Privacy Policy
This Privacy Policy describes how Monti Institute of Neuro Aesthetics collects, uses, protects, and respects your personal information when you interact with our website, contact our team, or receive care at our practice. Effective Date: July 1, 2026. Last Reviewed: July 11, 2026.
1 Scope & Who This Policy Covers
This Privacy Policy applies to all individuals who visit the Monti Institute of Neuro Aesthetics website at monti-institute.com (the “Site”), submit inquiries or contact forms, request consultations, engage with our scheduling systems, or otherwise interact with our digital presence. It applies regardless of whether you are an existing patient, a prospective patient, or a general visitor.
This policy governs data collected through our website and digital communication channels only. Protected Health Information (PHI) collected during formal clinical intake, treatment, and ongoing care is governed separately by our HIPAA Notice of Privacy Practices, provided to all patients at registration and available upon request.
By using this Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of this Site.
2 Information We Collect
We collect information through three channels: information you provide directly, information collected automatically through your use of the Site, and information collected through third-party tools integrated into this Site.
2a. Information You Provide Directly
- Contact and identity information — your first and last name, email address, telephone number (including mobile number), and mailing address when voluntarily submitted through our contact form, scheduling request, or any other inquiry channel.
- Inquiry type and appointment preference — the nature of your inquiry (e.g., neurological consultation, aesthetic treatment, infusion therapy), your preferred appointment type, and the content of any message you submit to our team.
- Communications — records of correspondence between you and our team, including email exchanges, form submissions, and responses to our communications.
- Consent records — a record of any consents or permissions you grant when interacting with this Site, including consent to SMS communications.
2b. Information Collected Automatically
- Usage data — pages visited, time spent on pages, navigation paths, referring URLs, browser type, operating system, and screen resolution.
- IP address and approximate location — used to understand geographic reach and to protect against fraudulent or unauthorized access attempts.
- Cookies and similar technologies — small data files placed on your device to enhance Site functionality, remember preferences (including Migraine Mode / dark theme settings), and support analytics. See Section 3 for full details.
- Booking overlay data — if you interact with any third-party scheduling or booking widget embedded in this Site, that widget may collect its own data subject to the third party’s privacy policy. We will identify such widgets where they appear.
2c. Information We Do Not Collect Through This Site
We do not collect payment card numbers, Social Security numbers, insurance information, or Protected Health Information through this website. These categories of data are collected only through our secure clinical intake system, which operates under separate HIPAA controls and is not governed by this policy.
3 Cookies & Tracking Technologies
This Site uses the following categories of cookies and similar technologies:
- Strictly necessary cookies — required for the Site to function. These include session management and security tokens. These cannot be disabled without disrupting Site functionality.
- Functional / preference cookies — store your display preferences, including your Migraine Mode (dark theme) setting, so your chosen experience persists across sessions. These are stored in your browser’s
localStorageand do not transmit personal data to external servers. - Analytics cookies — if we use a third-party analytics service (such as Google Analytics), these cookies collect anonymized or pseudonymized data about how visitors use the Site. No personally identifiable information is shared with analytics providers without your explicit consent.
- Third-party widget cookies — our patient scheduling overlay and live chat support tool (NextivaCX) may set their own cookies. These are governed by the respective third parties’ privacy policies. We recommend reviewing those policies if you interact with these tools.
You may control cookies through your browser settings. Disabling certain cookies may affect Site functionality. We do not respond to Do Not Track (DNT) browser signals at this time, as no uniform standard for DNT compliance has been established.
4 How We Use Your Information
We use information collected through this Site solely for the following purposes:
- Responding to inquiries — to review and respond to contact form submissions, scheduling requests, and general enquiries.
- Appointment coordination — to confirm, schedule, modify, or cancel consultations and treatment appointments, and to send pre-appointment information.
- SMS and email communications — to send appointment reminders, scheduling updates, and, where explicitly consented, practice news and wellness information. See Section 6 for full SMS disclosure.
- Site improvement — to analyze usage patterns and improve the content, navigation, accessibility, and performance of this Site.
- Security — to detect, investigate, and prevent unauthorized access, fraud, or abuse of this Site or our systems.
- Legal compliance — to comply with applicable laws, regulations, and lawful requests from governmental authorities.
We do not use personal data collected through this website for automated profiling, behavioral advertising, or any purpose beyond those listed above without your express prior consent.
