Privacy Policy | Dantara Thai Wellness & Spa

Effective: October 28, 2025

Introduction

Dantara Thai Wellness & Spa ("Dantara", "we", "us", or "Controller") respects your privacy and is committed to protecting the personal data we collect. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we retain it, the rights available to Texas residents under the Texas Data Privacy and Security Act (TDPSA), and how to exercise those rights. This policy applies to data collected through our website, booking platform(s), Dantara Assistant Bot, in‑person intake forms, apps (if any), and other interactions with Dantara.

Controller & Contact

Controller: Dantara Thai Wellness and Spa, 18810 Preston Rd, Dallas, TX 75252, USA.
Privacy contact: privacy@dantaraspa.com

I. Categories of Personal Data We Collect

Data Category	Source / Collection Method	Purpose of Collection
Identifiers (name, email, phone, postal address)	Contact forms, booking system (Fresha), Dantara Assistant Bot, in‑person intake	Communicate with you, manage appointments, billing, and provide services.
Internet/Network Activity (IP, device/browser, pages visited)	Website requests, server logs, analytics	Monitor traffic, analyze performance, secure site, and improve functionality.
Cookies & Similar Technologies	Site scripts and third‑party services	Site functionality, preferences, analytics, and advertising as described below.
Inferences / Targeting	Analytics, advertising platforms	Market research, segmentation, personalized advertising.
Sensitive Data (health information)	Fresha intake forms, in‑person intake	Ensure treatment safety — processed only with explicit consent.

Retention (summary): Appointment/transaction records — 7 years; marketing records — until consent withdrawal or 3 years; analytics data — 13 months; sensitive health data — retained only as necessary for treatment and recordkeeping.

II. How We Use Personal Data

Provide, manage, and improve services and the website.
Process bookings, payments, confirmations, and reminders.
Respond to inquiries and provide customer support.
Detect and prevent fraud and security incidents.
Conduct analytics and measurement to improve user experience.
Deliver and measure advertising where not opted out.
Generate internal, non-public safety & technique guidance: We may use aggregated or de‑identified portions of intake data (e.g., areas to avoid, treatment preferences) to create internal therapist guidance that helps tailor safe and appropriate services. This data is not sold, is not used for third‑party advertising, and is not used to train publicly available AI models.

III. Sharing & Third‑Party Processors

We engage trusted service providers (processors) to perform services on our behalf under written agreements that require appropriate security measures. Primary processors include:

Microsoft — hosting and secure storage (bot infrastructure).
Fresha — bookings and intake platform.
Google — analytics and advertising (Google Analytics 4, Ads).

We maintain Data Processing Agreements with our processors and use appropriate safeguards for any cross‑border transfers.

IV. TDPSA Consumer Rights (Texas Residents)

Texas residents have the following rights under the TDPSA, subject to statutory exceptions:

Access: Confirm whether we process your personal data and obtain a copy.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion (subject to exceptions such as recordkeeping obligations).
Opt‑Out: Opt out of targeted advertising, sale, or certain profiling.
Portability: Receive certain personal data in a portable format.
Appeal: Appeal a denied request.

Verification & timing: We will verify requests using reasonable methods (for example, verifying account email or recent appointment date) and respond within 45 days (may extend for an additional 45 days where necessary). Contact details are below.

V. Consent & Sensitive Data

We process sensitive health information only with explicit, affirmative consent. Example intake language we use:

I consent to Dantara Thai Wellness and Spa collecting and processing my health information (including allergies, medical conditions, and treatment notes) necessary to provide services and manage my appointments. I understand I may withdraw this consent at any time by contacting privacy@dantaraspa.com.

Internal guidance use (optional): We may separately use limited, de‑identified elements of intake data (such as treatment preferences or regions marked for caution) to refine internal service safety and technique selection for staff. This processing is confined to quality and safety improvement, excludes payment details, and is never sold or shared externally for advertising. You may opt out of this internal guidance use at any time by emailing privacy@dantaraspa.com; opting out will not affect your ability to receive services.

VI. Cookies, Tracking & Analytics (Detailed)

Google Analytics 4 (GA4): We use GA4 to collect aggregated usage information to help improve our site. Our current GA4 implementation is configured to avoid placing analytics cookies on visitors’ devices (cookieless measurement and/or server‑side collection). In other words, the site does not set Google analytics cookies such as _ga, _gid, or _gat from the client-side script. Google may still receive technical request data (for example, an anonymized or truncated IP address) when analytics events are sent. Analytics data is retained for up to 13 months.

Third‑party embeds: Some embeds (review widgets, Fresha booking pages, maps, and other third parties) may set their own cookies or collect data under their policies. We do not control third‑party cookies; please review their privacy notices for details.

Global Privacy Control (GPC): We honor GPC signals and similar universal opt‑out signals wherever technically feasible. If a valid GPC signal is detected, we will not set non‑essential cookies and will treat it as a request to opt out of targeted advertising.

How to opt out

Use browser privacy settings or extensions that block analytics/tracking.
Use the Global Privacy Control (GPC) browser signal — we honor it where feasible.
Install Google’s Analytics Opt‑out Browser Add‑on: https://tools.google.com/dlpage/gaoptout/
Send an opt‑out request to privacy@dantaraspa.com.

Cookie summary (current implementation)

If your implementation remains cookieless for analytics, publish exactly which cookies are present. Example summary for a cookieless analytics setup:

Analytics cookies: None set by Dantara (GA4 configured for cookieless measurement / server‑side collection).
Necessary/functional cookies: The site may use strictly necessary cookies for site operation (session tokens, UI preferences).
Advertising cookies: Not set by Dantara unless you opt into marketing; third‑party partners may set cookies when you interact with their services.

VII. Security

HTTPS/TLS for data in transit
Access controls, authentication, and role‑based access
Least‑privilege data access and audit logging
Vendor management and Data Processing Agreements with processors

VIII. Children

Our site is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact privacy@dantaraspa.com to request removal.

IX. International Transfers

Personal data processed by our service providers may be transferred to the United States and other countries. Where required, we implement appropriate safeguards (for example, contractual protections) for lawful transfers.

X. Changes to this Policy

We may update this policy to reflect changes in our practices or legal obligations. Material changes will be posted with a revised effective date and, where practical, notified to users.

XI. Contact & Appeals

Email: privacy@dantaraspa.com
Web form / opt‑out anchor: /privacy.html#opt-out
Mail: Dantara Thai Wellness and Spa, Attn: Privacy Compliance, 2535 W Division St Suite A2, Arlington, TX 76012

If you are not satisfied with our response to a privacy request, Texas residents may contact the Office of the Attorney General for the State of Texas.

Definitions

Controller: the party that determines purposes and means of processing (Dantara).
Processor: a party that processes personal data on behalf of the controller.
Sensitive data: e.g., health information or medical conditions.

To opt out of targeted advertising or to make a TDPSA request:

Email to Opt-Out / Submit Request

Last updated: October 28, 2025. If you need a copy of this policy in another format, contact privacy@dantaraspa.com.