Privacy Policy

Effective: May 15, 2026 · Last updated: May 12, 2026

Scope. This policy covers obris.co and the Obris Launch service. It does NOT cover the patient-facing websites that Obris Launch builds for medical-practice clients — those sites have their own privacy policies owned by the practice.

1. Who we are

Obris Launch (“Obris Launch,” “we,” “us”) is a marketing company serving the Medical Aesthetics Industry in the United States — medi-spas, plastic surgery practices, cosmetic dermatology, and aesthetic-only clinics. Our products are Obris Launch (done-for-you marketing stack) and Obris Vigilance (competitive intelligence SaaS).

Contact: privacy@obris.co · Obris Launch, 2524 N Broadway, Suite 583, Edmond, OK 73034

2. Information we collect

Obris Launch does not collect, process, or store patient health information (PHI). Our services collect information about practice owners and their businesses — never about their patients. When Obris Launch becomes a business associate of a client practice under a signed Business Associate Agreement (BAA), patient information is handled separately under that BAA and is never stored on obris.co infrastructure.

Directly from you

Contact information when you fill out a form, book a consultation, subscribe to updates, or contact support: name, email, phone, practice name, practice type (medi-spa, plastic surgery, cosmetic dermatology, aesthetic-only clinic), practice website, city and state.
Account information if you become a client: billing contact, authorized users, practice details, platform credentials you grant us to manage on your behalf (for example, Google Business Profile manager access).
Payment information via our payment processor (Stripe). Obris Launch does not directly store full card numbers or CVVs.
Communications: emails, scheduled calls, messages sent through support or dashboard chat.

Automatically

Usage data: pages viewed, time on page, referring URL, device type, browser, IP address, and approximate location (city-level).
Cookies and similar technologies: see “Cookies and tracking” below.

From third parties

Analytics providers: Google Analytics 4.
Advertising platforms: if you click on an Obris Launch ad, we may receive the associated click identifier.
Business information: publicly available information about your practice (website, Google Business Profile, reviews) that we use to prepare proposals.

3. How we use your information

We use information to:

Deliver the services you have engaged us for
Bill you and manage your account
Respond to inquiries and provide support
Improve our services, website, and marketing
Send you service updates and occasional marketing emails (you can unsubscribe at any time)
Comply with our legal obligations and enforce our terms

4. No patient health information

Obris Launch is not a covered entity or business associate under HIPAA with respect to obris.co visitors. This site does not collect or process Protected Health Information (PHI).

When Obris Launch becomes a business associate of a client medical practice through a signed Business Associate Agreement, we handle PHI separately and strictly under that BAA. That information is never stored on obris.co infrastructure and is not covered by this policy.

5. How we share information

We share information only as follows:

Service providers who help us operate: hosting (InMotion Hosting), email marketing (MailerLite), payments (Stripe), analytics (Google Analytics 4). Each is bound by contract to use your information only to provide their service.
Legal compliance: when required by applicable law, subpoena, court order, or to protect our legal rights.
Business transfers: if Obris Launch is acquired, merged, or its assets are sold, information may transfer to the successor entity with notice to you.

We do not sell personal information to third parties.

6. Cookies and tracking

We use:

Essential cookies for site functionality (session state, security)
Analytics cookies (Google Analytics 4) to understand how visitors use the site
Advertising cookies when you reach the site through an Obris Launch ad (conversion tracking)

You can control or disable cookies through your browser settings. We do not currently operate a cookie preference center; this will change when we intentionally reach an EU audience.

7. Your rights

California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we have collected, used, disclosed, or sold about you
Delete personal information we have collected from you (subject to certain exceptions for billing, legal compliance, and fraud prevention)
Correct inaccurate personal information
Opt out of the sale or sharing of personal information (Obris Launch does not sell personal information)
Non-discrimination for exercising any of these rights

To submit a request, email privacy@obris.co. We will respond within 45 days (extendable by an additional 45 days with notice, per CCPA).

Other US state residents

Residents of Virginia, Colorado, Connecticut, Utah, and other states with enacted privacy laws have similar rights to access, correct, delete, and opt out of certain processing. Email privacy@obris.co to submit a request.

European residents (GDPR)

If you are in the European Economic Area, you have the right of access, rectification, erasure, restriction of processing, data portability, and objection to processing. You also have the right to withdraw consent at any time and to lodge a complaint with a supervisory authority in your country. Email privacy@obris.co to exercise these rights.

To exercise any right, email privacy@obris.co. We will acknowledge requests within 10 business days and respond substantively within 30 to 45 days depending on the applicable law.

8. Data retention

We keep information for as long as needed to provide services and meet our legal obligations:

Active client account data: duration of the relationship plus seven years for tax and accounting purposes
Billing records: seven years
Marketing contact data (email subscribers, form inquiries): until you unsubscribe or request deletion
Website analytics: 26 months (Google Analytics 4 default retention setting)

9. Security

We use reasonable administrative, technical, and physical safeguards — including TLS encryption in transit, encrypted backups, access controls limited to authorized personnel, and periodic security reviews. No internet-connected system is completely secure. If a security breach is likely to affect you, we will notify you as required by applicable law.

10. Children

Obris Launch is a B2B service directed to adults operating medical practices. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, contact privacy@obris.co and we will delete it.

11. Changes to this policy

We will post material changes here and update the “Last updated” date at the top of this page. If changes are significant, we will notify active clients by email or prominent site notice.

12. Contact us

Privacy questions or rights requests: privacy@obris.co

General: hello@obris.co

Mail: Obris Launch, 2524 N Broadway, Suite 583, Edmond, OK 73034