Last Updated: June 9, 2026
This policy describes how Pinch Med, Inc. (“Pinch,” “we,” “us,” or “our”) collects, uses, shares, and protects information about you, and the choices you have regarding that information.
This Privacy Policy applies to information collected through our website, mobile applications, and other digital properties operated by Pinch (collectively, the “Sites”), as well as through your interactions with Pinch in connection with services provided by the affiliated professional entities through which Pinch’s providers deliver care.
We may collect different types of information during your interactions with our Sites and through our advertising and media across the Internet and our web and mobile apps. This information may include personal information (e.g., name, phone number, postal address, email address, and certain payment information), technical information (e.g., device identifier, IP address, browser type, operating system), and usage information (e.g., how you use and navigate to and from our Sites, and information about content). We may combine these types of information together, and collectively refer to all of this information in this Privacy Policy as “Information.”
Information may be collected as described below and through the use of cookies, web beacons, pixels, SDKs, and other similar technologies by us or by other companies on our behalf. Below we describe the types of Information we may collect.
We may collect, aggregate, and anonymize non-personally identifiable information into statistics regarding user behavior such as overall patterns or demographic reports that do not describe or identify any individual user.
We may collect Information in the course of your use of, or registration with, our Sites. For example, when you create an account, register for or download an app, or sign up for a product or service, you may provide us with certain personal information. This type of personal information may include name, phone number, postal address, email address, or certain payment information (e.g., credit card and billing information). We may also collect Information about your interest in and use of various products, programs, services, and content available on or through our Sites.
When you interact with our Sites, you may share other information about yourself by, for example, creating a profile, filling out a survey or application, or providing information in connection with a service you book. We may collect this type of information if you participate in surveys, focus groups, or opportunities to test new products, programs, or services. We collect this information with your consent, where required by law, and we take steps to protect and limit any use of it to the purposes for which it is provided.
We may collect Information other people submit about you. For example, a friend might submit Information to invite you to participate in a joint service, make recommendations, or share content. By processing these requests, we may receive Information including a recipient’s name, postal address, email address, telephone number, or information about your interest in and use of various products, programs, and services. Some portions of our Sites may also allow users to invite friends to participate in activities by providing their friends’ contact details or importing contacts from your address book or from other sites.
We may combine Information we receive online with other information, including usage information from our online advertising and media. We may also supplement or combine Information with information from a variety of other sources or outside records, such as demographic, transaction history, or personal information, and we may use that combined information in accordance with this Privacy Policy.
You can engage with some of our content and offerings, such as videos, live feeds, apps, and other offerings on or through third-party communities, forums, and social media sites, platforms, services, plug-ins, and applications (“Social Media Sites”). When you link to or interact with our Sites, content, or offerings through Social Media Sites, you may allow us to receive certain Information from your social media account (e.g., name, user ID, email address, profile photo, photos and videos, gender, birthday, location, your list of friends and their contact details, people you follow and/or who follow you, the posts or the “likes” you make). We may also receive Information from your interaction with our content. By providing this Information or otherwise interacting with our Sites through Social Media Sites, you consent to our use of Information from the Social Media Sites in accordance with this Privacy Policy.
We may have access to certain Information about your location, such as your country or address, when you provide it either directly or via device information. If you access our Sites on your mobile device, we may collect Information about your device’s precise location for the purpose of matching you with available providers, calculating travel windows, and confirming service-area eligibility. We treat precise geolocation as Sensitive Personal Information and, where required by applicable law, will not collect it without your affirmative consent. You may decline or revoke this consent through your device settings; doing so may limit certain features of the service.
For some features, we will ask for permission to access your device’s camera. If you grant permission, you may be able to take pictures or video within the app experience. We may use camera-captured images for identity verification purposes (as described in the Biometric Information section below), for client profile photographs, and for telehealth and virtual consultation interactions where applicable.
In connection with the services you book through our platform, you may provide information related to your health, appearance, treatment history, medications, allergies, and clinical preferences. We use this information solely to facilitate the service you have requested, to support communication between you and your treating provider, and to maintain operational and account records. Treating providers may maintain their own clinical records governed by state medical confidentiality obligations and applicable professional ethics standards.
Before you create an account or book a service, we may offer questionnaires that ask about your aesthetic goals, priorities, and certain health and safety information (for example, pregnancy or breastfeeding status, current medications, medical conditions, or skin conditions). You are not required to complete a questionnaire, and we collect these responses only when you choose to provide them. We use your responses to tailor the services and recommendations we display to you and, with your consent, to share your responses with the Pinch Provider assigned to your consultation so that your provider can review and discuss them with you.
