The Drapery Spa logo in blue serif font (decorative, use alt="")
Menu
The Drapery Spa logo in blue serif font (decorative, use alt="")
Menu

Privacy Policy

PRIVACY POLICY 

The Drapery Spa 

Effective Date: 01/01/2026 

1. INTRODUCTION & SCOPE 

The Drapery Spa (“Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting personal information you provide when you: visit our website (thedraperyspa.com), submit a consultation request or intake form, communicate with us via email, phone, or other channels, schedule or receive services, or interact with our business in any capacity. 

This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights regarding your personal information. 

BY USING OUR WEBSITE, SUBMITTING INFORMATION, OR ENGAGING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN. 

2. INFORMATION WE COLLECT 

2.1 Personal Information You Provide 

We collect personal information that you voluntarily provide to us, which may include: 

Contact Information: 

  • Full name (first and last)
  • Email address
  • Phone number (mobile and/or landline)
  • Mailing address
  • Service address (if different from mailing address)

Project Information: 

  • Number of rooms requiring service
  • Preferred service timeframe
  • How you heard about us (referral source)
  • Property type (primary residence, secondary residence, investment property)
  • General description of service needs or concerns

Communication Records: 

  • Content of emails, messages, or other communications with Company
  • Notes from phone conversations
  • Consultation notes and assessments
  • Service history and preferences

Financial Information: 

  • Payment method information (processed through secure third-party payment processors)
  • Billing address
  • Invoice and payment records
  • Deposit and balance payment records
  • Cancellation fee records and charges
  • Rescheduling fee records and charges
  • Service credit balances, issuance dates, and expiration dates 
  • Credit redemption and usage history
  • Refund processing records
  • Late payment fee records ($100 fees assessed for payments not received by 48-hour deadline) 
  • Interest charges accrued on unpaid balances (1.5% per month / 18% APR) 
  • Collection referral records and dates (accounts unpaid 30+ days)
  • Legal action records and dates (accounts unpaid 60+ days)

 

Scheduling & Appointment History: 

  • Scheduled appointment dates and times
  • Cancellation requests, timing, and reason (if provided)
  • Rescheduling requests, frequency, and dates
  • Number of reschedules per booking (tracked to enforce 2-reschedule maximum)
  • No-show incidents and documentation
  • Scheduling priority status based on rescheduling history

 

Emergency Exception Documentation (Collected Only When Client Requests Fee Waiver): 

In cases where you request a cancellation or rescheduling fee waiver due to a documented emergency (such as hospitalization, death in the immediate family, or natural disasters), we may collect supporting documentation, which may include: 

  • Medical records, hospital admission/discharge papers, or doctor’s notes (hospitalization)
  • Death certificates or obituary notices (death in family)
  • Emergency declaration notices or evacuation orders (natural disasters)
  • Other documentation reasonably necessary to verify emergency circumstances 

 

Emergency documentation is collected solely for verification purposes, is retained only as long as necessary for review and potential dispute resolution (typically 30-90 days post-verification), and is securely destroyed thereafter. We handle all emergency documentation with strict confidentiality and sensitivity. 

You are not required to provide emergency documentation, but failure to provide requested documentation within 48 hours of the scheduled service time may result in standard cancellation or rescheduling fees being applied. 

2.2 Information We Do NOT Collect Through Website Forms 

We do NOT collect the following through our website or initial intake forms: photographs of your property or textiles, detailed measurements or specifications, detailed fabric information or technical data, or sensitive personal information (social security numbers, financial account details, health information except as noted above for emergency documentation). Such information may be collected during in-home consultation only if necessary for service delivery. 

2.3 Automatically Collected Technical Information 

When you visit our website, we may automatically collect limited technical information including: IP address, browser type and version, device type and operating system, pages visited and time spent, referring website or source, date and time of access, and general geographic location (city/state level). This information does not personally identify you unless combined with personal information you provide. 

