Forbidden Well

Legal

Privacy Policy

Last updated: April 6, 2026

1. Overview

Forbidden Well (“Forbidden Well,” “we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of individuals who interact with our brand, visit our website, or receive services at our locations.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

  • Visit our website (forbiddenwell.com)
  • Book or receive wellness or spa services at our facility
  • Interact with our scheduling, intake, and communication tools
  • Receive non‑clinical services coordinated through Forbidden Well

Forbidden Well operates as a management services organization and luxury wellness brand. Independent professional medical practices and their licensed clinicians are solely responsible for any medical or clinical services. Forbidden Well does not practice medicine or provide professional medical services.

By accessing our website or using services coordinated through Forbidden Well, you consent to the practices described in this Privacy Policy.

2. What This Policy Covers

This Privacy Policy applies to information:

  • Collected through forbiddenwell.com and related digital touchpoints
  • Collected during bookings, check‑ins, and service encounters at our location
  • Collected via SMS, email, and other communications with Forbidden Well

To the extent we support independent professional medical practices (for example, through scheduling, intake, or administrative services), some information may also be subject to those practices’ own privacy terms or Notices of Privacy Practices. Clinical records and medical decision‑making are controlled by the independent professional practices, not Forbidden Well.

3. Information We Collect

We collect information necessary to operate our business, coordinate services, and support independent professional practices. This may include:

A. Personal Information

  • Name
  • Email address
  • Phone number
  • Date of birth
  • Mailing or billing address

B. Health & Service Information

When you complete intake or booking forms, or receive services, we may collect:

  • Health questionnaires and intake responses
  • Service history and preferences
  • Notes related to services performed at our facility
  • Information you choose to share about goals, sensitivities, and prior experiences

For any clinical services, additional health information may be collected by or on behalf of independent professional practices and their clinicians. Those entities are responsible for their own clinical records and compliance obligations.

C. Payment Information

  • Billing details and transaction history
  • Limited payment method information (for example, last four digits or tokenized payment identifiers)

Payments are processed through secure third‑party providers. Forbidden Well does not store full credit card numbers.

D. Communication Data

  • Emails and email subscription preferences
  • SMS messages and messaging consent status
  • Phone call details and customer service notes
  • In‑person communications documented by staff (for example, service notes, preferences, or requests)

E. Website Usage Data

  • IP address and approximate location
  • Device and browser type
  • Pages visited, time on page, and clickstream data
  • Cookies and similar tracking technologies used to support site functionality, analytics, and experience optimization

4. How We Use Your Information

We use the information we collect for legitimate business and operational purposes, including to:

  • Provide, coordinate, and manage wellness and spa services
  • Support scheduling, rescheduling, and confirming appointments
  • Facilitate intake workflows and prepare for your visit
  • Process payments, handle billing questions, and maintain financial records
  • Communicate with you about bookings, updates, promotions, and general inquiries
  • Improve our services, customer experience, and website performance
  • Support administrative functions for independent professional practices we work with
  • Comply with legal, regulatory, tax, and recordkeeping obligations
  • Help prevent fraud, misuse, or security incidents

Where required, we rely on your consent (for example, certain marketing communications) and you may withdraw that consent as described in this Policy.

5. SMS Communications

If you provide your mobile number and opt in to receive text messages, we may send SMS or MMS communications related to:

  • Appointment confirmations and reminders
  • Arrival instructions and follow‑up communications
  • Billing, account, or scheduling notifications
  • Occasional promotions or marketing messages if you have opted in for marketing

Message frequency may vary. Standard message and data rates may apply, depending on your mobile plan.

You may opt out of marketing texts at any time by replying “STOP” to any message.

For assistance, reply “HELP” or contact us using the information on our website.

We do not sell or rent your phone number or SMS consent data to third parties for their own marketing purposes.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain core site functionality and security
  • Remember your preferences and improve user experience
  • Understand how visitors use our website (for example, pages viewed, navigation patterns)
  • Support basic analytics and performance measurement

You can control or disable cookies through your browser settings. If you disable certain cookies, some features of the website may not function properly.

We do not use cookies or tracking technologies to sell your personal information.

7. Sharing of Information

We do not sell or rent personal information. We may share information only as reasonably necessary to operate our business, including:

Service Providers

With trusted third‑party vendors who assist with operations such as scheduling, payment processing, messaging, email delivery, data hosting, analytics, security, and customer support.

Independent Professional Practices and Clinicians

With independent professional practices and their licensed clinicians as needed to coordinate services, scheduling, intake, and non‑clinical support. Those practices are responsible for their own treatment decisions, clinical documentation, and compliance.

Legal and Compliance

When required to comply with applicable laws, regulations, court orders, or legal processes, or to respond to lawful requests from authorities.

Business Transfers

In connection with a merger, acquisition, reorganization, asset sale, or similar corporate transaction, subject to appropriate confidentiality protections.

With Your Consent

When you explicitly authorize us to share information for a specific purpose.

We take steps to ensure that service providers only use information as necessary to perform services on our behalf.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, or disclosure. These measures may include:

  • Role‑based access controls
  • Secure systems and networks
  • Encrypted data transmission where appropriate
  • Staff training and confidentiality expectations
  • Vendor due diligence and contractual safeguards

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.

9. Telehealth & Electronic Communications

If you participate in telehealth‑related interactions that are coordinated or supported through systems used by Forbidden Well, you consent to the use of electronic communication platforms such as video, audio, SMS, and email.

We take reasonable steps to protect confidentiality within these tools.

Additional telehealth or treatment‑specific consents, including any provider practice terms, may apply and should be reviewed at the time of use.

Clinical decisions and clinical records are controlled by the independent professional practices and their licensed clinicians.

Electronic communications may not always be fully secure; you should avoid transmitting highly sensitive information via unencrypted channels when possible.

10. Your Rights and Choices

Depending on applicable law and the context of your interaction with us, you may have the right to:

  • Request access to certain personal information we maintain about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your information, subject to legal, regulatory, and recordkeeping requirements
  • Withdraw consent for certain processing (for example, marketing communications), without affecting prior lawful use
  • Manage your communication preferences (for example, unsubscribe from marketing emails, opt out of marketing SMS)

We may need to verify your identity before responding to certain requests. We may also retain information where we have a legal obligation, a legitimate business need, or where records are required for bookkeeping, dispute resolution, or compliance.

For clinical records maintained by independent professional practices, requests may need to be directed to the applicable practice or clinician.

11. Data Retention

We retain personal information only for as long as reasonably necessary to:

  • Provide and support services
  • Maintain accurate business and financial records
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements
  • Support internal analytics, planning, and security

Retention periods may vary based on the type of information, the nature of the services, and applicable law. Clinical records retention may be governed by separate obligations of the independent professional practices.

12. Third-Party Links

Our website may contain links to third‑party websites, applications, or platforms that are not operated or controlled by Forbidden Well. We are not responsible for the privacy practices, security, or content of those third parties. You should review their privacy policies and terms before providing information or using their services.

13. Children and Minors

Our website and services are not directed to children who are not legally permitted to consent to services on their own. If a minor receives services that require the involvement of a parent, guardian, or other authorized representative, additional documentation and consents may be required through the applicable professional practice.

If we become aware that personal information has been collected from a child in a way that is inconsistent with applicable law, we will take appropriate steps to address it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our operations, services, legal requirements, or technology. When we make material changes, we will revise the “Last updated” date at the top of this page. The updated Policy is effective when posted unless stated otherwise.

Your continued use of our website or services after an update is posted indicates that you have read and understood the revised Privacy Policy.