Where your questionnaire responses include health-related information, we treat those responses as consumer health data or sensitive personal information, as described in the Consumer Health Data and Sensitive Personal Information section below, whether or not you ultimately create an account or book a service.
Any recommendations or suggested treatments displayed to you through our Sites, including any displayed “plan,” are informational only. They are not medical advice, a diagnosis, or a treatment plan, and they do not establish a provider–patient relationship. All medical and aesthetic care is provided exclusively by licensed providers of the affiliated professional entities, and only after an individualized consultation with your provider and your informed consent.
We also collect certain technical and usage information when you use our Sites, such as the type of device, browser, and operating system you are using, your Internet service provider or mobile carrier, unique device identifier, device and browser settings, the web pages and apps you use, and certain Site usage information.
Pinch uses Stripe Identity, a third-party identity verification service provided by Stripe, Inc., to verify the identity of clients who book appointments through our platform. This verification process involves the collection and processing of biometric information as described below. This section constitutes Pinch’s publicly available written policy regarding the collection, use, retention, and destruction of biometric identifiers and biometric information, as required by the Illinois Biometric Information Privacy Act (740 ILCS 14) and other applicable state laws.
When you complete identity verification through our platform, Stripe collects a photograph of your government-issued identification document and a selfie image. Stripe’s systems generate a scan of your facial geometry (a “biometric identifier”) from both images and perform a face-match comparison to verify that the person submitting the selfie is the same person depicted on the identification document. The facial geometry scan and any information derived from it constitute “biometric information” as defined under applicable law.
Pinch does not collect, receive, store, or have access to biometric identifiers (facial geometry scans) at any point. The biometric comparison is performed entirely within Stripe’s systems. Pinch never possesses, transmits, or retains your facial geometry data. The information Pinch receives from the verification process is limited to: (1) the verification result (e.g., verified, not verified, or flagged); (2) captured images of the identification document and selfie (photographs only — not biometric scans); and (3) extracted text data such as legal name and date of birth. None of this information constitutes a biometric identifier.
Pinch retains the selfie photograph and identification document image received from the verification process for the following purposes, which are separate from and unrelated to biometric processing:
These photographs are standard images and are not processed by Pinch to extract biometric identifiers. Pinch retains these images for as long as you maintain an active account with Pinch, or for three (3) years following your last interaction with Pinch, whichever occurs first, unless a longer retention period is required by applicable law. You may request deletion of these images at any time by contacting us using the information in the Contact Us section below.
Pinch directs the collection of biometric information by Stripe solely for the following purposes:
Biometric identifiers and biometric information are collected and processed exclusively by Stripe, Inc. Stripe acts as both a data processor (performing the verification at Pinch’s direction) and a data controller (for its own fraud prevention and security purposes, and for improving its verification technology where you separately consent to Stripe).
Pinch will not sell, lease, trade, or otherwise profit from your biometric identifiers or biometric information. Pinch will not direct or authorize the disclosure of your biometric identifiers or biometric information to any party other than Stripe and its sub-processors, except as required by law, legal process, or court order, or with your written consent.
Because Pinch does not possess biometric identifiers, retention and destruction of biometric data is governed by Stripe’s practices. Stripe permanently destroys biometric identifiers (facial geometry scans) within one (1) year of collection. Stripe retains non-biometric verification data (captured images, extracted data, and verification results) for up to three (3) years, unless a longer retention period is required by applicable law. To the extent Pinch is deemed to have directed the collection of biometric information, Pinch will ensure that biometric identifiers and biometric information are destroyed when the initial purpose for collecting them has been satisfied or within three (3) years of the individual’s last interaction with Pinch, whichever occurs first, unless retention for a longer period is required by applicable law.
Before initiating identity verification, Pinch will present you with a clear disclosure summarizing what biometric information is collected, the purpose, the retention and destruction practices, how Pinch retains and uses the selfie and ID photographs, and the identity of the third-party processor (Stripe). You will be asked to provide your affirmative, informed consent (electronic signature) before the Stripe Identity verification flow begins. If you decline to provide consent, you will not be required to complete biometric verification, but your verification status will reflect that verification was not completed, and this status will be visible to providers.
Depending on your state of residence, you may have the following rights with respect to your biometric information:
To exercise any of these rights, to request deletion of your biometric information or photographs, or to revoke your consent, please contact us using the information in the Contact Us section below. For requests related to biometric data held by Stripe, you may also contact Stripe directly at privacy@stripe.com or visit Stripe’s Privacy Center.