5 Data Security Standards
5a. Web Inquiries & Contact Form Data
Data submitted through this website’s contact form is transmitted over encrypted HTTPS connections (TLS 1.2 or higher). Form submissions are received by our administrative team through access-controlled internal channels. We employ industry-standard administrative, physical, and technical safeguards to protect this data from unauthorized access, disclosure, or loss.
Important limitation: Email and web-based communications are not fully secure channels. We strongly advise against including sensitive personal health information, insurance details, medication lists, or other Protected Health Information in web form submissions or emails prior to the establishment of a formal provider-patient relationship. Our contact form is intended for scheduling inquiries and general questions only.
5b. Secure Patient Portal & Clinical Records
Once a formal provider-patient relationship is established, clinical records, health history, treatment documentation, and billing information are managed exclusively through our HIPAA-compliant Electronic Health Record (EHR) platform. This platform operates under a separate Business Associate Agreement (BAA) and full HIPAA Security Rule compliance, including:
- End-to-end encryption of data in transit and at rest
- Role-based access controls limiting data access to authorized clinical staff only
- Audit logging of all access to patient records
- Regular risk assessments and security training for all staff with data access
- Breach notification protocols meeting HIPAA requirements
The security standards governing your clinical records are entirely separate from and more stringent than those governing website contact form submissions.
5c. Data Retention
Contact form submissions and web inquiry data are retained for the period necessary to fulfill the purpose for which they were collected (typically the duration of your inquiry or pre-appointment coordination) and for such additional period as may be required by applicable law. Data that is no longer required for its original purpose is securely deleted or anonymized.
6 SMS & Text Messaging Consent Disclosure
This section governs all mobile text message (SMS/MMS) communications between you and Monti Institute of Neuro Aesthetics. It is compliant with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, and applicable wireless carrier requirements.
6a. How Consent Is Obtained
By providing your mobile telephone number through our contact form, scheduling system, clinical intake process, or any other channel, and checking the applicable SMS consent box or otherwise affirmatively indicating your agreement, you expressly consent to receive text messages from Monti Institute of Neuro Aesthetics. The types of messages you may receive include:
- Appointment confirmation, reminder, and modification messages
- Pre-appointment preparation instructions
- Post-appointment follow-up communications
- Prescription or infusion scheduling updates
- Practice announcements and wellness updates (only where separately consented)
Consent to receive text messages is never required as a condition of receiving medical care at this practice. Patients who decline SMS consent will continue to receive the same standard of care through alternative communication methods.
6b. Your SMS Data Will Not Be Sold or Shared
Monti Institute of Neuro Aesthetics makes the following firm commitments regarding your SMS and mobile phone data:
- We will never sell your mobile phone number or SMS opt-in data to any third party for any purpose.
- We will never share your mobile data with third-party marketing agencies, advertising networks, data brokers, or affiliates for their independent commercial use.
- We will not use your mobile number for any purpose other than the categories of communications described in Section 6a above without obtaining separate, explicit consent.
- Your SMS consent data is maintained internally and is disclosed to third parties only where strictly necessary to transmit messages (e.g., our SMS platform provider), under contractual data processing agreements that prohibit secondary use.
6c. Message Frequency & Costs
Message frequency varies based on your appointment schedule and communication preferences. Standard appointment reminder protocols typically generate one to three messages per scheduled appointment. Message and data rates may apply depending on your mobile carrier and plan.
6d. How to Opt Out
You may revoke SMS consent and opt out of text communications at any time by:
- Replying STOP to any text message from our practice — your number will be removed from our SMS system within 24 hours
- Contacting our administrative team at admin@monti-institute.com with a written opt-out request
- Notifying your care coordinator verbally or in writing at your next appointment
After opting out, you will receive a single confirmation message. You will not receive further text communications unless you subsequently provide new consent. Opting out of SMS does not affect your clinical care or your ability to receive communications through other channels (email, phone).
6e. Help
For assistance with SMS communications, reply HELP to any text from our practice, or contact us directly at admin@monti-institute.com.
7 Data Sharing & Third Parties
We do not sell, rent, lease, or trade your personal information. We share data only in the following limited and necessary circumstances:
- Service providers — third-party vendors who assist with website hosting, email delivery, SMS messaging, scheduling, and analytics, under contractual data processing agreements that prohibit them from using your data for any purpose other than providing services to us.
- Legal compliance — where required by law, regulation, court order, or government authority, or to protect the rights, safety, or property of our practice, staff, or patients.
