Privacy policy

Welcome to Grayce Skin Co.'s Website

Grayce Skin Co., a Tennessee limited liability company (LLC), operates this site, collectively referred to as “Grayce Skin Co.,” "we," "us," "our," or "Site." We deeply value your privacy. This Privacy Notice outlines how we collect, use, disclose, and safeguard Personal Information (defined below) during your online visits or purchase(s) with Grayce Skin Co., as well as your options regarding the collection and utilization of Personal Information.

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at hello@grayceskinco.com or by mail using the details provided below:

Grayce Skin Co.
5034 N. Broadway St.
Suite 240
Knoxville, TN 37918, United States

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Each of the sources below contribute to the overall data collection efforts of a website, helping to personalize user experiences, improve services, and ensure compliance with privacy regulations through informed consent and data protection measures.

  • Device information
    • User Input: Information provided directly by users through forms, surveys, account registrations, and contact inquiries.
    • Cookies and Tracking Technologies: Data collected automatically through cookies, pixels, tags, and similar technologies that track user behavior, preferences, and interactions on the website.
    • Analytics Tools: Data collected through analytics services like Google Analytics, which provide insights into website traffic, user behavior, demographics, and user engagement.
    • Third-Party Integrations: Information obtained from third-party services such as social media platforms (for social login or sharing), advertising networks (for targeted advertising), and payment processors (for transactions).
    • Server Logs: Information automatically logged by web servers, including IP addresses, browser type, referring/exit pages, and timestamps.
    • Transactional Data: Details collected during transactions, such as purchase history, shipping addresses, and payment information.
    • User-Generated Content: Information voluntarily shared by users on forums, comments sections, or social media plugins embedded on the website.
    • Information You Provide: In different sections of the Site, we may request Personal Information from you, such as through completion of forms. The specific Personal Information we collect depends on the purpose for which it is requested and may include:
      1. Contact and Demographic Information: Your name, email address, telephone number, Internet protocol (IP) address, and/or mobile device identification.
      2. Payment Information: If you make a purchase, third-party payment processors like Finix, Square, or PayPal may collect your payment details, including your name, email address, credit card information, and billing address. We may also retain details of your purchases.
      3. Account Information: We may collect user information if you create an account or contact us via email with questions or comments.
    • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
    • Source of collection: Each of the sources below contribute to the overall data collection efforts of a website, helping to personalize user experiences, improve services, and ensure compliance with privacy regulations through informed consent and data protection measures.
    • Collected automatically when you access our Site:
    • Disclosure for a business purpose: shared with our processor Shopify, shared with our payment processing platform Finix, and our EMR and practice management software Prospyr.
    • Personal Information collected: At Grayce Skin Co., we collect various types of Personal Information about you through our website, www.grayceskin.com. This information is gathered in the following ways: 
  • Order information
    • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
    • Source of collection: collected from you.
    • Disclosure for a business purpose: shared with our processor Shopify, our payment processing platform Finix, and our EMR and practice management software Prospyr.
    • Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
  • Customer support information
    • Contact and Demographic Information: Your name, email address, telephone number, Internet protocol (IP) address, and/or mobile device identification.
    • Payment Information: If you make a purchase, third-party payment processors like Finix, Square, or PayPal may collect your payment details, including your name, email address, credit card information, and billing address. We may also retain details of your purchases.
    • Account Information: We may collect user information if you create an account or contact us via email with questions or comments.
    • Purpose of collection: to provide customer support.
    • Source of collection: collected from you
    • Disclosure for a business purpose: shared with our processor Shopify, our payment processing platform Finix, and our EMR and practice management software Prospyr.
    • Personal Information collected: 

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

  • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
  • We use Finix, a payment processing platform. You can read more about how Finix uses your Personal Information here: https://finix.com/terms-and-policies/privacy-policy.
  • We use Prospyr as our Electronic Medical Record (EMR) and practice management software for online booking, etc. You can read more about how Prospyr uses your Personal Information here: Prospyr Privacy Policy. 