If you do not consent to biometric identity verification, you may decline the verification process. Your booking will not be cancelled solely because you declined verification; however, your provider will be informed that your identity has not been verified. Pinch may offer alternative verification methods in the future. To inquire about alternative verification options, please contact us using the information in the Contact Us section below.
Biometric information processed by Stripe is protected using industry-standard security measures, including encryption in transit and at rest. Pinch protects the photographs, verification results, and associated data it receives using commercially reasonable security controls that are the same as, or more protective than, the measures Pinch uses to protect other confidential and sensitive information.
Pinch collects certain categories of information that are classified as “sensitive personal information” or “consumer health data” under various state privacy laws. We treat these categories with heightened care and limit our use of them to the purposes described in this Privacy Policy and to purposes you separately authorize.
Depending on your interactions with us, we may collect the following categories of sensitive personal information or consumer health data:
We use sensitive personal information and consumer health data only for the purposes for which it was collected, including:
We do not use sensitive personal information or consumer health data to infer characteristics about you for advertising or marketing purposes, and we do not sell or share these categories of information as those terms are defined under applicable state privacy laws.
If you are a Washington resident, the Washington My Health My Data Act (“MHMDA”) provides additional rights and protections with respect to “consumer health data,” which is broadly defined and may include information reflecting your interest in, attempt to acquire, or receipt of health services, including aesthetic and wellness services available through Pinch.
Pinch will not collect, share, or sell consumer health data without your consent, and where applicable law requires it, we obtain your separate, affirmative, opt-in consent before collecting consumer health data and a separate, affirmative, opt-in consent before sharing or selling it. We do not, and will not, sell your consumer health data.
Under MHMDA, you have the right to:
Pinch does not use geofencing within two thousand (2,000) feet of any in-person healthcare service location for the purpose of (i) identifying or tracking consumers seeking healthcare services, (ii) collecting consumer health data, or (iii) sending notifications, messages, or advertisements related to consumer health data or healthcare services.
To exercise any of these rights, please contact us using the information in the Contact Us section below. We will respond to verifiable requests within forty-five (45) days, with one additional forty-five (45)-day extension where reasonably necessary, in accordance with the MHMDA.
If you are a California resident, you have the right to direct Pinch to limit its use of your sensitive personal information to the uses necessary to perform the services you have requested, prevent fraud, ensure security, or other purposes specifically authorized under California law. You may exercise this right by contacting us using the information in the Contact Us section below.
Pinch uses certain automated systems in the course of operating our platform, including:
Pinch does not use automated decision-making or profiling to deny clinical or medical services. Where an automated system flags an account or transaction in a way that affects your ability to book services, you may request human review of that decision by contacting us using the information in the Contact Us section below. We will provide meaningful human review of the decision and, where appropriate, an explanation of the factors that contributed to it, in accordance with applicable state law.
We use Information for the purposes described in this policy or disclosed at the time of collection or with your consent.
We may use the Information we collect about you through our Sites to fulfill your requests for, and otherwise provide or analyze your use of, our products, programs, and content; to facilitate sharing and other interactions with Social Media Sites; and to provide, develop, maintain, personalize, protect, and improve your experience and our offerings.
We may use Information about you to communicate with you, including (i) to notify you when we make changes to our policies or user agreements, (ii) to respond to your inquiries and provide you with customer service, (iii) to communicate with you about your appointments, purchases, or transactions, (iv) to contact you about your account, and (v) to send you information about promotions, offerings, and Site features. The specific channels through which we send these communications — including email and SMS — are described in greater detail in the Your Options and Control and Text Message (SMS) Communications sections below.
We may use technical and usage information to improve the design, functionality, and content of our Sites and to enable us to personalize your experience with our Sites and offerings.
We may use Information we collect to detect, investigate, and prevent activities on our Sites that may violate our terms of use, that could be fraudulent, that violate copyright or other rules, or that may be otherwise illegal; to comply with legal requirements; and to protect our rights and the rights and safety of our users and others.
We do not sell, rent, lease, or trade your personal information for monetary compensation. We do not sell consumer health data, biometric data, or other sensitive personal information under any circumstances.
We also do not “share” personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA), except where you have provided consent through our cookie preference tools.
To the extent any analytics or advertising technologies could be interpreted as a “sale” or “sharing” under certain state privacy laws, you may opt out at any time by using our “Do Not Sell or Share My Personal Information” link available in the footer of our website, or by enabling a recognized opt-out preference signal such as Global Privacy Control (GPC) in a supporting browser.
