Last Updated: October 20, 2025

Your privacy matters to us. This Privacy Policy explains what information Stoller Medical Group d/b/a Hair Doctor NYC (“Hair Doctor NYC,” “we,” “us,” or “our”) collects on hairdoctornyc.com (the “Site”), how we use it, who we share it with, and the choices you have.

By using the Site, submitting forms, scheduling, texting with us, or making a payment, you agree to this Privacy Policy.

1) Scope & Relationship to HIPAA

Some information we collect through the Site (e.g., when you complete a consultation request, patient intake, or medical history form) may be health-related. We safeguard this information and use it as described here.
Note: If you become a patient, your protected health information (PHI) may also be governed by our HIPAA Notice of Privacy Practices, which we provide at or before treatment and on request. This website Privacy Policy is separate from the HIPAA Notice.

2) The Forms We Use & What We Collect

We collect information you provide directly to us through the Site, including (as applicable):

• • Contact Us Form – name, email, phone, message content.

  • Consultation Request / Virtual Consultation Form – name, email, phone, date of birth, hair-loss history, goals, prior treatments/surgeries, preferred location/provider, availability, photo uploads (if any), and other details you choose to share.

  • Appointment Request / Reschedule / Cancellation Forms – name, contact info, appointment details/preferences, reasons for visit or rescheduling.

  • Patient Intake / Medical History Questionnaire – demographic details (e.g., DOB), health history relevant to hair restoration, medications, allergies, prior procedures, lifestyle factors, and other clinical intake responses.

  • Credit Card Authorization / Payment Form – cardholder name, billing address, zip/postal code, email/phone, payment amount, and card details entered into a secure payment field (see §5 “Payments & Security”).

  • Financing Inquiry / Pre-Qualification (if offered) – contact info and any financing inputs required by our financing partner(s).

  • Photo/Media Uploads – images and/or short videos you upload for evaluation.

  • Newsletter/Marketing Signup – name and email (and preferences).

  • Website Chat or Messaging Widgets – any information you type into the chat, plus your contact info if you provide it.

SMS/Phone/Email Follow-Ups. If you provide your phone number or email, you authorize us to contact you by call, text, and/or email for scheduling, reminders, follow-ups, and marketing (where permitted). Message/data rates may apply. You can opt out of marketing texts at any time by replying STOP.

3) Categories of Information We Collect

A. Personal Information you provide

• • • • Identifiers & Contact: name, email, phone, address, DOB.

      • Medical/Consultation Inputs: health history related to hair restoration, photos you upload, treatment goals.

      • Payment Details: see §5 (processed via secure third-party processor; we do not store full card numbers on our servers).

      • Communications: messages, call recordings (if applicable), scheduling details, preferences, reviews/testimonials (if given).

B. Automatically collected (Non-Personal or Device) Information

• • • • Technical Data: IP address, device type, browser/version, operating system, referring/exit pages, timestamps, pages viewed, and general location (city/region).

      • Cookies & Similar Technologies: session cookies, preference cookies, analytics cookies, and advertising/retargeting cookies (see §6 “Cookies & Ads”).

We may aggregate or de-identify data for analytics and service improvement. Aggregated or de-identified data is not used to identify you.

4) How We Use Your Information

• • Provide Services: respond to inquiries, evaluate candidacy, schedule consultations, deliver telehealth/virtual assessments, and manage your account or appointments.

  • Payments & Billing: process deposits, service fees, and other payments (see §5).

  • Clinical Operations: pre-visit preparation, internal case review, and coordination of care among our clinical staff.

  • Communications: send confirmations, reminders, updates, and (with consent or as permitted) marketing communications.

  • Improvement & Personalization: improve the Site, quality assurance, training, research/analytics (in de-identified/aggregated form where possible).

  • Security & Compliance: protect against fraud/abuse, comply with legal obligations, enforce policies, and exercise legal claims.

Texting consent: By providing a mobile number, you consent to receive texts from us. Reply STOP to opt out; HELP for help.

