Privacy Policy
Last updated: March 5, 2026
ClinicPilot ("we", "us", or "our") operates an AI-powered scheduling and customer communication platform for medical spa clinics. This Privacy Policy explains how we collect, use, store, and protect your information when you interact with our services via SMS, WhatsApp, or our website.
1. Information We Collect
Information you provide directly:
- Phone number (when you text or message us)
- Name and email address (if provided during booking)
- Appointment preferences and scheduling details
- Treatment inquiries and service questions
- Feedback and satisfaction responses
Information collected automatically:
- Message content (text messages you send to our number)
- Voice note transcriptions (if you send voice messages via WhatsApp)
- Images (if you send images via WhatsApp — processed in real time, not stored)
- Messaging channel (SMS or WhatsApp)
- Timestamps of interactions
- Referral source (if you reached us through an advertisement)
2. How We Use Your Information
- Respond to your inquiries about treatments and services
- Schedule, confirm, reschedule, or cancel appointments on your behalf
- Send appointment reminders and follow-up messages
- Process deposit requests for booked treatments
- Improve our AI assistant's responses and service quality
- Transfer your conversation to clinic staff when needed
3. Third-Party Services
To provide our services, your data may be processed by the following third-party providers:
| Service | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS and WhatsApp message delivery | Phone number, message content |
| Anthropic (Claude AI) | AI-powered conversation processing | Message content, conversation history |
| OpenAI | Voice note transcription | Audio data (deleted after transcription) |
| Cal.com | Appointment scheduling | Name, email, phone, appointment details |
| Airtable | Lead and booking records | Phone, name, booking status, interaction summary |
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
4. Data Retention
Conversation history: Automatically deleted after 7 days.
Lead and booking records: Retained until you request deletion.
Voice notes and images: Processed in real time and immediately discarded. We do not store audio files or images.
Payment data: We do not store any payment or financial information. Payments are handled directly by the clinic's payment provider.
5. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encrypted data transmission (HTTPS/TLS)
- Request signature verification for incoming messages
- Rate limiting to prevent abuse
- Isolated data storage per clinic (multi-tenant separation)
- Access controls on administrative endpoints
6. Your Rights
You have the right to:
- Opt out of messages at any time by texting STOP
- Request access to the personal data we hold about you
- Request deletion of your data by contacting us
- Request correction of inaccurate information
7. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.
9. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: Benwein25@gmail.com
- Address: Tel Aviv, Israel