2.4 Cookies & Tracking Technologies 

Our website may use cookies, web beacons, pixels, or similar tracking technologies to remember your preferences, improve website functionality, analyze traffic patterns, and support security. You may disable cookies through your browser settings, though some website features may not function properly. 

2.5 Third-Party Analytics 

We may use third-party analytics services (such as Google Analytics or similar tools) to understand how visitors use our website. These services may collect information about your use of our website and other websites over time. We do not control how third-party analytics providers use information they collect. 

3. HOW WE USE YOUR INFORMATION 

3.1 Legitimate Business Purposes 

We use the information we collect for legitimate business purposes, including: 

Service Delivery & Operations: 

  • Reviewing and evaluating consultation requests
  • Determining project alignment with our services and standards 
  • Scheduling consultations and service appointments
  • Processing cancellations and rescheduling requests
  • Managing service credits, tracking expiration dates, and processing redemptions 
  • Enforcing cancellation and rescheduling policies
  • Tracking scheduling history and rescheduling frequency to enforce policy limits
  • Assessing and tracking late payment fees ($100) and interest charges (18% APR) 
  • Managing collection referrals for accounts unpaid 30+ days past due
  • Initiating and tracking legal action for accounts unpaid 60+ days past due 
  • Verifying emergency exception requests and reviewing supporting documentation
  • Communicating service recommendations, pricing, and timelines
  • Performing services and fulfilling contractual obligations
  • Processing payments, deposits, and managing billing
  • Maintaining service records and client history 

 

Communication & Customer Service: 

  • Responding to inquiries, questions, or requests
  • Providing updates regarding scheduled services 
  • Sending service-related notifications or reminders
  • Addressing concerns or resolving disputes

Business Administration: 

  • Internal recordkeeping and documentation
  • Quality control and performance evaluation
  • Training and staff development
  • Legal compliance and regulatory requirements
  • Protecting our rights and interests
  • Enforcing our Terms & Conditions and Cancellation Policy

Marketing & Business Development (with limitations): 

  • Sending occasional updates, newsletters, or promotional materials (only with consent and easy opt-out)
  • Improving our services and developing new offerings
  • Understanding client preferences and market trends

 

3.2 Legal Basis for Processing (where applicable) 

Where required by law, our legal basis for collecting and using personal information includes: Consent (you have provided express consent for specific uses), Contract Performance (processing is necessary to fulfill our service agreement), Legitimate Interests (processing is necessary for our legitimate business interests such as improving services or preventing fraud), and Legal Obligation (processing is required to comply with applicable laws or regulations). 

4. CONSULTATION REQUESTS & NO GUARANTEE OF SERVICE 

Submission of a consultation request does NOT guarantee acceptance of your project, guarantee scheduling of consultation, create any obligation for The Drapery Spa to provide services, or establish a client relationship. The Drapery Spa reserves sole and absolute discretion to determine whether a project aligns with our standards, decline to schedule consultation, decline to provide services after consultation, or discontinue communication at any time without explanation. Information submitted through consultation requests will be retained for reasonable business purposes including evaluation, future reference, business records, and legal compliance. You may request deletion of your information subject to our legitimate business needs and legal obligations (see Section 10). 

5. IN-HOME CONSULTATION & SERVICE DOCUMENTATION 

During in-home consultations or service appointments, The Drapery Spa may take photographs or videos of textiles, installations, hardware, create written notes and assessments, and document conditions for professional assessment, service planning, quality control, recordkeeping, training, and dispute resolution. We will NOT use photographs or images of your property for marketing, advertising, promotional materials, social media, or any public-facing purposes WITHOUT YOUR EXPRESS WRITTEN CONSENT. Exception: Non-identifying detail shots, close-ups of fabric texture, or anonymized images that do not reveal your property’s identity, location, or distinguishing features may be used without specific consent for portfolio or educational purposes. All documentation is stored securely with access limited to authorized personnel, protected with reasonable safeguards, retained only as long as necessary, and subject to our data retention and deletion policies. 