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

  • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
  • We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
  • We use the Judge.me application to collect and display reviews and other user-generated content. You can read more about how Judge.me uses your personal information here: https://judge.me/privacy.
  • We use the Adoric platform to capture leads and optimize conversions through engaging, personalized content including pop-ups, countdowns, forms, and on-page messages. You can read more about how Adoric uses your personal information here: Adoric Privacy Policy.
  • We use Mailchimp to capture your name, email, and date of birth for our marketing newsletter. You can read more about how Mailchimp uses your personal information here: Mailchimp Privacy Policy.

Third-Party Website Links

We do not oversee the practices of any websites or services linked to or from our Site, including the information or content they contain. We urge you to conduct thorough research and inquire before sharing Personal Information with third parties, as any information disclosed will be governed by the respective third party’s privacy policy.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We may engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
  • Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

Selling Personal Information

This section pertains to our collection and use of "Personal Information" if you are a resident of California, as mandated by the California Consumer Privacy Act of 2018 (CCPA) and its implementing regulations. When we refer to "Personal Information" under the CCPA, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. Please be aware that the CCPA is currently undergoing rule making processes, and consequently, this Section may be updated periodically to ensure compliance with future CCPA requirements. We encourage you to revisit this Section regularly for any updates.

Our Site sells Personal Information, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

Categories of Personal Information Collected, Used, and Disclosed

In accordance with California law, we may have collected and disclosed the following categories of Personal Information within the past 12 months:

Identifiers - A real name, Internet Protocol (IP) address, email addresses, email addresses, and other similar identifiers.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) - This category may include:

Name, signature

Social Security number

Physical characteristics or description

Address, telephone number

Passport number, driver’s license or state identification card number

Insurance policy number

Education, employment, employment history

Bank account number, credit card number, debit card number, or any other financial information

Medical information or health insurance information

Internet or other similar network activity -  This covers browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.

Geolocation data - This pertains to physical location or movements of individuals.

Inferences drawn from other Personal Information - Profiles reflecting a person’s preferences, characteristics, psychological trends, behavior, attitudes, abilities, and aptitudes.

Protected classification characteristics under California or federal law -

This includes:

Age (40 years or older)

Race, color, ancestry

National origin, citizenship

Religion or creed

Marital status

Medical condition

Physical or mental disability

Sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions)

Sexual orientation

Veteran or military status

Genetic information (including familial genetic information)

Professional or employment-related information - This includes current or past job history or performance evaluations.

 

We disclose each of these categories of Personal Information to our service providers as necessary to facilitate our business operations. Additionally, this Personal Information is disclosed for the purposes outlined in the Collecting Personal Information section.

In the past 12 months, we have no knowledge of selling any Personal Information of California Consumers, nor do we have actual knowledge of selling the Personal Information of California Consumers under the age of 16 years old. According to the CCPA, "sale" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information to another business or third party for monetary or other valuable consideration.

If we do sell your Personal Information, we will notify you accordingly. Moreover, if you submit a verifiable consumer request, we will disclose to you a list containing the categories of Personal Information that we sold, as required by the CCPA.

Your Rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND PORTABILITY REQUESTS]

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

CCPA

Your California Privacy rights

If you are a resident of California, you may have the following rights:

 

Privacy Right

Description

Notice

You have the right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.

Access

You may have the right to request the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You may also have the right to request the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information.

Data Portability

You may have the right to receive the Personal Information you have previously provided to us.

Erasure

You can request to have your Personal Information deleted and we will direct our service providers to do the same. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Erasure

You can request to opt out of us selling your information Personal Information.  To exercise this right please visit our CCPA opt-out page.

 

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise your rights listed above, please send (or have your authorized agent send) an email to hello@grayceskinco.com, call us at (865) 622-8850, or contact us at the address above.  We must verify your identity before fulfilling your requests. If we are unable to verify your identity initially, we may ask for additional information to complete the verification process. Any Personal Information you provide to us for verification purposes will be used solely for that purpose.

We may deny certain requests or fulfill them only in part, as permitted or required by law. For instance, if you request deletion of Personal Information, we may retain certain information that we are legally obligated to keep (e.g., for tax or accounting purposes). You have the right not to receive discriminatory treatment from any business for exercising your California privacy rights.

