The CRM for medical spas
Run your medspa from one platform.
Booking, charts, consent, integrated payments, and twenty-two live reports. HIPAA-compliant. BAA included. Implementation in two to four weeks.
- BAA in every contractHIPAA isn't an upgrade tier.
- Integrated paymentsCard, cash, and check inside the appointment flow.
- Built for medspasNot a salon platform with extras bolted on.
Sarah
Available
Jamie
Available
Marco
Available
Botox 30u
L. Davis
Filler
M. Tran
HydraFacial
S. Kim
Consult
New
Laser
P. Rao
Microneedling
A. Lee
Multi-provider booking · Manhattan location
Six capabilities, every one for medspas.
Not a salon tool with the word 'aesthetics' pasted on top.
A calendar that knows who works where.
Each provider gets their own column. Drag to reschedule. Click to take payment. Unsigned consent is flagged before the client walks in.
- Per-provider, per-location columns
- Drag-to-reschedule with conflict detection
- Online booking with deposit-on-book
- Automated SMS + email reminders
Sarah
Available
Jamie
Available
Marco
Available
Botox 30u
L. Davis
Filler
M. Tran
HydraFacial
S. Kim
Consult
New
Laser
P. Rao
Microneedling
A. Lee
The whole client, on one page.
Treatment history, allergies, signed consents, outstanding paperwork, invoice history, provider notes. Two clicks from the calendar. The same record across every location.
- Searchable across all locations
- Treatment history with outcome tracking
- Provider-only notes thread
- Pending forms surfaced where needed
Sarah Chen
Client since Mar 2024 · 12 visits · Member
Phone
(555) 234-1180
sarah.chen@…
Date of birth
Jan 14, 1989
Allergies
Penicillin
Pending forms
Botox consent · per-visit · expires today
Consent forms that survive an audit.
Intake signs once. Per-treatment consent signs every visit. One tokenized link. Every signature captures IP and user-agent. The template is snapshotted at signing, so next month's edits never rewrite last month's record.
- Version-snapshotted at signing
- Tokenized fill links (no login required)
- Auto-assigned per service or per visit
- Audit trail with IP, user-agent, timestamp
Botox & Neurotoxin Consent
Version 4 · For: Sarah Chen · Tokenized link
Signature
Invoicing and integrated payments in one flow.
Card, cash, and check go in with a payment reference. Card processing runs through our licensed payment partner inside the appointment flow — no separate terminal to reconcile against. Daily close-out splits totals by method. Sixty-day reopen window.
- Owner-only 60-day reopen window
- Per-payment-method daily close-out
- Tax handled per service line item
- Integrated card processing through a licensed partner
Invoice INV-2026-0214
L. Davis · Today, 11:40 am · Sarah Chen
| Item | Qty | Total |
|---|---|---|
| Botox 30u | 1 | $540.00 |
| HydraFacial add-on | 1 | $180.00 |
The reports your accountant keeps asking for.
Twenty-two of them: daily close-out, AR aging, revenue by service or provider or location, no-show rate, top spenders, booking lead time. Live data. Every CSV export sits behind a HIPAA confirm and is audit-logged.
- 22 pre-built reports
- Live data, no nightly refresh delay
- CSV export with PHI confirmation
- Audit-logged on every run
Sales — last 30 days
Apr 16 → May 15 · 4 paid invoices today
Gross
$48.6k
Tax
$4.31k
Avg invoice
$483
Open a second location without re-onboarding.
Each site gets its own calendar, pricing, and staff schedule. An org-level dashboard shows every location alongside cross-location revenue. The location switcher only appears for staff who span more than one.
- Per-location pricing + staff
- Org-level locations dashboard
- Per-location revenue + reporting filters
- Single sign-on across sites
All locations · Rollup
3 sites · Last 30 days
Manhattan
Flagship · 8 providers
$28.4k
+12%
Brooklyn
5 providers
$14.1k
+4%
Hudson Yards
Opened Mar · 3 providers
$6.1k
+38%
Three things other platforms get wrong.
Each is a deliberate choice baked into how Lumè is built, not a roadmap promise.
- 01
Built for medspas, not adapted.
Mindbody for salons. Boulevard for high-end salons. Zenoti for spa chains. None of them built around treatment-cycle scheduling, per-procedure consent, multi-provider rooms, or a close-out that matches the drawer.
- 02
HIPAA isn't a pricing tier.
Every customer runs on the same compliant architecture. Tenant data isolated at the database. Audit log on every PHI read. AWS under a signed BAA, included in your standard contract.
- 03
Pricing without the games.
Per location, not per seat. No annual contract. No paywall on data export. No setup fee. No “Pro” tier hiding what you assumed was standard.
Security & compliance
HIPAA-compliant by architecture, not by checkbox.
Tenant data isolated at the database layer. Permissions resolved per request from a forty-permission catalog. Audit log entries on every PHI read and every state change. AWS infrastructure under a signed BAA. SOC 2 Type II in progress.
Thirty-minute demo
See Lumè running on your spa, not a generic one.
Send us your service menu. We'll configure the demo on your real data. Thirty minutes. The first call is the demo.
One business day to a calendar invite.