MedSpa Recruiting ("Company," "we," "us," or "our") operates a recruiting technology platform that connects medical aesthetics professionals with employment opportunities at medical spas and aesthetic clinics. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform at medsparecruiting.com and our separate white-label job board at jobs.medsparecruiting.com.

A. Personal Information

We collect the following categories of personal information:

• Account Information: Name, email address, phone number, password
• Professional Information: Resume, work experience, professional licenses and certifications, specializations, salary expectations, willingness to relocate
• Employer Information: Company name, location, company size, PE-backing status, job postings
• Communication Data: Messages exchanged through our platform
• Payment Information: Billing information processed through Stripe (we do not store full credit card numbers)

B. Automatically Collected Information

• IP address and approximate geographic location
• Browser type and version
• Device identifiers
• Pages visited and time spent
• Referring URLs
• Cookie data (see our Cookie Policy)

C. Information from Third Parties

• Information from professional licensing boards to verify credentials
• Background check information (with your consent)
• Information from referral partners

We use your personal information to:

• Provide and improve our matching services
• Connect qualified candidates with appropriate employers
• Process payments and manage subscriptions
• Send transactional emails (account confirmations, match notifications)
• Send marketing communications (with your consent)
• Comply with legal obligations
• Detect and prevent fraud
• Analyze platform performance and user behavior
• Improve our AI matching algorithm

We use aggregated, anonymized data to improve our matching algorithms. We do not sell individual personal data for AI training purposes. You may opt out of having your anonymized data used for algorithm improvement by contacting us at [email protected].

We share your information in the following circumstances:

• With Employers: Candidate profiles are shared with employers only when a match is made and you have consented
• With Candidates: Employer job postings and company information are shared with matched candidates
• Service Providers: We share data with vendors who help operate our platform (Supabase, Stripe, Brevo, Google Analytics)
• Legal Requirements: We may disclose data when required by law or legal process
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit consent

We do not sell your personal information to third parties for marketing purposes.

If you opt in to SMS communications, we will send you:

• Candidate match notifications
• Platform updates and announcements
• Account security alerts

Message frequency varies. Standard message and data rates may apply. Reply STOP to opt out at any time. Reply HELP for help. For more information, contact [email protected].

We send two types of email communications:

• Transactional Emails: Required for account security and service delivery. You cannot opt out of these while maintaining an account.
• Marketing Emails: Promotional updates, hiring insights, and platform features. You may opt out at any time via the unsubscribe link or by contacting [email protected].

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a portable format
• Objection: Object to processing of your data for marketing purposes
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

California Residents (CCPA): You have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

EU/UK Residents (GDPR/UK GDPR): You have additional rights including the right to lodge a complaint with your local data protection authority.

We implement appropriate technical and organizational security measures including:

• Encryption of data in transit (TLS) and at rest
• Row-level security on our database
• Regular security audits
• Access controls and authentication requirements
• Employee training on data protection

No security system is impenetrable. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

We retain personal data as follows:

• Active Accounts: For the duration of your account plus 3 years
• Inactive Accounts: Deleted after 2 years of inactivity (with advance notice)
• Payment Records: 7 years for tax and financial compliance
• Consent Records: 5 years from last interaction
• Job Applications: 2 years from application date
• Audit Logs: 3 years

Our platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us at [email protected].

If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) as the lawful transfer mechanism for these transfers.

Our legal basis for processing EU/UK personal data includes:

• Performance of a contract (providing our services)
• Legitimate interests (improving our platform, fraud prevention)
• Consent (marketing communications)
• Legal obligation (tax and financial records)

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy Team: [email protected]
• Compliance: [email protected]
• General: [email protected]
• Mail: 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801