Legal

Privacy Policy

Last updated: March 30, 2026  ·  Effective: March 30, 2026

MedSpaAI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and platform at medspaai.biz (the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

Information You Provide Directly

  • Account information: Name, email address, and login credentials when you create an account.
  • Business information: MedSpa name, business type, and brand preferences entered during onboarding.
  • Client data: Names, email addresses, phone numbers, visit history, and other client information you import into the platform.
  • Payment information: Billing details processed securely through Stripe. We do not store full card numbers or CVV codes.
  • Communications: Messages you send us through the contact form or email.

Information Collected Automatically

  • Usage data: Pages visited, features used, clicks, and session duration.
  • Device and browser information: IP address, browser type, operating system, and referring URLs.
  • Cookies and similar technologies: Session cookies for authentication and analytics cookies to understand how the Service is used.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Process payments and manage your subscription.
  • Send you transactional emails (account confirmations, receipts, password resets).
  • Send you product updates, feature announcements, and marketing communications (you may opt out at any time).
  • Respond to your support requests and inquiries.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Generate AI-powered campaign content based on your business profile and client data.

We do not use your client data to train AI models for use by other customers. Your client data is used solely to provide the Service to you.

3. How We Share Your Information

We do not sell your personal information or your client data. We may share information with:

  • Service providers: Third-party vendors who help us operate the Service, including Stripe (payment processing), Resend (email delivery), and cloud infrastructure providers. These providers are contractually obligated to protect your data and may only use it to provide services to us.
  • Legal requirements: When required by law, court order, or government authority, or to protect the rights, property, or safety of MedSpaAI, our users, or others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Your Client Data and HIPAA

If you are a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), you are responsible for ensuring that your use of MedSpaAI complies with HIPAA requirements. MedSpaAI is designed as a marketing and client retention tool and is not intended to store or process Protected Health Information (PHI) as defined by HIPAA. You should not upload PHI (such as medical records, diagnoses, or treatment information) to the platform. If your use case requires HIPAA compliance, please contact us before using the Service.

5. Data Retention

We retain your account information and data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, we retain your data for 30 days to allow for reactivation or data export. After 30 days, your data is permanently deleted from our systems, except where retention is required by law. You may request deletion of your data at any time by contacting us at [email protected].

6. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and core functionality. These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the Service so we can improve it. You may opt out by adjusting your browser settings.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/HTTPS) and encryption at rest. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. If you believe your account has been compromised, contact us immediately at [email protected].

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to certain legal exceptions.
  • Portability: Request a machine-readable export of your data.
  • Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us.
  • California residents (CCPA): You have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MedSpaAI

Email: [email protected]

Website: medspaai.biz