Privacy Policy

Last updated: June 20, 2026

1. Who we are

MedSpaOS (“MedSpaOS,” “we,” “us”) provides an AI-powered front desk service for medical spas and aesthetic clinics (“Clinics,” “you,” when referring to our business customers). This policy explains how we collect, use, and protect information when Clinics use our service, and when their customers (“Clients” or “Patients”) interact with a Clinic through our AI system via phone, SMS, WhatsApp, or web chat.

Contact: pavan.harati@gmail.com

2. What information we collect

From Clinics (our direct customers)

  • Business information provided during onboarding (business name, website, services, pricing, hours, policies)
  • Account and billing information
  • Calendar and scheduling data connected via integrated booking tools
  • Usage data about how the Clinic's team interacts with the MedSpaOS dashboard

From Clinics' Clients/Patients

  • Contact information (name, phone number, email) provided when calling, texting, or messaging a Clinic
  • Call recordings and transcripts, and SMS/WhatsApp message content
  • Appointment booking details (service requested, date/time, scheduling notes)
  • Any information voluntarily shared during a conversation, which may include treatment interests or questions that touch on health-adjacent topics

We are not a healthcare provider. MedSpaOS does not provide medical advice, diagnosis, or treatment. Information shared with our AI system is used solely to answer questions, route inquiries, and schedule appointments on behalf of the Clinic.

3. How we use information

  • To operate the AI front desk service: answering calls/texts/messages, retrieving relevant Clinic information, booking and managing appointments
  • To improve the accuracy and quality of the AI system for the specific Clinic it serves
  • To provide Clinics with reporting on their own business activity
  • To maintain platform security, detect abuse, and troubleshoot issues
  • To communicate with Clinics about their account and our service

We do not sell personal information. We do not use one Clinic's data to train or improve the experience for a different Clinic.

4. How information is shared

  • With the Clinic the inquiry was directed to. A Client/Patient's conversation, contact details, and booking information are shared with the specific Clinic they contacted — this is the core function of the service.
  • With service providers who help us operate the platform (cloud hosting, telephony/messaging providers, calendar integration providers), under contractual obligations to protect the data.
  • As required by law, such as in response to a valid legal request.
  • We do not share data across Clinics, and we do not sell or rent personal information to third parties.

5. Data retention

Specific retention periods will be defined and inserted here before this policy goes live publicly. Retention periods will match actual system behavior.

6. Security

We use industry-standard safeguards to protect information, including encryption in transit, access controls limiting data to what each Clinic needs to see, and tenant isolation so one Clinic's data is never visible to another Clinic on the platform. Data is hosted on Google Cloud Platform infrastructure in the United States.

7. Your choices

  • Clinics can request a copy of, correction to, or deletion of their business data by contacting pavan.harati@gmail.com.
  • Clients/Patients who have interacted with a Clinic through MedSpaOS can request access to or deletion of their information by contacting the Clinic directly, or by contacting us at the email above and we will coordinate with the relevant Clinic.

8. Children's privacy

MedSpaOS is intended for use by adults seeking services from medical spas and aesthetic clinics. We do not knowingly collect information from children under 13.

9. State-specific rights

This section will be completed with legally drafted state-specific rights language (California CCPA/CPRA and other applicable states) before this policy is published publicly.

10. Changes to this policy

We may update this policy as our service evolves. We will update the “Last updated” date above and, for material changes, notify Clinics directly.

11. Contact us

Questions about this policy: pavan.harati@gmail.com