Medspa Board Certified · 2026

Legal

Privacy Policy

Effective June 4, 2026 · Last updated June 4, 2026

Tulua Medical, LLC ("Tulua Medical," "we," "us," or "our") respects your privacy. This Policy explains what we collect when you visit https://tuluamedspa.com, call or text us at (480) 485-4975, book an appointment, interact with our ads on Google, Meta (Facebook/Instagram), TikTok, or other platforms, or receive care at our studio in Gilbert, Arizona.

1. Scope & HIPAA notice

This Policy covers information collected through our website, online booking, contact forms, paid advertising, email, SMS, and phone. It does not replace our separate Notice of Privacy Practices under the Health Insurance Portability and Accountability Act ("HIPAA"), which governs your Protected Health Information ("PHI") — including medical history, treatment notes, photos taken during a visit, lab results, prescriptions, and anything else created or received during clinical care. A printed copy of our HIPAA Notice is provided at your first appointment and is available on request at concierge@tuluamedspa.com.

Marketing data collected on our website (page views, ad clicks, form fills before you become a patient) is generally not PHI and is governed by this Policy.

2. Information we collect

You give us:

  • Identifiers: name, email, phone, date of birth, mailing address.
  • Booking and intake data: service requested, appointment preferences, referral source, health-history forms, consent forms, before/after photos (with separate written consent).
  • Payment data: card details processed by our PCI-compliant payment processor; financing applications submitted directly to Cherry or PatientFi (we never see your full SSN or credit report).
  • Communications: SMS, email, voicemail, and chat content you send us.
  • Reviews, testimonials, and social media tags that mention us.

We collect automatically:

  • Device and browser data (IP address, user agent, screen size, referring URL, language).
  • Site activity (pages viewed, time on page, links clicked, scroll depth, form interactions).
  • Approximate location derived from IP (city / region only — we do not collect GPS).
  • Cookies, pixels, and similar technologies — see Section 7.

We receive from third parties:

  • Ad platforms (Google, Meta, TikTok) — reports about which ads you clicked and aggregate conversion data.
  • Booking and CRM partners — appointment confirmations and lead data when you contact us through a partner site.
  • Public review platforms (Google, Yelp, BBB) — reviews and ratings you post about us.

3. How we use your information

  • Schedule, confirm, reschedule, and follow up on appointments.
  • Provide medical aesthetic and wellness services.
  • Process payments and financing applications.
  • Send appointment reminders, post-care instructions, and important account notices.
  • Send marketing (only with your consent) — promotions, new services, events.
  • Measure ad performance, attribute leads, and improve our website.
  • Prevent fraud, enforce our policies, and comply with law.

We do not sell your personal information. We do not use PHI for marketing without your separate, written HIPAA authorization.

4. SMS & text messaging (TCPA / 10DLC disclosure)

Program name: Tulua Medical Patient & Marketing Messaging. Sending number: (480) 485-4975. Operator: Tulua Medical, LLC, Gilbert, AZ.

How you opt in. You opt in to receive text messages from Tulua Medical by (a) checking the SMS consent box on our online booking form, contact form, or VIP card; (b) providing your mobile number on a paper intake form that includes the SMS consent language; or (c) texting us first from your mobile number. At the moment you opt in, we record the exact consent language shown to you, the timestamp, the page URL (for web opt-ins), and the method used. We retain this record for as long as required by the TCPA and carrier rules.

What you agree to. By opting in, you agree that Tulua Medical may send you text messages — including messages sent using an automatic telephone dialing system or other automated technology — at the mobile number you provided. Consent is not a condition of purchase of any goods or services. Message categories include:

  • Transactional / care-related: appointment confirmations, reminders, intake links, post-care follow-up, payment receipts, two-way conversations with the front desk.
  • Promotional / marketing: specials, events, new services, monthly news. Sent only if you opted in to marketing texts.

Frequency & cost. Message frequency varies based on your appointments and current promotions (typically 2–8 messages per month). Message and data rates may apply depending on your mobile carrier and plan.

How to get help or opt out. Reply HELP at any time for help, or STOP to unsubscribe — you will receive one confirmation message and no further marketing texts. You can also call us at (480) 485-4975 or email concierge@tuluamedspa.com to be removed. Opting out of promotional messages will not stop essential, care-related messages tied to a scheduled appointment; to stop those, cancel the appointment or reply STOP and we will switch you to phone/email only.

Carriers. Supported carriers include AT&T, T-Mobile, Verizon Wireless, Sprint, Boost, U.S. Cellular, MetroPCS, Cricket, Virgin Mobile, and most other U.S. carriers. Carriers are not liable for delayed or undelivered messages.

No sharing of your number or consent. Mobile phone numbers, SMS opt-in data, and the contents of your text messages are never shared, sold, or rented to any third party or affiliate for their own marketing purposes — period. We use OpenPhone / Quo as our business messaging platform under a contract that limits use of your data to delivering messages on our behalf. SMS consent is collected separately from any other agreement and is not bundled with another consent.

Privacy of message content. Two-way text conversations with our team are stored in our business messaging platform and treated as part of your patient communication record. Do not send sensitive medical information by SMS unless you are comfortable doing so; for detailed clinical questions we will move the conversation to phone or the patient portal.