6. INFORMATION SHARING & DISCLOSURE 

6.1 We Do NOT Sell or Rent Personal Information 

The Drapery Spa does NOT and will NOT: sell your personal information to third parties, rent or lease your personal information, trade or exchange your information for value, or use your information for purposes unrelated to our services without consent. 

6.2 Authorized Sharing with Service Providers 

We may share your personal information with trusted third-party service providers who assist with business operations, including: scheduling & calendar tools, payment processors (e.g., Stripe, Square, PayPal), email & communication platforms, website hosting & form platforms, accounting & invoicing software, and CRM & database systems. All third-party service providers are contractually required to maintain confidentiality, permitted to use information ONLY for providing services to us, subject to security and privacy obligations, and prohibited from using information for their own purposes. 

6.3 Sharing Within Company 

Your information may be accessed by authorized employees of The Drapery Spa, independent contractors or subcontractors performing services on our behalf, and authorized representatives acting under our direction. All personnel are required to maintain confidentiality and use information only for legitimate business purposes. 

6.4 Legal Disclosures & Compliance 

We may disclose your information when required or permitted by law, including: Legal Process (in response to subpoenas, court orders, legal process, or government requests), Law Enforcement (when required to comply with investigations), Legal Rights Protection (to protect our rights, property, safety, or the rights and safety of others), Fraud Prevention (to detect, prevent, or address fraud, security issues, or illegal activity), Contract Enforcement (to enforce our Terms & Conditions or other agreements), and Business Transfers (in connection with merger, acquisition, sale of assets, or bankruptcy with confidentiality obligations maintained). 

6.5 Disclosure with Your Consent 

We may share your information with third parties when you provide express consent or direction to do so. 

7. DATA SECURITY & PROTECTION 

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction, including secure data storage systems, access controls and authentication, encryption for sensitive data transmission, regular security assessments and updates, employee training on data protection practices, and contractual obligations with third-party processors. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge and accept the inherent risks of transmitting information electronically and using online services. You are responsible for maintaining confidentiality of any account credentials, using secure Internet connections when transmitting sensitive information, notifying us immediately of any suspected unauthorized access or security breach, and taking reasonable precautions to protect your own information. 

8. DATA RETENTION & DELETION 

8.1 Retention Period 

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including duration of active client relationship, reasonable period following service completion, period required by law, and period necessary to resolve disputes or protect legal rights. Retention periods vary based on type of information collected, nature of services provided, legal and regulatory requirements, and legitimate business needs. 

Typical retention periods include: 

  • Active client records: Duration of relationship plus 3-7 years
  • Consultation requests (not converted to service): 2-5 years
  • Financial records (invoices, payments, deposits): 7 years (tax compliance)
  • Cancellation and rescheduling records: 7 years (financial and legal compliance)
  • Late payment fee and interest charge records: 7 years 
  • Collection referral and legal action records: 7 years post-resolution
  • Service credit records: 12 months from issuance plus 3 years post-expiration
  • Emergency exception documentation: 30-90 days post-verification, then securely destroyed
  • Service documentation & photos: 3-7 years post-service
  • Marketing communications: Until opt-out or unsubscribe

8.2 Secure Deletion 

When personal information is no longer needed, we securely delete or destroy records containing personal information, anonymize data where possible for aggregate analysis or business purposes, and ensure that third-party service providers also delete information per contractual obligations. 

9. MARKETING COMMUNICATIONS & OPT-OUT 

If you provide consent, we may send occasional marketing communications including service updates or new offerings, educational content or tips, company news or announcements, and promotional offers (rare and targeted). You may opt out of marketing communications at any time by clicking “unsubscribe” link in any marketing email, replying to any marketing email with “UNSUBSCRIBE,” contacting us directly at legal@thedraperyspa.com, or indicating your preference during consultation or service. Opting out of marketing does NOT affect transactional or service-related communications (e.g., appointment confirmations, invoices), communications necessary to fulfill services or contracts, or legal notices or required disclosures. We do NOT sell, rent, or share our client list or contact information with third-party marketers. 

