How do I prepare for a Peel Treatment?

Start by preparing your skin. We recommend our Barrier Repair Bundle to properly hydrate you skin before a peel. This prevent the peel from penetrating too deep into the skin, causing unnecessary downtime. For darker skin tones, using L-Mandelic Serum and C2 Serum for 4 weeks prior to the peel is a must. These two serums help prevent hyper and hypo pigmentation after the peel and unnecessary downtime.

Privacy Policy

Effective Date: March 19, 2026 | Last Updated: March 19, 2026

This Privacy Policy explains how AA Skin Care ("we," "us," or "our") collects, uses, discloses, and protects the personal information of users ("you") who visit www.aa-skin.com, purchase our skincare products, or engage our in-person or virtual skincare services. This Policy is designed to comply with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) any other applicable U.S. federal privacy law.

1. Scope of This Policy

This Policy applies to all personal information collected through our Website, e-commerce store, appointment booking system, in-person treatments, virtual consultations, email communications, and marketing activities. It does not apply to third-party websites linked from our Website, which are governed by their own privacy policies.

2. Categories of Personal Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information:

Identifiers: Name, email address, phone number, mailing address, billing address, IP address, and account username.

Purchase and Transaction Records: Order history, products purchased, payment method type (not full card numbers), and transaction identifiers.

Appointment and Service Data: Appointment dates and times, service type, notes provided before or during consultations, and consultation records.

Skin Care and Health Information: Skin type, skin concerns, known allergies, sensitivities, and health information voluntarily disclosed for the purpose of receiving personalized skincare services or recommendations.

Communications: Emails, messages, and other correspondence you send to us.

Device and Usage Data: Browser type and version, operating system, pages visited, time and date of visits, referring URLs, and other diagnostic information collected via cookies and similar technologies.

Marketing Preferences: Opt-in or opt-out status for promotional emails, SMS, and other communications.

3. How We Collect Personal Information

Directly from you when you create an account, place an order, book an appointment, submit a form, or contact us.
Automatically through cookies, web beacons, and similar tracking technologies when you browse the Website (see our Cookie Policy).
From third-party payment processors when you complete a transaction.
From booking and scheduling software used to manage appointments.
From third-party analytics platforms that help us understand Website performance and user behavior.

4. Purposes for Which We Use Your Information

We collect and use your personal information solely for legitimate business purposes, including:

Processing and fulfilling product orders, including payment, packing, and shipping.
Scheduling, confirming, and managing in-person and virtual service appointments.
Providing personalized skincare product recommendations and consultation services.
Communicating with you about your orders, appointments, and customer service inquiries.
Sending promotional emails, newsletters, and marketing communications (where you have opted in).
Improving our Website, products, and services through analytics and user feedback.
Detecting, preventing, and responding to fraud, security incidents, and abuse.
Complying with applicable legal obligations, including tax, consumer protection, and privacy law.
Enforcing our Terms and Conditions and other policies.

5. Sensitive Personal Information

Skin and health information you voluntarily share with us (such as skin conditions, allergies, and sensitivities) may constitute 'sensitive personal information' under the CPRA. We collect and use such information solely to provide you with appropriate skincare services and product recommendations. We do not sell sensitive personal information, and you have the right to limit our use of it. See Section 14 for how to exercise this right.

6. Data Sharing and Disclosure

AA Skin Care does not sell your personal information. We may share personal information with:

Service Providers: Trusted third parties who assist us in operating the Website and delivering our services, including payment processors, shipping carriers, email marketing platforms, and appointment scheduling software. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal and Regulatory Authorities: Where required by applicable law, court order, or to protect the rights, property, or safety of AA Skin Care, our clients, or the public.

Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity, which will be bound to honor this Privacy Policy or provide comparable protections.

We do not share your personal information with unaffiliated third parties for their own marketing purposes.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on the Website, remember your preferences, analyze traffic, and support marketing activities. Please review our Cookie Policy for a full explanation of the types of cookies we use, their purposes, and how to manage your preferences.

8. Email and Marketing Communications

If you opt in to receive marketing emails or SMS messages from AA Skin Care, we will use your contact information to send you skincare tips, product announcements, promotions, and other content we believe may interest you. You may withdraw your consent at any time by clicking the 'Unsubscribe' link in any marketing email or by emailing us at privacy@aa-skin.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Transactional communications (such as order confirmations and appointment reminders) are not affected by marketing opt-out preferences.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods include:

Order and transaction records: Retained for at least 7 years in accordance with California tax and accounting requirements.
Appointment and service records: Retained for 3 years following the last appointment, or longer where required by law.
Marketing communications data: Retained until you withdraw consent or request deletion.
Account information: Retained for the duration of the account relationship and for a reasonable period following account closure.

When data is no longer required, we securely delete or anonymize it.

10. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include SSL/TLS encryption for data in transit, access controls limiting employee access to personal data on a need-to-know basis, and secure payment processing through PCI-DSS-compliant payment processors.

While we work hard to protect your information, no method of data transmission or storage is 100% secure. In the event of a data breach that triggers notification obligations under California law, we will notify affected individuals and relevant authorities as required.

11. Children's Privacy

Our Website and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. Under the CPRA, personal information of individuals under the age of 16 is treated as sensitive personal information and is subject to additional protections. If we discover that we have collected information from a minor without verifiable parental consent, we will delete it promptly.

12. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA effective January 1, 2023:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for which it is used, and the categories of third parties with whom it is shared.

Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law (e.g., information needed to complete a transaction you initiated, comply with a legal obligation, or detect security incidents).

Right to Correct: You may request that we correct inaccurate personal information we hold about you.

Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. If this practice changes, we will provide a 'Do Not Sell or Share My Personal Information' link as required.

Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use of your sensitive personal information (including skin and health data) to the purposes for which it was disclosed.

Right to Non-Discrimination: We will not deny you goods or services, charge different prices, or provide a different level of quality for exercising your CCPA/CPRA rights.

13. How to Submit a Privacy Rights Request

To submit a request to know, delete, correct, or limit use of your personal information, please contact us by:

Email: privacy@aa-skin.com with the subject line 'CCPA Privacy Request'
Website contact form: www.aa-skin.com

We will verify your identity before processing your request, typically by confirming information associated with your account or previous purchase. We will respond to verifiable requests within 45 days. Where necessary, we may extend this period by an additional 45 days with prior notice. We will not charge a fee for requests unless they are excessive, repetitive, or manifestly unfounded.

14. Do-Not-Track and Global Privacy Control

Some browsers support 'Do Not Track' (DNT) signals. As of the effective date of this Policy, our Website does not respond to DNT signals. However, we do honor the Global Privacy Control (GPC) signal as required under California law, which signals your opt-out preference from the sale or sharing of personal information.

15. Third-Party Platforms and Social Media

Our Website may integrate with or link to third-party platforms such as Instagram, Facebook, and others. If you interact with us via these platforms, your data is subject to those platforms' respective privacy policies, which we encourage you to review. We are not responsible for the privacy practices of third-party social media platforms.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we offer. The 'Last Updated' date at the top of this Policy will indicate when the most recent changes were made. Material changes will be communicated by email to registered account holders. Your continued use of the Website after the effective date of any change constitutes acceptance of the updated Policy.

17. California Shine the Light Law

California Civil Code § 1798.83 ('Shine the Light' law) permits California residents to request certain information about the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

18. Cross-State Privacy Rights

While this Policy is specifically designed to comply with California privacy law, customers located in other U.S. states may have additional or different rights under their state's privacy statutes. We will make reasonable efforts to accommodate requests from customers in states with operative consumer privacy laws. Contact us at privacy@aa-skin.com for assistance.

18A. UK and EU Data Protection (GDPR / UK GDPR)

If you are located in the United Kingdom or European Economic Area, the following additional provisions apply to the processing of your personal information.

Legal Basis for Processing. We process your personal information on the following lawful bases: (a) performance of a contract, where processing is necessary to fulfil your order or provide our services; (b) compliance with a legal obligation; (c) our legitimate interests, including fraud prevention, security, and improving our services, where these are not overridden by your rights; and (d) your consent, where you have opted in to marketing communications or voluntarily provided sensitive personal information.

Your Rights. In addition to the rights described in Section 12, you have the right to: (a) access your personal data and receive a copy of it; (b) rectify inaccurate or incomplete data; (c) erasure ("right to be forgotten") where continued processing is no longer justified; (d) restrict processing in certain circumstances; (e) data portability, where processing is based on consent or contract and carried out by automated means; (f) object to processing based on legitimate interests; and (g) withdraw consent at any time without affecting the lawfulness of prior processing.

International Transfers. Where we transfer your personal data outside the UK or EEA, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant authority or another lawful transfer mechanism.

Data Controller. AA Skin Care acts as the data controller in respect of personal information collected from UK and EEA users. Contact us at melissa@aa-skin.com for any data protection enquiries.

Complaints. You have the right to lodge a complaint with your local supervisory authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your national data protection authority.

19. Authorized Agents

California residents may designate an authorized agent to submit CCPA/CPRA requests on their behalf. To do so, the agent must provide written authorization signed by you, or you must provide written permission directly to us. We may require verification of the agent's identity and authority before processing the request.

20. Contact — Privacy Inquiries

For all privacy-related questions, requests, or concerns, please contact us:

Privacy Contact Email: melissa@aa-skin.com

General Email: melissa@aa-skin.com

Website: www.aa-skin.com

Address: Acne & Aging Skin Care, 638 San Juan Ave, Santa Cruz, California, United States

Privacy Policy

Frequently asked questions

How do I prepare for a Peel Treatment?