Last Updated: [June 25th, 2026]

Effective Date: [July 19th, 2026]

This Consumer Health Data Privacy Notice (“Notice”) is provided by HASAKI LLC (“Hasaki,” “we,” “our,” or “us”) in compliance with the Washington My Health My Data Act, RCW 19.373 (“MHMDA”), Nevada Senate Bill 370 (NRS Chapter 603A), the Connecticut Data Privacy Act as amended by Senate Bill 3, and other applicable state consumer health data laws (collectively, “Consumer Health Data Laws”).[C1] [C2] 

This Notice describes how we collect, use, share, and protect “consumer health data” when you interact with hasaki.com, our mobile applications, and our retail stores (collectively, the “Services”). It supplements — and does not replace — our [Privacy Policy] and [Notice at Collection].

If any provision of this Notice conflicts with our general Privacy Policy, this Notice controls with respect to consumer health data of residents of Washington, Nevada, Connecticut, and any other jurisdiction with applicable Consumer Health Data Laws.

What Is “Consumer Health Data”?

Under the Washington My Health My Data Act, “consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This is a broad definition and may include, depending on context, information related to:

•   Skin conditions, concerns, or treatments (acne, eczema, sensitivity, aging)

•   Hair and scalp conditions

•   Nutritional, dietary, or wellness preferences

•   Reproductive or sexual health

•   Bodily functions, vital signs, or measurements

•   Use or purchase of products or services intended to diagnose, treat, or manage a health condition

•   Precise location data that could indicate visits to health-related facilities

•   Biometric or genetic information, where collected

•   Any other information that, in context, reveals a consumer’s health status

We recognize that information you share with us in connection with selecting skincare, beauty, or wellness products may fall within this definition, and we treat such information with the heightened care required by law.

Categories of Consumer Health Data We May Collect

Depending on how you interact with our Services, we may collect the following categories of consumer health data:

•   Self-reported skin and beauty concerns — Information you provide through skin quizzes, product finders, virtual try-on tools, customer service chats, or reviews (e.g., “oily skin,” “acne-prone,” “sensitive to fragrance”).

•   Product purchase history that may reveal health information — For example, repeated purchases of acne treatments, eczema creams, sunscreen for sensitive skin, or supplements.

•   Beauty consultation notes — Notes recorded by our Beauty Advisors during in-store or virtual consultations, with your consent.

•   Photos and uploaded images — Photos you submit for skin analysis, product matching, or reviews.

•   Precise geolocation — When you enable location services to find a nearby store, only with your explicit consent.

•   Communications — Information you share in support tickets, emails, or chat with our customer service team that may reference your health.

How We Collect Consumer Health Data

We collect consumer health data:

•   Directly from you when you create an account, complete a quiz, fill out a form, take a virtual skin analysis, write a product review, or communicate with our customer service team

•   Automatically when you interact with health-related product categories or content on our Services

•   From third parties, only where you have authorized them to share information with us (for example, a third-party skin analysis tool you’ve connected to your Hasaki account)

How We Use Consumer Health Data

We use consumer health data only for the purposes for which it was originally collected, or for purposes to which you have provided affirmative consent. These purposes include:

•   Recommending products that match your stated skin type, concerns, or preferences

•   Personalizing your shopping experience and the content you see

•   Providing customer service responses to your specific questions

•   Improving our Services through aggregated and de-identified analysis

•   Complying with applicable legal obligations

We do not use consumer health data:

•   For purposes that are not reasonably necessary to, or compatible with, the purposes described in this Notice, except with your consent or as otherwise permitted by applicable law

•   For targeted advertising or cross-context behavioral advertising without your separate, valid consent

•   To train or develop artificial intelligence or machine learning models using consumer health data in a form that identifies you, except with your consent or as otherwise permitted by applicable law. This does not restrict our use of de-identified or aggregated data that can no longer reasonably be linked to you.

Sharing of Consumer Health Data

We share consumer health data only as described below, and only with your consent where required by law.

•   Service providers and processors — We share consumer health data with vendors who perform services on our behalf (such as cloud hosting, customer service platforms, and analytics providers) under written agreements that restrict their use of the data to provide services to us.

•   Legal and regulatory authorities — Where required by law, court order, or to protect the safety of any person.

•   Successor entities — In connection with a merger, acquisition, financing, or sale of assets, subject to this Notice.

We do not currently sell consumer health data, and will not do so without your valid authorization as required by applicable law. We do not share consumer health data with data brokers, advertising networks, or any third party for targeted advertising or cross-context behavioral advertising without your separate, valid consent.

Your Rights Regarding Consumer Health Data

If you are a resident of Washington, Nevada, Connecticut, or another jurisdiction with applicable Consumer Health Data Laws, you have the right to:

•   Confirm whether we are collecting, sharing, or selling your consumer health data

•   Access a list of all categories of consumer health data we have collected about you, the third parties with whom we have shared it, and how it has been used

•   Withdraw consent for our collection or sharing of consumer health data at any time, with the same ease as you provided it

•   Delete consumer health data we have collected about you, subject to limited legal exceptions

•   Be free from retaliation for exercising any of these rights

How to Exercise Your Rights

You may exercise your rights by submitting a request through one of the following methods:

•   Email: support@hasaki.com (subject line: “Consumer Health Data Request”)

•   Toll-free phone: 1-877-4-HASAKI (1-877-442-7254)

We will verify your identity before processing your request and respond within the timeframe required by applicable law. We will respond as soon as reasonably practicable and in no event later than the maximum period permitted under the Consumer Health Data Law applicable to you. Where the law permits an extension and one is reasonably necessary, we may extend our response time and will notify you of the extension and the reason for it. We do not charge a fee to respond to your request unless the law permits us to do so, in which case any fee will be limited to what the applicable law allows.

Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We will require written authorization signed by you, verification of the agent’s identity, and direct confirmation from you that you authorize the request.

Right to Appeal

If we deny your request, you may appeal our decision by replying to our denial email or by contacting support@hasaki.com with the subject line “Consumer Health Data Appeal.” We will respond to appeals within the timeframe required by the Consumer Health Data Law applicable to you. If you are not satisfied with our appeal response, you may file a complaint with the Washington State Attorney General at atg.wa.gov, the Nevada Attorney General at ag.nv.gov, the Connecticut Attorney General at portal.ct.gov/AG, or the Attorney General of your state of residence.

Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect consumer health data against unauthorized access, alteration, disclosure, or destruction, consistent with the volume and nature of the data and the requirements of applicable law. These safeguards may include encryption, access controls limiting consumer health data to authorized personnel with a business need, employee training, and periodic review of our security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a data breach affecting consumer health data, we will notify affected individuals and the appropriate authorities in accordance with applicable law.

Data Retention

We retain consumer health data only as long as necessary to fulfill the purposes for which it was collected, plus any period required by legal, regulatory, or accounting obligations. When the retention period expires, we securely delete, destroy, or de-identify the data so that it can no longer be associated with you.

Specific retention periods are described in our Privacy Policy.

Children’s Consumer Health Data

Our Services are intended for adults. We do not knowingly collect consumer health data from children where doing so would require parental consent under the Children’s Online Privacy Protection Act (COPPA) or other applicable law without first obtaining that consent. If we learn that we have collected such data without the required consent, we will delete it promptly. Where applicable law requires opt-in consent before the sale or sharing of the consumer health data of a minor (for example, consumers known to be under 16 under certain state laws), we will obtain that consent as required.

If you are a parent or guardian and believe your child has provided consumer health data to us, please contact support@hasaki.com to request review and deletion.

Geofencing Restrictions

In compliance with RCW 19.373.060, we do not implement geofences within 2,000 feet of facilities providing in-person health care services for the purpose of identifying or tracking consumers seeking such services, collecting consumer health data from such consumers, or sending notifications, messages, or advertisements to consumers related to their consumer health data or health care services.

Changes to This Notice

We may update this Notice from time to time to reflect changes in applicable law or our practices. Where required by applicable Consumer Health Data Laws, we will not use previously collected consumer health data for materially different, unrelated, or incompatible purposes without first providing notice and obtaining your consent to the extent required. We will provide notice of material changes by posting the updated Notice on our Services and updating the “Last Updated” date below, and by any additional means required by applicable law. The “Last Updated” date at the top of this Notice reflects the most recent revision.

Contact Us

If you have questions or concerns about this Notice or our handling of consumer health data, please contact:

•   Email: support@hasaki.com (subject line: “Consumer Health Data Request”)

•   Toll-free phone: 1-877-4-HASAKI (1-877-442-7254)

This Notice is provided in compliance with the Washington My Health My Data Act (RCW 19.373), Nevada SB 370 (NRS Chapter 603A), the Connecticut Data Privacy Act as amended, and other applicable consumer health data laws. References to specific state laws are for informational purposes and do not constitute legal advice. This Notice is incorporated by reference into our Privacy Policy. In the event of a conflict between this Notice and the Privacy Policy with respect to consumer health data of residents of jurisdictions covered by Consumer Health Data Laws, this Notice controls. Hasaki reserves the right to update this Notice at any time, with the effective date reflected above. The MHMDA includes a private right of action under Washington’s Consumer Protection Act; nothing in this Notice waives any rights provided to you under applicable law.

 [C1]IMPORTANT LEGAL NOTE (see full memo): Being below the CCPA threshold does NOT exempt Hasaki from these laws. The Washington MHMDA has NO revenue or consumer-number threshold; it applies to any entity targeting WA residents and processing consumer health data. Most obligations in this Notice therefore CANNOT be removed. This redline only trims commitments that EXCEED what the law requires (over-commitments that create unnecessary liability) while keeping every mandatory obligation. Note MHMDA carries a private right of action.

 [C2]Per your instruction to publish at the minimum mandatory level: I trimmed three voluntary over-commitments (data-broker sourcing ban, ADMT/‘legal effects’ restriction, and the absolute no-sale/no-share promise, softened to match the statutory consent standard — see inline comments). I did NOT touch the rights, appeal, authorized-agent, geofencing, breach-notification, or retention sections, because those track language that MHMDA / NV SB 370 / CTDPA (as amended) actually require, and Washington’s MHMDA in particular has no revenue or consumer-count threshold, so Hasaki is in scope regardless of CCPA status. This is a drafting redline, not legal advice — please have qualified counsel sign off before publishing, especially given MHMDA’s private right of action.