10. YOUR PRIVACY RIGHTS 

You have the right to request: confirmation of whether we hold personal information about you, access to personal information we have collected, information about how we use and share your data, correction or update of inaccurate or incomplete personal information, and deletion of your personal information (subject to our legal obligations to retain certain records, legitimate business needs, and technical limitations). Where applicable under law, you may request restriction of certain processing activities, object to processing based on legitimate interests, and withdraw consent where processing is based on consent. 

To exercise your privacy rights, contact us at legal@thedraperyspa.com with “Privacy Rights Request” in the subject line. Include your full name, contact information, specific right you wish to exercise, details to help us locate your information, and verification information to confirm your identity. We will respond to verified requests within a reasonable timeframe as required by applicable law (typically 30-45 days). To protect your privacy and security, we may require verification of your identity before fulfilling privacy requests through matching information, requesting additional identifying information, or confirming through previously used communication channels. 

11. CHILDREN’S PRIVACY 

The Drapery Spa does not knowingly collect personal information from individuals under the age of 18. Our services are directed to adults, and our website is not intended for use by children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. 

12. THIRD-PARTY WEBSITES & SERVICES 

Our website may contain links to third-party websites, services, or resources (e.g., social media platforms, payment processors, scheduling tools). We are NOT responsible for the privacy practices, content, or security of third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit. We may use third-party tools or integrations (e.g., Google Analytics, social media widgets, payment processors) that may collect information independently. We do not control third-party data collection practices. 

13. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA) 

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including: Right to Know (request disclosure of personal information collected, used, shared, or sold), Right to Delete (request deletion of personal information subject to exceptions), Right to Opt-Out of Sale (Note: We do NOT sell personal information), Right to Non-Discrimination (receive equal service and pricing regardless of exercising privacy rights), Right to Correct (request correction of inaccurate personal information), and Right to Limit Use of Sensitive Information (Note: We do not collect sensitive personal information as defined by CCPA except emergency documentation when voluntarily provided). To exercise California privacy rights, contact us at legal@thedraperyspa.com with “California Privacy Request” in the subject line. 

14. TEXAS & U.S. PRIVACY COMPLIANCE 

This Privacy Policy is designed to comply with Texas state privacy and consumer protection laws, Federal laws including CAN-SPAM Act, Telephone Consumer Protection Act (TCPA), and other applicable regulations, and industry best practices for service-based businesses. We do not knowingly collect sensitive personal data beyond what is necessary and appropriate for providing professional services. 

15. INTERNATIONAL DATA TRANSFERS 

The Drapery Spa operates in the United States and processes information primarily within the United States. If you are located outside the United States and provide information to us, please be aware that your information will be transferred to and processed in the United States. U.S. privacy laws may differ from those in your jurisdiction. By providing information, you consent to transfer and processing in the United States. 

16. CHANGES TO THIS PRIVACY POLICY 

We reserve the right to modify, update, or change this Privacy Policy at any time to reflect changes in our business practices, legal or regulatory requirements, technological developments, or improvements to privacy protections. When we make material changes to this Privacy Policy, we will update the “Effective Date” at the top of this policy, post the revised policy on our website, and provide notice through our website or via email (for material changes affecting your rights). Your continued use of our website or services following posting of changes constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically. 

17. CONTACT INFORMATION & QUESTIONS 

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact: 

The Drapery Spa 

Privacy & Legal Inquiries 

Email: legal@thedraperyspa.com 

Phone: 972-809-9816 

We will respond to privacy inquiries within a reasonable timeframe. 

18. DISPUTE RESOLUTION 

Any disputes arising from or relating to this Privacy Policy or our privacy practices shall be resolved in accordance with the dispute resolution provisions outlined in our Terms & Conditions, including binding arbitration and class action waiver provisions. 

19. SEVERABILITY 

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. 

Last Updated: 01/2026 

Version: 2.2 

BY USING OUR WEBSITE, SUBMITTING INFORMATION, OR ENGAGING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO THIS PRIVACY POLICY.