5. Phone calls & voicemail

Calls to and from (480) 485-4975 may be recorded or transcribed for quality, training, scheduling accuracy, and clinical documentation. Arizona is a one-party-consent state; by continuing the call after our greeting notice, you consent to recording. If you do not wish to be recorded, please tell the team member at the start of the call and we will document the call by written note instead.

Voicemails and missed-call data (number, time, duration) are stored in our business phone system and used to return your call.

6. Advertising, retargeting & analytics

We run paid advertising on Google Ads, Meta (Facebook and Instagram), TikTok, and other platforms. To measure performance we use conversion pixels and tags from these providers, plus Google Analytics. These tools may set cookies in your browser and report back:

  • That you clicked one of our ads, viewed certain pages, or submitted a form.
  • A hashed (one-way encrypted) version of your email or phone — used only to match conversions, never to read your contact info.
  • Aggregated audience characteristics so we can show our ads to people similar to our existing visitors.

We do not transmit medical condition, diagnosis, or treatment data to ad networks. Pixels on sensitive pages (e.g., specific health concerns) are configured to send only generic pageview signals, not URL keywords that could reveal health status. We continue to audit this configuration to align with HHS / OCR guidance on online tracking technologies.

You can opt out of personalized ads at: Google Ads Settings, Meta Ad Preferences, TikTok Ad Settings, and optout.aboutads.info. Most browsers also let you send a Global Privacy Control signal, which we honor as an opt-out of sale/sharing.

7. Cookies & similar technologies

We use first-party cookies to keep the site functional (e.g., remembering you're logged into the admin) and third-party cookies for analytics and advertising as described above. You can clear or block cookies in your browser settings; blocking them may break booking or login features.

8. How we share information

We share information only with:

  • Service providers bound by contract to handle data on our behalf — EHR/booking, payment processing, SMS/email delivery, cloud hosting, analytics, ad measurement.
  • Pharmacies, labs, and referring providers as needed for your care, per HIPAA.
  • Financing partners (Cherry, PatientFi) only when you choose to apply.
  • Legal authorities when required by subpoena, court order, or to protect rights and safety.
  • A successor entity in the event of a merger, acquisition, or sale of assets — your information would continue to be protected by this Policy or one materially similar.

We do not sell personal information for money.

9. Your rights & choices

Depending on where you live, you may have the right to:

  • Request a copy of personal information we hold about you.
  • Correct inaccurate information.
  • Delete information (subject to legal/medical record retention requirements — Arizona requires us to keep adult medical records for at least 6 years).
  • Opt out of marketing email, SMS, and targeted advertising.
  • Withdraw a previously given consent (e.g., photo release).
  • Appeal a denied request.

California residents (CCPA/CPRA), Colorado, Connecticut, Virginia, and other state-law residents have specific rights, including the right to opt out of "sharing" for cross-context behavioral advertising. To exercise any right, email concierge@tuluamedspa.com or call (480) 485-4975. We will verify your identity before responding and reply within 45 days.

10. Security & retention

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data — encryption in transit (HTTPS/TLS), encryption at rest in our database and EHR, access controls, audit logging, and staff HIPAA training. No system is perfectly secure; we will notify you of a breach affecting your information as required by law.

We keep marketing data only as long as needed for the purpose described, then delete or de-identify it. Medical records are retained per Arizona law and our HIPAA Notice.

11. Children

Our services are for adults 18 and over. We do not knowingly collect information from anyone under 18 on this website. If you believe a minor has provided information to us, contact concierge@tuluamedspa.com and we will delete it.

12. Changes to this Policy

We may update this Policy as our services, the law, or industry best practices evolve. Material changes will be posted here with a new "Last updated" date, and — when required — communicated by email or SMS to active patients.

13. Contact us

Privacy questions, requests, and complaints:

Tulua Medical, LLC
Attn: Privacy Officer
3303 S Lindsay Rd Suite 124
Gilbert, AZ 85297
concierge@tuluamedspa.com · (480) 485-4975

Looking for our HIPAA Notice of Privacy Practices? Request a copy at concierge@tuluamedspa.com or ask the front desk at your next visit. See also our FAQ.

Shantel White, DNP on the cover of WomenMag — May 14, 2026

— As Featured In

WomenMag · Cover Story

"Shantel White is leading the future of luxury wellness — with integrity, innovation, and authentic patient-centered medical expertise."

Read the Feature →

Google Reviews

What our patients say

Latest from Tulua

What's new at the studio

From our Google profile

Inside Tulua Medical

Medspa Board Certified 2026 — Tulua Medical

— A first for Arizona

Arizona's first
Medspa Board Certified practice.

Tulua Medical is officially Medspa Board Certified (2026) — the first and only certified med spa in Arizona, and only the second on the entire West Coast. The certification recognizes practices that meet rigorous standards for clinical safety, transparent licensure, and evidence-based care.

— Financing

Pay over time with PatientFi.

Flexible monthly payment plans for any treatment at Tulua — checking your rate takes 60 seconds and won't affect your credit score.

Apply for Financing

Powered by PatientFi · No impact to credit

Shantel White, DNP, FNP-C — founder of Tulua Medical

— Founder

Shantel White,
DNP, FNP-C.

Vanderbilt-trained, doctoral-prepared nurse practitioner (DNP, FNP-C) and one of the few Level II Acne Specialists in the country. Her work spans medical aesthetics, regenerative medicine, hormone optimization, and holistic weight loss — always rooted in evidence-based, science-backed care.

Trained through BHRT University, HRT University, and a member of The Menopause Society.

Read her story →