In certain circumstances, we may disclose your Information to third parties for a business purpose. We do not sell, rent, lease, or “share” your Information, and will not disclose your Information to third parties for purposes of their direct marketing without providing notice to you.
We may disclose Information when you provide us with your consent to do so.
We may disclose Information in response to a legal process — for example, in response to a court order or a subpoena — or in response to a law enforcement agency’s request. We also may disclose such Information to third parties: (i) in connection with fraud prevention activities; (ii) where we believe it is necessary to investigate, prevent, or take action regarding illegal activities; (iii) in situations that may involve violations of our terms of use or other rules; (iv) to protect our rights and the rights and safety of others; and (v) as otherwise required by law.
We may transfer Information in the event of a business transaction, such as if we or one of our business units or our relevant assets are acquired by, sold to, or merged with another company, or as part of a bankruptcy proceeding or business reorganization.
Organizations that perform services for us may have access to Information to help carry out the services they are performing for us, including, but not limited to, creation, maintenance, hosting, and delivery of our Sites, products, and services; marketing; payment handling; email and order fulfillment; promotion administration; research and analytics; and customer service. We require our service providers to handle Information in a manner consistent with this Privacy Policy and applicable law.
We may share your Information with our affiliates, subsidiaries, and other companies under common control, including the professional corporations through which our providers deliver care. We require them to honor this Privacy Policy.
With your consent, we share the information you provide in connection with a booking or a pre-consultation questionnaire — including health-related responses — with the Pinch Provider assigned to your appointment or consultation, so that your provider can review and discuss it with you. All care decisions are made by your provider following an individualized consultation and your informed consent.
We share your Information with our third-party payment processor and identity verification provider, Stripe. When you complete identity verification, Stripe processes biometric information as described in the Biometric Information section above. Pinch does not receive or store biometric identifiers from this process. Pinch does receive and retain the selfie and ID photographs as described in that section.
We may share Information about you with our data analytics and advertising service providers, such as Google Analytics, to help us measure traffic and usage trends. We do not share consumer health data, biometric data, government-issued identification information, or precise geolocation with these providers.
We use third-party analytics and advertising service providers to help us understand how visitors use our website and to measure the effectiveness of our marketing efforts. These providers may include, but are not limited to, Google Analytics, Google Ads services, Meta (Facebook) advertising services, Customer.io, and content delivery networks such as Amazon CloudFront. We manage your cookie and tracking-technology preferences through our consent management platform, CookieYes, as described in the Cookies and Associated Technologies section below.
These providers may collect certain information from your browser or device, including IP address, device and browser identifiers, referring URLs, pages visited, date and time of access, and interaction information. Where required by applicable law, such technologies are not activated until you provide your consent. We configure analytics tools, where available, to support data minimization measures such as IP anonymization.
Our Sites may contain links to other sites, including Social Media Sites, whose information practices may be different from ours. Information you submit to other sites will be governed by the other sites’ privacy policies and terms.
We may disclose your Information to third parties when we believe in good faith that disclosure is necessary to protect our rights, our property, personal safety, or the interests of you or any other person, and to detect, prevent, and/or otherwise address fraud, risk management, security, or technical issues.
We provide you with an opportunity to express your preferences with respect to receiving certain marketing communications from us. If you ever decide in the future that you would like to update these preferences, you may contact us using the information in the Contact Us section below.
To opt out of receiving our email marketing communications, you can follow the “unsubscribe” instructions provided in any marketing email you receive from us.
To opt out of receiving our marketing SMS, you can reply STOP to any marketing SMS you receive from us, or contact us as described in the Text Message (SMS) Communications section below.
Please note that opting out of marketing communications does not opt you out of transactional or treatment-related communications necessary to provide services you have booked, including appointment confirmations and reminders, provider arrival notifications, identity verification prompts, and account or payment notifications.
On our own or working with affiliates or third parties, we may present advertisements and engage in data collection, reporting, ad delivery and response measurement, and site analytics on our Sites and on third-party websites across the Internet and applications over time.
For more information about interest-based advertising on your desktop or mobile browser, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative website and/or the Digital Advertising Alliance (DAA) Self-Regulatory Program for Online Behavioral Advertising website.
To disable the collection of precise location information from your mobile device through our mobile apps, you can access your mobile device settings and choose to limit that collection. Disabling precise location may affect your ability to receive provider arrival notifications and other location-dependent service features.
Pinch may send text messages to clients and prospective clients in connection with our services and our marketing programs. This section describes how we collect, use, and protect information in connection with our SMS programs, the categories of messages we send, the consents we obtain, and how you may opt out.
