Lumè
← Journal

Software selection

What is a medspa CRM? The complete guide for 2026

A medspa CRM is the system of record for a medical spa — the place bookings, client charts, consent, payments, memberships, and marketing all live and connect. It's a distinct category from the salon software most spas start on, and from the EMRs that hospitals run. Here's what the term actually means, and what separates a real one from a salon tool with a clinical sticker on it.

The Lumè team12 min read

Most medical spas don't start with a CRM. They start with a calendar, a card reader, a folder of paper consent forms, and a spreadsheet of clients — and then, somewhere between the first and the third provider, the gaps start costing money. A client's consent can't be found. Two appointments double-book the laser. The "we miss you" text never goes out because nobody exported the list. A medspa CRM is what replaces that pile of disconnected tools with one system.

But "CRM" is a slippery word in this market. A sales team's CRM (Salesforce, HubSpot) tracks deals through a pipeline. A salon's CRM (Mindbody, Vagaro) tracks appointments and retail. A medical spa needs something with a different center of gravity — one that treats the clinical record, the consent, and HIPAA as the foundation rather than an afterthought. This guide defines the category precisely, so that when a vendor says "medspa CRM" you can tell whether they mean it.

What a medspa CRM actually is

A medspa CRM is the system of record for a medical aesthetic practice: the single place where a client's bookings, treatment history, signed consent, photos, payments, memberships, and communications all live and stay connected. The defining word is connected. The value isn't any one feature — it's that booking a Botox appointment, surfacing the unsigned consent, charting the units, charging the card, and scheduling the 12-week follow-up are all the same record moving through one workflow, not five tools you reconcile by hand.

That's the category. Everything below is how to recognize a real one — and the two systems people most often confuse it with.

Medspa CRM vs. salon CRM: the distinction that matters

The single most common mistake in this market is buying a salon platform and assuming the clinical parts will catch up. They usually don't, because the difference isn't a missing feature — it's the underlying data model. Salon software is organized around services, stylists, and retail product. Medical aesthetics is organized around treatments, providers with specific licensure, drugs and dosages, and consent that is legally tied to a specific version of a form.

Concretely, a clinical-first medspa CRM does things a salon tool structurally can't:

  • Per-treatment consent versioning. The consent a client signed for their filler in 2024 is a frozen snapshot of that form. Updating your template next year must not retroactively change what they agreed to. Salon platforms that edit a form "in place" fail this quietly.
  • Provider eligibility by service. A laser treatment shouldn't be bookable with an esthetician who isn't credentialed for it. A medspa CRM enforces who can perform what; a salon calendar treats every "stylist" as interchangeable.
  • Treatment charting and before/after photos as core records, not notes stapled to an appointment.
  • A BAA by default and an append-only PHI audit log. On a salon platform, HIPAA is frequently a higher tier or a document you have to chase. On a medspa CRM it's the floor.

This is exactly the threshold most clinics hit a year or two in. We wrote a separate piece on the signals that you've outgrown a salon tool — when to migrate off Mindbody, Vagaro, or Boulevard — and, if you're comparing specific platforms, the honest best medical spa software comparison for 2026.

Medspa CRM vs. EMR: where the line sits

The other system a medspa CRM gets confused with is an EMR (Electronic Medical Record). The simplest way to hold the distinction:

  • An EMR handles the clinical/medical record — diagnoses, prescriptions, SOAP notes, problem lists, and the regulatory machinery of a licensed medical practice.
  • A CRM handles the business and relationship — scheduling, payments, marketing, reporting, and client communication.

Most medical spas live in between and need a CRM that includes enough clinical charting — treatment notes with an addendum trail, consent capture, photo documentation — without the weight of a hospital EMR. A handful of practices that write prescriptions and operate as full medical clinics genuinely need a certified EHR alongside. The point is to be honest about which you are before you buy, because paying for a certified EHR you don't need is as costly as discovering your salon tool can't chart at all. Our medspa CRM buying guide walks through how to scope that for your specific practice.

The capabilities that define a medspa CRM

Vendors describe themselves with long feature lists. The category is better defined by the handful of capabilities that have to be present — and have to work together — for the software to actually run a clinic. There are seven.

1. Scheduling and online booking

Provider-column calendars, drag-to-reschedule, buffer time, and a public booking page that respects provider eligibility and captures a deposit. The booking has to flow into the same record the rest of the visit uses — not a separate calendar you copy from.

2. Client charts and treatment records

A single client record that carries treatment history, provider notes, dosages and lot numbers where relevant, and before/after photos — readable at a glance before the next visit.

3. E-signed consent

Versioned consent forms with e-signature that captures the name, timestamp, device or IP, and the exact form version signed. This is the piece salon tools most often get wrong, and the one a malpractice or board inquiry will ask for first.