- Business transitions — in the event of a merger, acquisition, or sale of practice assets, personal data may be transferred to a successor entity, subject to the same privacy protections described in this policy. You will be notified of any such transfer.
- With your explicit consent — for any purpose not described above, we will seek and obtain your express prior consent before sharing your data.
We do not share personal data with pharmaceutical companies, medical device manufacturers, insurance companies, advertising networks, or any other commercial third party for marketing, research, or revenue-generating purposes.
8 Your Data Rights — CCPA & GDPR Alignment
We respect and support data rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the principles of the European Union General Data Protection Regulation (GDPR), regardless of where you reside.
8a. Right to Know / Access
You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for which it was collected, and the categories of third parties with whom it has been shared.
8b. Right to Deletion
You have the right to request deletion of personal information we have collected from you, subject to limited exceptions where retention is required by law, necessary to complete a transaction you initiated, or needed for certain internal operational purposes. Note that deletion requests apply to website-collected data only; requests for deletion of clinical records are governed by HIPAA and Nevada medical records law.
8c. Right to Correction
You have the right to request correction of inaccurate personal information we hold about you.
8d. Right to Opt Out of Sale or Sharing
We do not sell or share personal information for cross-context behavioral advertising. You therefore have no sale to opt out of. We disclose this explicitly in compliance with CCPA requirements.
8e. Right to Non-Discrimination
We will not discriminate against you for exercising any of your data rights. Exercising your rights under this policy will not affect the quality, price, or availability of services offered by this practice.
8f. GDPR Legal Basis (EU/EEA Residents)
For individuals in the European Union or European Economic Area, we process personal data on the following legal bases under Article 6 of the GDPR:
- Consent — for SMS communications, marketing emails, and optional data processing activities where we have sought and obtained your affirmative consent.
- Legitimate interests — for website analytics, security monitoring, and internal operational purposes, where our interests do not override your fundamental rights.
- Legal obligation — where processing is required to comply with applicable law.
EU/EEA residents also have the right to data portability, the right to lodge a complaint with a supervisory authority, and the right to object to processing based on legitimate interests.
8g. How to Exercise Your Rights
To exercise any of the rights described above, submit a written request to:
Monti Institute of Neuro Aesthetics — Privacy Request2440 Vassar Street, Suite 3, Reno, NV 89502
admin@monti-institute.com
We will acknowledge your request within 10 business days and respond substantively within 45 days. Where an extension is required, we will notify you within the initial 45-day period. We may request verification of your identity before processing your request.
9 Children’s Privacy
This website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information. If you believe we have inadvertently collected such information, please contact us at admin@monti-institute.com.
Individuals between the ages of 13 and 17 should not submit personal information through this Site without parental or guardian consent. Clinical care for minor patients is coordinated directly through our practice with appropriate parental consent and follows all applicable state law requirements.
10 Additional Disclosures for California Residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents are entitled to the following additional disclosures:
- Categories of personal information collected in the past 12 months: Identifiers (name, email, phone, IP address); commercial information (inquiry type, appointment preferences); internet activity (browsing behavior on this Site); geolocation data (approximate, based on IP).
- Business purpose for collection: Appointment scheduling, inquiry response, Site improvement, security, and legal compliance.
- Categories of sources: Directly from you; automatically through your use of this Site; from third-party tools integrated into this Site (scheduling widget, chat support).
- Categories of third parties with whom data is shared: Service providers (hosting, email, SMS, analytics) under data processing agreements. No sale or sharing for commercial purposes.
- Sensitive personal information: We do not collect sensitive personal information as defined by CPRA through this website. Sensitive health information is collected and protected under HIPAA through our clinical intake process.
To submit a CCPA/CPRA request, contact us using the information in Section 8g above. You may also designate an authorized agent to submit requests on your behalf.
11 Updates to This Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or technology. When we make material changes, we will update the “Last Reviewed” date at the top of this page. We encourage you to review this policy periodically. Continued use of this Site following any update constitutes acceptance of the revised policy.
For significant changes affecting how we handle your personal data, we will make reasonable efforts to provide direct notice via email if you have provided one, or through a prominent notice on this Site.
12 Contact & Privacy Officer
Questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data should be directed to:
Monti Institute of Neuro AestheticsPrivacy & Compliance
2440 Vassar Street, Suite 3
Reno, NV 89502
admin@monti-institute.com
We are committed to resolving privacy concerns promptly and transparently. If you are not satisfied with our response, you have the right to file a complaint with the appropriate supervisory authority in your jurisdiction. California residents may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.