Privacy Policy - MedSpa AI Employee

Privacy Policy

Your privacy and data security are our highest priorities. Learn how we protect and handle your information.

Effective Date: July 29, 2025  |  Last Updated: July 29, 2025

Table of Contents

1. Overview

MedSpa-AiEmployee ("we," "us," or "our") provides artificial intelligence-powered call handling and appointment booking services specifically designed for medical spas and aesthetic clinics. This Privacy Policy explains how we collect, use, process, and protect information when you use our services.

2. Information We Collect

2.1 Information You Provide

  • Business contact information (name, email, phone)
  • Medical spa operational details (services offered, staff information, scheduling preferences)
  • Customer service preferences and customization settings
  • Payment and billing information

2.2 Information Collected Through Our AI Services

  • Call recordings and transcripts (when legally permitted and disclosed)
  • Appointment booking data and scheduling information
  • Customer inquiry details and preferences
  • Communication logs and interaction history
  • Voice data processed for AI training and improvement

2.3 Technical Information

  • IP addresses and device information
  • Browser type and operating system
  • Usage analytics and performance metrics
  • Integration data from connected systems (scheduling software, CRM platforms)

3. How We Use Your Information

3.1 Service Provision

  • Provide AI call handling and appointment booking services
  • Process and manage customer appointments and inquiries
  • Customize AI responses based on your business requirements
  • Integrate with your existing systems and workflows

3.2 Service Improvement

  • Train and improve our AI algorithms and natural language processing
  • Analyze call patterns and booking trends
  • Develop new features and enhance existing services
  • Conduct quality assurance and performance monitoring

3.3 Business Operations

  • Process payments and manage billing
  • Provide customer support and technical assistance
  • Send service updates and important notifications
  • Comply with legal and regulatory requirements

4. HIPAA Compliance and Healthcare Data

4.1 Business Associate Relationship

When providing services to covered entities under HIPAA, we act as a Business Associate and will:

  • Execute appropriate Business Associate Agreements (BAAs)
  • Implement required safeguards for Protected Health Information (PHI)
  • Limit use and disclosure of PHI as specified in BAAs
  • Report any security incidents involving PHI

4.2 Healthcare Information Handling

  • We implement administrative, physical, and technical safeguards to protect healthcare information
  • Access to healthcare data is limited to authorized personnel only
  • All healthcare data is encrypted in transit and at rest
  • We maintain audit logs of all PHI access and processing activities

5. Information Sharing and Disclosure

5.1 We Do Not Sell Personal Information

We do not sell, rent, or lease personal information to third parties.

5.2 Authorized Sharing

We may share information in the following circumstances:

  • With your medical spa clients when processing appointments and inquiries on your behalf
  • With service providers who assist in delivering our services (subject to strict confidentiality agreements)
  • For legal compliance when required by law, court order, or regulatory authority
  • To protect rights and safety when necessary to protect our rights, property, or the safety of others

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred, subject to the same privacy protections.

6. Data Security

6.1 Security Measures

  • End-to-end encryption for all data transmission
  • Advanced firewall and intrusion detection systems
  • Regular security audits and penetration testing
  • Multi-factor authentication for system access
  • Employee security training and background checks

6.2 Data Breach Response

In the event of a data security incident:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours (or as required by law)
  • We will cooperate with regulatory authorities as required
  • Remediation measures will be implemented to prevent future incidents

7. Data Retention

7.1 Retention Periods

  • Call recordings and transcripts: Retained for [X] months unless longer retention is required by law or requested by client
  • Appointment data: Retained for [X] years for business and compliance purposes
  • Account information: Retained for the duration of the business relationship plus [X] years
  • Technical logs: Retained for [X] months for system optimization and security purposes

7.2 Data Deletion

Upon request or contract termination, we will securely delete or return your data in accordance with our data retention schedule and applicable laws.

8. Your Rights and Choices

8.1 Access and Control

You have the right to:

  • Access your personal information and data processing activities
  • Correct inaccurate or incomplete information
  • Request deletion of your information (subject to legal retention requirements)
  • Object to certain types of data processing
  • Request data portability in machine-readable formats

8.2 Communication Preferences

You can opt out of non-essential communications at any time by:

  • Using unsubscribe links in emails
  • Contacting us directly at [email protected]
  • Updating your account preferences

9. International Data Transfers

If you are located outside the United States, please note that your information may be transferred to and processed in the United States. We implement appropriate safeguards to protect your information in accordance with applicable data protection laws.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. California Privacy Rights

11.1 CCPA Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising CCPA rights

11.2 Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website
  • Notify users of material changes via email or service notifications
  • Indicate the effective date of changes

13. Contact Information

13.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:

Email: [email protected]

Phone: (561) 617-9965

13.2 Data Protection Officer

If you have concerns about our data handling practices, contact our DPO at [email protected]

13.3 Regulatory Complaints

You have the right to file complaints with relevant regulatory authorities if you believe we have not adequately addressed your privacy concerns.