Privacy Policy

Last updated: March 30, 2026

Henny Lash ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

We collect information in the following ways:

a. Contact Form Submissions

When you submit our contact form, we collect your name, email address, and message content. We also record your IP address for security and rate-limiting purposes.

b. Email Communications

When you email us at [email protected], we retain the content of your messages, your email address, and any information you voluntarily include in your correspondence.

c. Digital Waiver

When you sign our service waiver, we collect your full legal name, email address (optional), digital signature, IP address, browser information, and your photo consent preference. The waiver also involves your voluntary disclosure of health-related information (allergies, sensitivities, medical conditions) relevant to the eyelash extension procedure. We treat all health-related disclosures as sensitive personal information.

d. Appointment & Service Records

We maintain records of services performed, including appointment dates, service types, and any relevant notes for continuity of care between appointments.

e. Photographs

With your explicit opt-in consent (provided separately in the service waiver), we may photograph your lash results. Photographs are never taken without your knowledge and permission.

f. Website Analytics

We use Umami, a privacy-focused, open-source analytics tool hosted on our own infrastructure. Umami does not use cookies, does not collect personal data, does not track individual users across sessions, and is fully compliant with GDPR, CCPA, and PECR. The only data collected is anonymous aggregate information such as page views, referral sources, browser type, and device type. No personally identifiable information is collected through analytics.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Respond to inquiries: Contact form and email submissions are used solely to respond to your questions about our services and to schedule appointments.
  • Provide services: Health disclosures and service records are used to provide safe and appropriate eyelash extension services tailored to your needs.
  • Legal compliance: Signed waivers are retained as legal records of informed consent.
  • Marketing (opt-in only): If you consented to photo use in the waiver, we may use photographs of your lash results on our website, social media, or marketing materials. No identifying information (name, face) is shared without your separate written consent.
  • Improve our website: Anonymous analytics data helps us understand which pages are visited and how visitors find our site.

3. Information We Do NOT Collect

  • We do not use tracking cookies or third-party advertising trackers.
  • We do not collect financial information (payments are handled in person).
  • We do not purchase data from third-party data brokers.
  • We do not build behavioral profiles or engage in cross-site tracking.
  • We do not use your data for automated decision-making or profiling.

4. Information Sharing & Disclosure

We do not sell, rent, trade, or share your personal information with third parties for their marketing purposes. We may disclose information only in the following limited circumstances:

  • Legal requirements: If required by law, court order, or legal process.
  • Safety: To protect the rights, safety, or property of Henny Lash, our clients, or others.
  • With your consent: If you explicitly authorize us to share specific information.

5. Data Storage & Security

Your information is stored on secure, privately hosted servers that we own and operate. We do not use third-party cloud storage services for client data. Specific security measures include:

  • All data is transmitted over encrypted connections (HTTPS/TLS).
  • Access to client records is restricted to authorized personnel only, protected by authentication.
  • Digital waiver signatures are stored with tamper-evident metadata (IP address, timestamp, browser fingerprint).
  • Our servers are maintained with regular security updates.

6. Data Retention

We retain your information for the following periods:

  • Contact form messages: Retained until the inquiry is resolved, then archived for up to 12 months for business records.
  • Signed waivers: Retained for a minimum of 4 years from the date of last service, as required for legal liability purposes under California's statute of limitations.
  • Service records: Retained for the duration of the client relationship and up to 4 years after the last appointment.
  • Photographs: Retained indefinitely unless you withdraw consent, at which point they will be removed within 30 days.
  • Analytics data: Aggregated, anonymous data is retained for up to 90 days.

7. Your Rights Under California Law (CCPA/CPRA)

As a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request a copy of the personal information we hold about you.
  • Right to Delete: You may request deletion of your personal information, subject to legal retention requirements (e.g., signed waivers during the retention period).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale: We do not sell your personal information. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
  • Right to Limit Use of Sensitive Information: Health information disclosed in the waiver is used solely for providing safe eyelash extension services and is never used for any other purpose.

To exercise any of these rights, contact us using the information in Section 11 below. We will respond to verified requests within 45 days.

8. Health Information

Health-related information you disclose through our service waiver (allergies, sensitivities, medical conditions, medications) is treated as sensitive personal information. This information is:

  • Used exclusively to provide safe eyelash extension services.
  • Accessible only to your artist (Hengameh Arabmashaee or Thi Hong Van Bui).
  • Never shared with third parties except as required by law.
  • Never used for marketing, profiling, or any purpose unrelated to your service.

While Henny Lash is not a healthcare provider and is not subject to HIPAA, we voluntarily apply heightened protections to health-related disclosures as a matter of professional responsibility.

9. Children's Privacy

Our services are intended for individuals 18 years of age and older. Clients under 18 may receive services with a parent or legal guardian present who provides written consent. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Continued use of our website or services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy, wish to exercise your rights, or need to report a privacy concern, please contact us: