1. Who we are

LocateLuxe (“LocateLuxe,” “we,” “our,” “us”) operates the website at locateluxestaging.kinsta.cloud (the “Site”) and the related membership platform (the “Service”). The Service is a lifestyle curation platform for healthcare professionals; it is not a medical service and does not handle Protected Health Information (PHI) under HIPAA.

Questions, requests, or complaints: privacy@locateluxe.com.

2. What information we collect

We collect the following categories of personal information:

• Account information — name, email, password, role/profession, city.
• Profile information you provide — specialty, schedule, lifestyle preferences, budget range, interests, dietary notes. This powers your personalized curation from Zaha.
• Communications — messages you send to us, support tickets, community posts, and your interactions with our newsletter (After Rounds).
• Payment information — handled by Stripe. We never see or store your full card number; we receive a token and the last four digits for receipts.
• Usage and device data — IP address, browser, pages viewed, links clicked, session duration. Collected via standard server logs and cookies.
• Cookies & similar technologies — see §7 for details.

3. How we use your information

• To provide the Service — including Zaha’s personalized biweekly drops, member directory, community access, and provider connections.
• To send transactional emails (account confirmations, billing receipts, password resets) and editorial emails (After Rounds, member announcements). You can opt out of editorial emails at any time without affecting transactional ones.
• To improve the Service — analytics on which features members use, where they drop off, what they ask Zaha for.
• To prevent fraud and abuse, enforce our terms, and comply with legal obligations.

We do not sell your personal information. We do not share it with advertisers for behavioral targeting. Zaha’s curation runs on your data exclusively for your benefit.

4. How we share your information

We share data only with vendors that help us operate the Service, only to the extent each one needs:

• Stripe — payment processing. Subject to Stripe’s privacy notice.
• Kinsta — hosting and infrastructure (US-based servers).
• Email service providers — transactional and editorial email delivery.
• Anthropic (Zaha) — the AI concierge runs on Anthropic’s Claude API. Profile data is sent at curation time so Zaha can write personalized recommendations. Anthropic does not train models on this data.
• Vetted providers in the directory — only when you explicitly choose to book or be introduced. The provider receives only the information you authorize.
• Legal & safety — we may disclose information to comply with a lawful court order, subpoena, regulatory inquiry, or to investigate suspected fraud or abuse of the Service.

5. Data treatment & processing

This section is the technical companion to §3 and §4. It states the lawful basis, retention period, and destination for each category of personal data we process:

Data category	Purpose	Lawful basis	Retention	Shared with
Account & profile	Service delivery, Zaha curation	Contract with you	For the life of your account + 30 days after deletion request	Anthropic (Zaha), Kinsta
Payment metadata	Billing, receipts, fraud prevention	Contract; legal obligation	7 years (US tax retention)	Stripe
Communications & community posts	Provide community, support members	Contract; legitimate interests	Until you delete the post or your account	Other community members (if you post publicly)
Usage & analytics	Improve the Service, debug issues	Legitimate interests	26 months	Internal only; aggregated
Newsletter (After Rounds)	Send the editorial newsletter	Consent (you opted in)	Until you unsubscribe	Email service provider

6. Your rights

Regardless of where you live, you can:

• Access the personal information we hold about you.
• Correct inaccurate information directly in your dashboard or by emailing us.
• Delete your account and associated data — we’ll erase your profile within 30 days; backups roll over within 90 days.
• Export your data in a portable JSON file.
• Opt out of editorial emails at any time. Transactional emails (receipts, security) cannot be opted out of while you have an active account.

California residents (CCPA / CPRA): you have the additional right to know the specific categories of personal information we’ve collected about you in the past 12 months, the right to opt out of any “sale” or “sharing” of personal information (we don’t do either), and the right to non-discrimination for exercising these rights.

EU/EEA/UK residents (GDPR / UK GDPR): you also have the right to object to processing based on legitimate interests, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

Submit any request to privacy@locateluxe.com. We’ll respond within 30 days.

7. Cookies & tracking

We use a small number of cookies, grouped as follows:

• Strictly necessary — session cookies that keep you logged in. Cannot be disabled while using the Service.
• Functional — remember your preferences (e.g. preferred city, dismissed banners).
• Analytics — first-party usage measurement. No third-party advertising trackers.

You can clear cookies in your browser settings at any time. Doing so will log you out and reset your preferences.

8. Security

We use TLS in transit, encryption at rest for sensitive fields, role-based access control internally, and standard incident-response practices. No system is perfectly secure; if we discover a breach affecting your information, we will notify you and the appropriate regulators within the legally required timeframe.

9. Children’s privacy

The Service is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe we have, please contact us so we can delete it promptly.

10. International data transfers

LocateLuxe operates from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US under Standard Contractual Clauses or equivalent mechanisms.

11. Changes to this policy

We may update this policy as the Service evolves. We’ll post the new version with an updated “Last updated” date and, for material changes, notify active members by email at least 14 days before the change takes effect.

12. Contact

Privacy questions and rights requests: privacy@locateluxe.com
General contact: /contact

This page is provided as plain-English summary of how we treat your data. It is not legal advice. If you require a formal legal review or jurisdiction-specific addendum, contact us.