Depending on the consents you provide, we may send the following categories of SMS:
Marketing SMS are sent only to phone numbers for which you have provided prior express written consent specifically for marketing SMS. Consenting to receive transactional SMS does not constitute consent to receive marketing SMS, and vice versa.
We collect your affirmative opt-in consent before enrolling you in any SMS program. Consent is collected through specific consent disclosures at the time of account creation, booking, or marketing sign-up. Each disclosure identifies the categories of messages you are consenting to receive, the approximate message frequency, applicable charges, and a link to this Privacy Policy. We retain records of consent — including the date, time, source, and content of your opt-in — for the duration of your participation in the relevant SMS program and for a period of at least four (4) years following your opt-out, consistent with applicable telecommunications recordkeeping requirements.
You may opt out of any Pinch SMS program at any time by replying STOP to any message in that program. To opt out of all SMS communications from Pinch, reply STOPALL to any of our messages, or contact us using the information in the Contact Us section. To request help, reply HELP to any of our messages, or contact us. Message and data rates may apply.
Text messaging originator opt-in data and consent will not be shared with any third parties, excluding aggregators and providers of the text message services. Mobile phone numbers and SMS opt-in consents are not sold, leased, traded, or otherwise shared with affiliates, marketing partners, or other third parties for marketing or promotional purposes.
We, and our affiliates, vendors, and business partners, may send cookies to your computer or use similar technologies to understand and enhance your online experience at our Sites and through our advertising and media across the Internet and mobile apps.
Cookies are small text files placed in your browser. We may also use pixels or web beacons that monitor your use of our Sites.
By visiting our Sites, strictly necessary cookies may be placed on your device to enable core Site functionality. Other cookies and tracking technologies may also be placed on your device, subject to your right to opt out as described in the “Consent to Use of Cookies and Tracking Technologies” section below and, where opt-in consent is required by applicable law, subject to that consent.
We use CookieYes, a third-party consent management platform, to allow you to control the use of non-essential cookies and tracking technologies on our website.
Strictly necessary cookies and technologies (such as security, fraud prevention, and basic functionality) are always active because they are required to operate the website. Analytics, advertising, marketing, and similar non-essential technologies may be active when you arrive on our website. You may opt out of these non-essential technologies at any time through our cookie banner or by clicking the “Cookie Preferences” link in the footer of our website, and you may withdraw or change your preferences at any time through the same controls.
We honor recognized opt-out preference signals, including the Global Privacy Control (GPC) signal, where required by applicable law. Where applicable law requires opt-in consent before non-essential technologies are deployed, we will obtain that consent before deploying them.
Cookies can either be persistent (i.e., they remain on your computer until you delete them) or temporary (i.e., they last only until you close your browser). Check your browser settings to learn how to delete cookies.
You may adjust your browser to reject cookies from us or from any other website. Controlling cookies via browser controls may not limit our use of other technologies. Please consult your browser’s settings for more information. Blocking cookies or similar technology might prevent you from accessing some of our content or Site features.
Depending on your state of residence, you may have certain rights under applicable state privacy laws. We provide the following rights to all U.S. residents to the extent required by the state privacy law applicable to you. Some rights may be limited or unavailable under specific state laws.
To exercise any of these rights, please contact us at privacy@bookpinch.com or by using the contact information in the Contact Us section below. We may request information from you to verify your identity before responding to a request. We will respond to verifiable requests within the time periods required by applicable law (generally 45 days, with one 45-day extension where reasonably necessary). We will not discriminate against you for exercising any of your privacy rights.
Our Sites and services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. By using our Sites or booking services, you represent that you are at least 18 years of age. If you believe a minor has provided personal information to us, please contact us using the information in the Contact Us section below and we will take appropriate steps to delete that information.
We have put in place commercially reasonable controls designed to help safeguard the personal information we collect via our Sites, including administrative, technical, and physical safeguards. However, no security measures are perfect, and we cannot assure you that personal information we collect will never be accessed or used in an unauthorized way.
We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:
From time to time, we may update this Privacy Policy. We will notify you about material changes to this Privacy Policy by placing a notice on our Sites and, where the change materially affects your rights, by sending notice to your registered email address or providing in-app notice in advance of the change taking effect. We encourage you to periodically check back and review this policy so that you always know our current privacy practices.
If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or wish to revoke any consent you have provided, you may contact us at:
Pinch Med, Inc.
909 Davis Street, Suite 500
Evanston, Illinois 60201
Email: privacy@bookpinch.com
Website contact form: https://www.bookpinch.com/contact-us