described above, including to comply with legal, accounting, or reporting requirements, resolve disputes, and enforce our agreements. Typical retention periods may include:

  • Client records & consent forms: 3–7 years (or longer if required by local law).

  • Booking and transaction data: 3–7 years for tax/accounting.

  • Course records/certificates: retained while your account is active and as needed for accreditation or proof of completion.
    We will delete or anonymize data when no longer needed, subject to legal holds.

DATA SECURITY

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

INTERNATIONAL DATA TRANSFER

If you access our services from outside the United States, your information may be processed in the U.S. and other countries with different data protection laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross‑border transfers.

CHILDRENS PRIVACY

Our services are intended for adults and are not directed to children under 18 (or the age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us to request deletion. We also generally do not provide services to minors; age restrictions may apply.

BEFORE/AFTER IMAGES AND TESTIMONIALS

With your consent, we may capture/service photos or accept photos you send to us. We will not publish or use identifiable images/testimonials for marketing without your explicit permission, which you may withdraw at any time.

MESSAGING APPS AND SOCIAL MEDIA

If you contact us via WhatsApp Business, Instagram, Facebook, SMS, or similar channels, your messages and phone number/handle may be processed by those platforms under their own policies. Please review their privacy terms. Avoid sharing highly sensitive information over these channels.

THIRD PARTY LINKS

Our websites and pages may link to third‑party sites or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

CHANGES TO THIS POLICY

We may update this Policy from time to time. The “Last updated” date will reflect the latest version. Material changes will be communicated as required by law (e.g., by posting a notice on our sites).

CONTACT US

If you have questions, concerns, or requests regarding this Policy or our privacy practices, contact:

Ethereal Studio
Attn: Privacy
6622 Mission Gorge Rd, San Diego, CA 92120, USA
Email: Etheralstudiosd@gmail.com

CALIFORNIA PRIVACY NOTICE (CPRA)

This section applies to residents of California and supplements the information above. It describes our collection, use, and sharing of “personal information” and “sensitive personal information” as defined by the CPRA.

  • Categories collected: identifiers; customer records; commercial information (bookings, purchases); internet/electronic activity; geolocation (coarse); audio/visual (photos with consent); inferences (preferences); sensitive information (health disclosures relevant to service suitability).

  • Sources: directly from you; devices; service providers; partners; social networks.

  • Purposes: as described in How we use personal information above.

  • Retention: as described in Data retention above.

  • Disclosure for business purposes: to service providers (e.g., booking, payments, messaging, analytics, hosting).

  • “Selling”/“Sharing”: We do not sell personal information for money. We may “share” personal information for cross‑context behavioral advertising through analytics/ads cookies. You can opt out via our Do Not Sell or Share link and cookie controls.

  • Sensitive personal information: used only as reasonably necessary to provide services and ensure safety; we do not use it to infer characteristics. You may request limits using the Limit the Use of My Sensitive Personal Information link.

  • Your CPRA rights: to know, access, correct, delete, opt‑out of selling/sharing, and limit sensitive information use; freedom from discrimination for exercising rights.

How to exercise rights: Use the methods in Your privacy rights and choices above. We will verify your request as required.

EEA/UK/SWISS PRIVACY NOTICE (GDPR)

If you are located in the EEA/UK/Switzerland, you have the rights to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with your local supervisory authority. Where processing is based on consent, you may withdraw consent at any time. Our lawful bases are listed above. International transfers occur to the U.S. and other countries with appropriate safeguards (e.g., SCCs). To contact our EU/UK representative or DPO (if appointed), email [dpo or privacy email].

bottom of page