5) Payments & Security

We use PCI-compliant third-party payment processors (e.g., a provider like Authorize.Net or equivalent) to accept credit/debit cards online and in office.

• • We do not store full card numbers on our own servers. Card data you enter into Site payment fields is transmitted directly to the processor via encrypted connection and may be tokenized for future authorized charges (e.g., deposits or follow-up services you approve).

  • We may store limited billing metadata (e.g., last 4 digits, card type, expiration month/year, billing address, transaction IDs) for receipts, refunds, charge disputes, and compliance.

While we maintain administrative, technical, and physical safeguards, no method of transmission or storage is 100% secure. Please use discretion when sharing sensitive details online.

6) Cookies, Analytics, and Ads

We use cookies, pixels, and similar technologies to operate the Site, understand usage, and—where allowed—deliver or measure advertising.

• • Essential Cookies: site functionality, load balancing, security, consent storage.

  • Analytics Cookies: tools such as Google Analytics to understand traffic and usage trends.

  • Advertising/Retargeting Cookies: to deliver ads that may be more relevant to you across websites and social platforms and to measure ad performance.

  • Your Choices: Most browsers let you block or delete cookies. You can also manage ad preferences through platform settings and industry opt-outs (e.g., NAI/DAA). Disabling cookies may affect Site functionality.

  • Do Not Track: Our Site may not respond to DNT signals.

7) How We Share Information

We do not sell your personal information. We may share information with:

• • Service Providers & Vendors: payment processors, hosting, EHR/telehealth platforms, customer support/chat tools, email/SMS vendors, analytics and advertising partners—only to perform services for us and under confidentiality obligations.

  • Clinical Personnel: our physicians/clinicians and authorized staff for assessment and care coordination.

  • Financing Partners (if used): if you apply or request info about financing.

  • Legal/Compliance: to comply with law, respond to lawful requests, protect rights, safety, and security, or in connection with a merger, acquisition, or asset sale.

Targeted Advertising (CPRA “Sharing”): Some ad tools may constitute “sharing” for cross-context behavioral advertising under California law. See §9 for your right to opt out of such “sharing.”

8) Data Retention

We keep information for as long as needed for the purposes described here (e.g., to provide services, meet legal, tax, and accounting obligations, resolve disputes, and enforce agreements). Clinical records are retained per applicable healthcare recordkeeping laws.

9) Your Privacy Rights

California (CCPA/CPRA): If you are a California resident, you may have the right to know/access, correct, delete, and opt out of “sharing” for targeted advertising. We do not “sell” personal information for money.
To exercise rights or to use an authorized agent, contact us at [email protected] (or use the methods below). We will verify your request consistent with applicable law.

Nevada: We do not sell personal information as defined under Nevada law.
EU/UK (GDPR): Where GDPR applies, our lawful bases may include consent, contract performance, legal obligation, vital interests, and legitimate interests (e.g., Site security, service improvement). You may have rights to access, correct, delete, restrict/ object to processing, and data portability, and to withdraw consent at any time (withdrawal does not affect prior processing). You may also lodge a complaint with your local supervisory authority.

10) Children’s Privacy

The Site is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided personal information, contact us and we will take appropriate steps.

11) Your Choices & Opt-Outs

• • Emails: Click “unsubscribe” in any marketing email.

  • Texts: Reply STOP to any text.

  • Cookies/Ads: Adjust browser settings, platform preferences, and industry opt-outs (NAI/DAA).

  • Targeted Ads (California): You may request to opt out of “sharing” for cross-context behavioral advertising by contacting us (see §12).

12) Contact Us

Questions, requests, or complaints about this Policy or our privacy practices:
Email: [email protected]
Phone: (212) 920-4499

Mailing Address: 515 Madison Avenue #1205 New York, NY 10022

For medical record or HIPAA requests, please reference “HIPAA Request” in your subject line.

13) Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy on this page with a new “Last Updated” date. Your continued use of the Site after changes becomes effective means you accept the updated Policy.