Legal

Privacy Policy

How we collect, use, and protect your information

Last updated May 3, 2026 Draft — pending attorney review

DRAFT — pending attorney review. This page provides a starter framework so the platform can launch with the URL Stripe and other integrations require. Replace this content with your finalized, attorney-reviewed policy before any sustained public marketing or paid advertising. Last updated: May 4, 2026.

1. Who we are

This Privacy Policy applies to the website, booking platform, and mobile experiences operated by Azzure Wellness, owned and operated by Sky Vista Consulting, LLC (Nevada) (referred to in this policy as "we," "us," or "the Company"). It governs information you provide when you book appointments, sign up for events, contact us, or otherwise interact with our digital properties under the Azzure Wellness brand.

If you have questions about this policy or your information, contact us at ak@skyvistaconsulting.com.

2. Information we collect

We collect the following categories of information directly from you:

  • Identity & contact information — your name, email address, phone number, and (where applicable) a billing address.
  • Booking information — the services you book, the staff you book with, the venue location, the date/time of your visit, and any notes you provide on your intake form.
  • Health & wellness intake responses — when a service requires it, we collect health-history responses you submit on the intake form. This information is treated as sensitive and stored encrypted at rest.
  • Payment information — credit-card and ACH details are tokenized and processed by Stripe. We do not store full card numbers on our servers.
  • Authentication information — if you create an account, we store your hashed password and (if enabled) a two-factor-authentication seed.
  • Communication preferences — your opt-in/opt-out status for SMS reminders, marketing email, and event invitations.
  • Device & usage data — IP address, browser type, pages visited, and approximate location (derived from IP), collected via standard server logs and cookies.

3. How we use your information

We use the information we collect to:

  • Schedule, confirm, modify, and remind you of your bookings
  • Send appointment confirmations, reminders, and check-in QR codes via email and SMS
  • Process payments, refunds, deposits, and gift-card balances
  • Send you information about events you have RSVP'd to
  • Provide customer support and respond to your inquiries
  • Maintain and improve the security, reliability, and quality of our services
  • Comply with legal obligations and respond to lawful requests
  • Send you marketing communications (only if you have opted in — you can opt out at any time)

4. Legal bases (for users in the EU/UK/EEA)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information under the following legal bases under the GDPR:

  • Performance of a contract — to deliver the booking, event, or membership service you have requested
  • Legitimate interest — to operate, secure, and improve our services
  • Consent — for optional marketing communications and any sensitive health information you provide
  • Legal obligation — to comply with tax, accounting, and regulatory requirements

5. Sharing your information

We share your information only in the following circumstances:

  • Service providers — payment processors (Stripe), SMS gateways (Twilio), email delivery (SendGrid), cloud hosting (AWS, Laravel Forge), and other vendors that help us operate. Each is bound by contract to use your information only on our instructions.
  • Your service provider / staff member — staff at the venue you book with see the information they need to deliver the service (your name, contact info, and intake responses for the booked service).
  • Legal compliance — where required by law, court order, or to protect our rights, your safety, or the safety of others.
  • Business transfers — if we sell, merge, or restructure the business, your information may transfer to the successor entity. You will be notified of any change in ownership.

We do not sell your personal information.

6. Data retention

We retain your information for as long as your account is active and for a reasonable period afterward to honor warranty/refund obligations, comply with tax law, and resolve disputes.

| Category | Retention period | |---|---| | Account & profile data | Active + 7 years (tax/audit) | | Booking records | 7 years (insurance + audit) | | Intake-form health responses | 7 years (or longer where state regulation requires) | | Marketing-communication logs | Until you opt out, then 30 days | | Server access logs | 90 days |

You can request earlier deletion in line with Section 8.

7. How we protect your information

We use industry-standard safeguards including:

  • TLS 1.2+ encryption on every page (HTTPS-only)
  • Encryption at rest for sensitive fields (intake responses, two-factor seeds, recovery codes)
  • Bcrypt password hashing
  • Daily off-site database snapshots with 30-day retention
  • Multi-factor authentication on every administrative account
  • Role-based access control on all internal tools
  • Continuous monitoring and quarterly security reviews

No system is perfectly secure, and no data transmission over the internet can be guaranteed 100% secure. If we become aware of a breach affecting your information, we will notify you in line with applicable law.

8. Your rights

You can:

  • Access the personal information we hold about you
  • Correct information that is inaccurate or out of date
  • Delete your account and associated personal information
  • Export a copy of your data in a portable format
  • Opt out of marketing communications at any time
  • Withdraw consent for any processing based on consent

To exercise any of these rights, email ak@skyvistaconsulting.com from the email address associated with your account. We will respond within 30 days.

If you are a California resident, you have additional rights under the CCPA / CPRA, including the right not to be discriminated against for exercising your privacy rights. If you are an EU/UK/EEA resident, you have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.

9. Children

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, contact us and we will delete it.

10. Cookies

We use a minimal set of cookies for:

  • Strictly necessary — session login state, CSRF protection
  • Functional — remembering your venue selection and preferences
  • Analytics — aggregate usage patterns (no individual tracking)

You can disable cookies in your browser, but parts of the booking experience may not work as expected.

11. International transfers

We are based in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States. By using our services you consent to this transfer.

12. Changes to this policy

We may update this policy from time to time. We will post the updated policy on this page with a revised "Last updated" date. Material changes will also be communicated by email to active accounts.

13. Contact

Questions, requests, or complaints? Reach out to:

Azzure Wellness (Azzure Wellness, owned and operated by Sky Vista Consulting, LLC (Nevada)) Email: ak@skyvistaconsulting.com

Privacy · Terms · Cancellation · Contact