Privacy Policy

1. Introduction

Med Spa AI ("we," "us," or "our") operates an AI-powered marketing automation platform designed for businesses in the medical spa and healthcare marketing industry. We are committed to protecting your privacy and being transparent about how we handle your personal information.

This Privacy Policy explains how we collect, use, and protect your information when you use our services, visit our website, or interact with our platform.

2. Information We Collect

2.1 Information You Provide Directly

When you use our services or contact us, we may collect:

• Account Information: Name, email address, phone number, company name, job title
• Billing Information: Payment details, billing address (processed securely through third-party payment processors)
• Communications: Messages you send us, support requests, feedback
• Platform Configuration: Settings, preferences, and configurations for your marketing campaigns

2.2 Information Collected Automatically

When you use our platform or website, we automatically collect:

• Usage Data: How you interact with our platform, features used, time spent
• Technical Information: IP address, browser type, device information, operating system
• Cookies and Similar Technologies: To improve functionality and user experience
• Performance Data: Campaign metrics, platform performance, error logs

2.3 Information from Third-Party Integrations

When you connect advertising accounts (Facebook, Google Ads, etc.) to our platform:

• Campaign Data: Ad performance metrics, audience insights, spending data
• Account Information: Account names, IDs, authorization tokens
• Creative Assets: Ad images, videos, and copy that you upload or create through our platform

3. How We Use Your Information

We use your information solely to provide and improve our marketing automation services:

3.1 Service Delivery

• Providing AI-powered marketing campaign automation
• Creating and optimizing advertising campaigns
• Generating marketing analytics and reports
• Managing your account and billing

3.2 Platform Improvement

• Improving our AI algorithms and automation features
• Analyzing usage patterns to enhance user experience
• Developing new features and services
• Troubleshooting and technical support

3.3 Communication

• Providing customer support
• Sending service-related notifications
• Sharing product updates and new features
• Marketing communications (with your consent)

3.4 Legal and Security

• Complying with applicable laws and regulations
• Protecting our platform and users from fraud or abuse
• Enforcing our Terms of Service

4. AI and Automated Processing

Our platform uses artificial intelligence and machine learning to automate marketing tasks:

• Campaign Optimization: AI algorithms analyze performance data to improve ad targeting and bidding
• Content Generation: AI creates marketing copy, images, and video content
• Audience Targeting: Automated audience creation based on campaign performance
• Budget Management: AI-driven budget allocation and bid optimization

Your Rights: You can opt-out of AI processing of your data by contacting us at [email protected]. Note that opting out may limit certain platform features.

5. Information Sharing and Disclosure

5.1 Within Your Organization

Information is only shared within your organization as needed to provide our services (e.g., with team members you authorize to access the platform).

5.2 Service Providers

We may share information with trusted service providers who help us operate our platform:

• Cloud Hosting: Secure data storage and platform hosting
• Payment Processing: Processing billing and subscription payments
• Analytics: Platform performance and usage analytics
• Customer Support: Help desk and support ticket management

All service providers are contractually required to protect your information and use it only for the specified purposes.

5.3 Legal Requirements

We may disclose information when required by law, court order, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or illegal activity
• Protect the safety of our users

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Limited access on a need-to-know basis
• Secure Infrastructure: SOC 2 compliant hosting providers
• Employee Training: Staff trained on data protection best practices

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

7. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

• Account Information: Retained during the service relationship plus 3 years
• Usage and Analytics Data: Retained for 2 years or until deletion request
• Platform Logs: Retained for 1 year for security and troubleshooting
• Marketing Communications: Until you unsubscribe or request deletion
• Billing Records: Retained for 7 years for tax and legal compliance

When you cancel your account, we will delete or anonymize your personal information according to the schedules above, unless we have a legal obligation to retain it.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format

8.2 Correction and Deletion

• Correct inaccurate or incomplete information
• Request deletion of your personal information

8.3 Marketing Communications

• Opt-out of marketing emails and communications
• Update your communication preferences

8.4 Data Processing

• Object to certain processing activities
• Restrict processing in specific circumstances
• Opt-out of AI processing (may limit platform functionality)

How to Exercise Your Rights: Contact us at [email protected] with your request. We will respond within 30 days and may require verification of your identity.

9. International Data Transfers

Our services are primarily based in the United States. If you are located outside the U.S., your information may be transferred to and processed in the United States where our servers and service providers are located.

We ensure appropriate safeguards are in place for international transfers as required by applicable law.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Post the updated policy on our website
• Email registered users about significant changes
• Update the "Last Updated" date at the top of this policy

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Third-Party Services

Our platform integrates with third-party advertising platforms (Facebook, Google, etc.). These services have their own privacy policies that govern how they collect and use information. We encourage you to review their policies:

• Facebook Business: https://www.facebook.com/privacy/policy
• Google Ads: https://policies.google.com/privacy
• Instagram: https://help.instagram.com/519522125107875

We are not responsible for the privacy practices of these third-party services.