4. Integrated payments

Card, cash, and check captured inside the appointment and posted straight to the invoice — no separate terminal to reconcile at close-out. Memberships and packages draw against stored balances automatically.

5. Memberships and packages

Recurring billing, banked/rollover credits, and member pricing. This is how a medspa converts one-time injectable clients into predictable monthly revenue; we go deep on it in medical spa membership software.

6. Marketing on live data

Email and SMS that run against the live client list — segmented by treatment cycle, recency, and membership status — so suppression and timing are correct without a nightly export to a separate tool. The mechanics are in the medspa email and SMS marketing guide.

7. HIPAA architecture

Tenant data isolated at the database level, an append-only audit log on every PHI read, encryption in transit and at rest, and a Business Associate Agreement in the standard contract. If compliance is a paid tier, the base product doesn't have it. The HIPAA checklist for medspas and what a BAA actually covers cover this in depth.

A newer eighth capability is becoming a defining one rather than a bonus: an AI SMS agent that answers inbound texts and books against the real-time schedule. As of 2026 it's a purchasable, production feature, and it's increasingly part of what people mean when they say "medspa CRM."

Who needs a medspa CRM

Short answer: any practice that performs medical aesthetic treatments and holds protected health information — which is all of them. The longer answer is about when the pain justifies the switch:

  • Solo injectors and single-location spas. The HIPAA obligations and the documentation burden are identical to a large clinic's; you just don't have a front desk catching the gaps. Consolidating into one system is what keeps consent defensible and rebooking automatic.
  • Growing practices adding providers. The moment you have more than one provider and more than one room, the eligibility rules, the shared calendar, and the per-provider reporting stop being optional.
  • Multi-location groups. One client record across all sites, org-level rollup reporting, and staff who span locations are things many platforms claim and few do cleanly.

What a medspa CRM costs

Pricing generally runs from about $100/month for a single-location starter tier to $600+/month for multi-location plans with AI and marketing included, plus the add-ons that quietly inflate a quote — extra forms, data export, setup fees. Per-seat models get expensive as you hire; flat per-location pricing is more predictable. The full breakdown, including the line items vendors don't volunteer, is in how much medspa software costs.

How to choose one

Once you know you need a medspa CRM rather than a salon tool or a full EMR, the selection comes down to verifying that the seven capabilities above are real, included, and work together — and asking the questions vendors hope you skip about HIPAA tiers, consent versioning, data export, and migration. That's its own guide: how to choose a medspa CRM lays out the twelve criteria and the exact questions to ask every vendor.

Lumè is a medspa CRM built to this definition: booking, charts, e-consent, integrated payments, memberships, an AI SMS agent, and email/SMS marketing in one HIPAA-compliant system, with a BAA in every contract. If you'd like to see how it maps to your practice, request a demo — a focused 30-minute walkthrough, tailored to how your spa runs.

Frequently asked questions

What does CRM stand for in a medical spa context?
CRM stands for Customer Relationship Management. In a medical spa it means the central software that holds every client relationship and the operations around it — scheduling, charts, consent, payments, memberships, and marketing — rather than a standalone contact database. A medspa CRM is purpose-built for clinical aesthetic workflows and HIPAA, unlike a generic sales CRM.
What is the difference between a medspa CRM and an EMR?
An EMR (Electronic Medical Record) is built for clinical documentation — diagnoses, prescriptions, SOAP notes, and certified medical records. A medspa CRM covers the full business cycle: booking, payments, marketing, reporting, and client communication, plus the lighter clinical charting most aesthetic practices need (treatment notes, before/after photos, e-signed consent). Most medspas need a CRM with clinical charting, not a hospital-grade EMR.
Is a medspa CRM different from salon software like Mindbody or Vagaro?
Yes. Salon platforms are built around services, stylists, and retail, and add clinical features through bolt-ons. A medspa CRM is built around clinical workflows from the start: per-treatment consent versioning, provider eligibility by service, treatment charting, before/after photos, and a Business Associate Agreement included by default. The data model and HIPAA posture are the difference, not the feature checklist.
Does a solo injector or single-location spa need a CRM?
Yes. Even a solo provider has to schedule, document treatments, capture signed consent, take payment, and follow up — and the HIPAA obligations are the same at one chair as at ten. A medspa CRM consolidates those into one system so the documentation is defensible and the rebooking happens automatically, which matters more, not less, when there is no front-desk team to catch the gaps.
How much does a medspa CRM cost?
Most medspa CRMs land between roughly $100 and $600 per month per location depending on tier, with add-ons for things like extra forms, AI SMS, or data export. Per-seat pricing scales with headcount and gets expensive as you hire; flat per-location pricing is more predictable for a growing team. See our cost breakdown for the full picture.

Keep reading

Get a demo

See exactly how Lumè fits your medspa.

A focused 30-minute walkthrough of the platform, tailored to how your spa runs. The first call is the demo.

Get a demo