SymetriHealth
← Back to Home

Privacy Policy

Last Updated: April 30, 2026

1. Introduction

SymetriHealth ("we", "our", or "us") provides a HIPAA-compliant platform for medical clinics to collect, process, and evaluate aesthetic patient intakes. This Privacy Policy explains how we handle your Protected Health Information (PHI) and personal data on behalf of your selected medical provider.

When you submit an evaluation through our platform, your primary relationship remains with your clinic. We act solely as a secure technology processor for them.

2. Information We Collect

We collect information strictly necessary for your clinic to evaluate you for aesthetic procedures, which may include:

  • Identifiers: Name, email address, phone number, and date of birth.
  • Health Information (PHI): Medical history, physical characteristics, and procedural goals.
  • Media: Photographs securely uploaded for AI analysis and clinical review.
  • Technical Data: IP address, browser type, and device information collected automatically for security and audit logging purposes.

3. How We Use Your Information

Your data is used exclusively to facilitate your evaluation with your chosen healthcare provider and to operate our platform securely. This includes:

  • Securely transmitting your data to your clinic.
  • Performing automated AI analysis on your photos to assist your provider.
  • Sending you transactional notifications about your evaluation (e.g., SMS or email).
  • Maintaining immutable audit logs of all PHI access for HIPAA compliance.

We do not use your data for advertising, sell it to third parties, or use it to train AI models beyond the scope of your evaluation.

4. SMS & Mobile Number Privacy (Twilio A2P 10DLC)

We highly value the privacy of your mobile number. By opting into SMS notifications during your intake, you consent to receive transactional updates regarding your evaluation status and secure report links on behalf of your selected clinic. This consent is collected via a dedicated, unchecked checkbox on the final step of our intake form and is never a condition of receiving our services.

No mobile information, including your phone number and SMS opt-in consent, will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

  • Program: SymetriHealth — Aesthetic Evaluation Status & Secure Report Delivery
  • Message Frequency: Varies based on your evaluation activity (typically 2–5 messages per evaluation).
  • Opt-Out: Reply STOP at any time to unsubscribe from all SMS communications.
  • Help: Reply HELP or contact us at [email protected]
  • Rates: Standard message and data rates may apply depending on your mobile carrier.

5. Data Security (HIPAA)

Our platform is designed with rigorous security standards to comply with the Health Insurance Portability and Accountability Act (HIPAA). Safeguards include:

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Patient photos are stored in private cloud storage and only accessible via signed URLs that expire within 15 minutes.
  • Automatic session timeout after 30 minutes of inactivity.
  • Role-based access control ensuring staff only access data relevant to their role.
  • Immutable audit logs recording every PHI access with timestamp, user, and IP address.

6. Data Retention

We retain your personal data and PHI for as long as your clinic maintains an active account on the SymetriHealth platform, or as required by applicable law and HIPAA regulations (generally a minimum of six years from the date of creation or last effective date, whichever is later).

Upon a clinic's account termination, patient data is securely deleted from our systems within 90 days, unless a longer retention period is required by law. Patient photos stored in cloud storage are deleted on the same schedule.

You may request deletion of your personal data by contacting your clinic directly. Requests that conflict with HIPAA retention requirements may not be fulfilled.

7. Third-Party Service Providers

We use a limited number of trusted third-party providers to operate our platform. All providers are bound by HIPAA Business Associate Agreements (BAAs) where applicable:

  • Amazon Web Services (AWS): Cloud infrastructure, photo storage, and AI image analysis.
  • Twilio: SMS transactional notifications.
  • Stripe: Payment processing for clinic subscriptions (no patient payment data is processed).

8. Your Rights

Depending on your location, you may have the right to access, correct, or request deletion of your personal data. To exercise any of these rights, please contact your clinic directly, as they are the covered entity responsible for your PHI. For platform-level inquiries, contact us at the address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered clinic accounts of material changes via email. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

10. Contact Us

For questions about how your data is handled at the platform level, or to submit a data request, contact our Privacy team:

SymetriHealth — Privacy Team

Email: [email protected]

For questions about your medical data specifically, please contact your healthcare provider directly.

Terms of Service · © 2026 SymetriHealth. All rights reserved.