Under the CCPA, California Consumers have the right to file a complaint with the California Attorney General’s office. You can contact the Attorney General’s office at https://oag.ca.gov/contact/consumer-complaint-against-business-or-company or by phone at (916) 210-6276.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

Some of our service providers may use cookies or other methods to gather information regarding your use of the Site, and may combine the information in these cookies with any Personal Information about you that they may have. The use of such tracking information by a third party depends on the Privacy Notice of that third party.  We do not respond to Do Not Track (“DNT”) signals sent to us by your browser at this time. To learn more about how DNT works, please visit http://allaboutdnt.com/.

We use the following cookies to optimize your experience on our Site and to provide our services: https://www.shopify.com/legal/cookies 

Necessary Cookies for Store Functionality

Name

Function

Duration

_ab

Used in connection with access to admin.

2y

_secure_session_id

Used in connection with navigation through a storefront.

24h

_shopify_country

Used in connection with checkout.

session

_shopify_m

Used for managing customer privacy settings.

1y

_shopify_tm

Used for managing customer privacy settings.

30min

_shopify_tw

Used for managing customer privacy settings.

2w

_storefront_u

Used to facilitate updating customer account information.

1min

_tracking_consent

Tracking preferences.

1y

c

Used in connection with checkout.

1y

cart

Used in connection with shopping cart.

2w

cart_currency

Used in connection with shopping cart.

2w

cart_sig

Used in connection with checkout.

2w

cart_ts

Used in connection with checkout.

2w

cart_ver

Used in connection with shopping cart.

2w

checkout

Used in connection with checkout.

4w

checkout_token

Used in connection with checkout.

1y

dynamic_checkout_shown_on_cart

Used in connection with checkout.

30min

hide_shopify_pay_for_checkout

Used in connection with checkout.

session

keep_alive

Used in connection with buyer localization.

2w

master_device_id

Used in connection with merchant login.

2y

previous_step

Used in connection with checkout.

1y

remember_me

Used in connection with checkout.

1y

secure_customer_sig

Used in connection with customer login.

20y

shopify_pay

Used in connection with checkout.

1y

shopify_pay_redirect

Used in connection with checkout.

30 minutes, 3w or 1y depending on value

storefront_digest

Used in connection with customer login.

2y

tracked_start_checkout

Used in connection with checkout.

1y

checkout_one_experiment

Used in connection with checkout.

session

checkout_session_lookup

Used in connection with checkout.

3w

checkout_session_token_<<token>>

Used in connection with checkout.

3w

identity-state

Used in connection with customer authentication.

24h

identity-state-<<token>>

Used in connection with customer authentication.

24h

identity_customer_account_number

Used in connection with customer authentication.

12w

Reporting and Analytics

Name

Function

Duration

_landing_page

Track landing pages.

2w

_orig_referrer

Track landing pages.

2w

_s

Shopify analytics.

30min

_shopify_d

Shopify analytics.

session

_shopify_s

Shopify analytics.

30min

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

30min

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

30min

_shopify_y

Shopify analytics.

1y

_y

Shopify analytics.

1y

_shopify_evids

Shopify analytics.

session

_shopify_ga

Shopify and Google Analytics.

session

customer_auth_provider

Shopify analytics.

session

customer_auth_session_created_at

Shopify analytics.

session

 

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.

Third-Party Website Links

We do not oversee the practices of any websites or services linked to or from our Site, including the information or content they contain. We urge you to conduct thorough research and inquire before sharing Personal Information with third parties, as any information disclosed will be governed by the respective third party’s privacy policy.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes To This Privacy Policy

We may periodically modify or update this Privacy Notice, so we encourage you to review it regularly. In cases of significant changes, we will provide notice as appropriate. Unless otherwise stated, any revisions to this Privacy Notice will take effect immediately upon being posted on the Site. You can track changes by referring to the "Last Updated" date at the top of this page. Your continued use of our Site and/or any benefits offered through the Site after updates (with advance notice for major changes) signifies your agreement to and acceptance of the revised Privacy Notice.

Complaints

As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under Contact above.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. For Tennessee residents, you can file a complaint with the Office of the Attorney General | State of Tennessee here:  https://core.tn.gov


Mailing Address
Tennessee Division of Consumer Affairs
Tennessee Attorney General’s Office
P.O. Box 20207
Nashville, TN 37202-0207

Phone: 615.741.4737
Fax: 615.532.4994
Inside TN: 800.342.8385

Last updated: March 27, 2025