Privacy Policy

We only collect what we genuinely need to care for you well. Depending on how you interact with us, that may include:

• Contact information — name, email address, phone number, and mailing or service address you provide through our forms, booking tool, or direct correspondence.
• Booking details — requested dates, services, suite preferences, arrival and departure information, and any special requests you share while reserving.
• Self-disclosed medical and surgical background — information you voluntarily share about your procedure, surgeon, allergies, medications, or relevant health history, along with any surgical clearance documents you choose to upload.
• Payment information — credit card and payment details are entered directly into our third-party processors and are never stored on our servers. We retain only a transaction reference and the last four digits of the card for reconciliation.
• Site analytics and technical data — browser type, device, operating system, referring URL, pages viewed, approximate city-level location, and interaction events, gathered through cookies and analytics tags.
• Communications — messages you send us via email, text, contact forms, or direct messages on social platforms, along with our replies.

We use the information we collect for a short, specific list of purposes:

• Fulfilling your service — scheduling your suite or session, assigning the right therapist, preparing your space, and coordinating transport, meals, and add-ons.
• Communicating with you — confirmations, intake instructions, reminders, aftercare check-ins, and responses to questions or concerns.
• Improving the care we deliver — understanding which pages and services clients find most helpful, refining our intake questions, and training our team on patterns we see across recoveries.
• Marketing, only if you’ve opted in — sending newsletters, promotions, or brand updates to clients who have explicitly subscribed.
• Legal compliance and protection — meeting tax, licensing, and record-keeping obligations, responding to lawful requests, and protecting our clients, staff, and business from fraud or harm.

We do not sell your personal information. We do not share it with third parties for their own marketing.

Bodied in MIA is a hospitality and wellness provider, not a medical clinic. For most of our services we are not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA). Even so, we treat every piece of health information you share with us as sensitive and handle it under best-practice standards drawn from the healthcare industry.

When you upload surgical clearance, share a procedure date, disclose medications, or describe a condition on our intake:

• Access is limited to the specific team members preparing your stay or providing your session.
• Clearance documents are stored in encrypted, access- controlled systems and are never posted publicly or shared on social media.
• We do not contact your surgeon or physician without your explicit, written permission unless an emergency requires immediate coordination of care.
• You can request deletion of your health disclosures at any time after your service is complete, subject to the retention rules in Section 7.

Our website uses cookies and similar technologies to help pages load correctly, remember your preferences, and understand how visitors use the site. We group them into two categories:

• Necessary cookies — required for core functionality such as loading pages securely, maintaining your booking session, and remembering accessibility preferences. These cannot be disabled without breaking parts of the site.
• Optional analytics cookies — tools like Google Analytics that help us see aggregate traffic patterns, popular pages, and where visitors come from. These are not used to identify you personally.

You can opt out of analytics tracking at any time using the Google Analytics opt-out browser add-on, your browser’s “Do Not Track” setting, or by clearing cookies in your browser preferences.

We work with a small, vetted set of service providers. Each operates under its own privacy policy and its own security practices. When you use our site or book with us, your data may flow through:

• Snipcart — powers our online shop and processes retail orders. Snipcart privacy policy.
• Acuity Scheduling — handles appointment booking, intake forms, and calendar availability. Acuity / Squarespace privacy policy.
• n8n — automates routing of form submissions and internal notifications between our tools. n8n privacy policy.
• Google Analytics — provides aggregate website traffic data. Google privacy policy.
• Cloudflare & our hosting provider — deliver the site quickly and securely, and handle DDoS protection and edge caching. Cloudflare privacy policy.
• Payment processors — Stripe, Square, and PayPal handle card data directly; we never see or store full card numbers. Each has its own robust privacy and PCI-compliance program.

We keep information only as long as it serves a legitimate purpose or meets a legal requirement:

• Client records — intake forms, clearance documents, service notes, and transaction records are retained for seven (7) years, consistent with Florida record-keeping standards for wellness and hospitality providers.
• Marketing data — email subscribers, preferences, and engagement history are retained until you unsubscribe or ask to be removed, at which point your record is deleted from our active lists.
• Analytics data — aggregate traffic data is retained in Google Analytics according to a 14-month rolling window.

When the retention period ends, records are securely deleted or irreversibly anonymized.

You are in control of your information. At any time, you may request to:

• Access the information we hold about you.
• Correct any information that is inaccurate or out of date.
• Delete your personal information, subject to records we are legally required to retain.
• Opt out of marketing communications at any time by using the unsubscribe link in any email or by writing to us directly.
• Withdraw consent for any optional use of your data, including photo releases and testimonials.

To exercise any of these rights, email privacy@bodiedinmia.com or use our contact form. We respond to every verified request within thirty (30) days.

We take the security of your information seriously and maintain administrative, technical, and physical safeguards proportionate to the sensitivity of the data we hold:

• Encryption — data is encrypted in transit using HTTPS/TLS and at rest within our vendors’ managed storage.
• Access controls — employee and contractor access is granted on a need-to-know basis, protected by strong passwords and multi-factor authentication.
• Vendor review — we work only with providers that publish recognized security practices and honor industry privacy standards.
• Breach notification — in the unlikely event of a data incident that affects your personal information, we will notify you without undue delay and in accordance with Florida’s data breach notification laws.

No system can be guaranteed perfectly secure, but we work continually to meet and exceed current best practice.

Bodied in MIA is an adult-only service. Our website, booking tools, and services are intended for clients aged eighteen (18) and older. We do not knowingly collect personal information from minors.

If you believe a child has submitted information to us, please contact us immediately and we will delete the record.

Our business is operated from the State of Florida, United States. If you visit our website or book our services from outside the United States, your information will be transferred to, processed, and stored on servers located in the U.S. and in the cloud regions used by our vendors.

By using our site or services from outside the United States, you consent to this transfer and to the application of U.S. and Florida privacy laws to your information.

We may update this Privacy Policy from time to time to reflect new services, new tools, new legal requirements, or refinements to how we operate. The current version will always live at this URL with an updated “Last updated” date at the top.

When changes are material — for example, if we begin using a new category of data or a new processor — we will notify active clients directly. Continued use of our site or services after a change constitutes acceptance of the updated policy.

Privacy questions, data requests, and concerns can be directed to our team. We respond within one business day and resolve every verified request within thirty (30) days.

• Email: privacy@bodiedinmia.com
• Contact form: bodiedinmia.com/contact
• Phone: (305) 833-4151