Privacy Policy

Account Information: Your name, email address, and phone number when you register. Phone numbers are used for OTP login verification.

Business Profile: Business name, branding assets, services, and pricing you configure in your account.

Client Data You Enter: Names, phone numbers, appointment history, health/churn scores, and any notes you add about your clients. You are the data controller for this information.

Booking Submissions: Names and phone numbers submitted by your clients through your public booking page.

Payment Data: Transaction records (amounts, dates, service types). Raw card numbers are never stored — they are tokenized directly by Stripe.

Usage & Analytics: Browser type, IP address, pages visited, feature usage, and error logs collected automatically to operate and improve the service.

Communications: SMS message logs (outbound and inbound) associated with your account, stored in our database.

OTP Verification (Platform Users): When you sign in with a phone number, we send automated one-time passcodes via SMS for account security only. Frequency: one per login attempt. Provider: Twilio via Supabase Auth.

Business-to-Client Messaging: Your clients may receive SMS messages (appointment reminders, birthday greetings, review requests, and campaigns) sent by you through MsgHealth. These messages originate from your account. You are responsible for client consent. Provider: Twilio.

Message & Data Rates: Standard carrier rates may apply for all SMS messages.

Opt-Out: Any recipient may reply STOP to stop receiving messages. Opt-outs are honored automatically. Contact us to remove your number from our records entirely.

No Marketing to You: We do not send you promotional SMS messages and do not sell or rent your phone number.

Authentication: Verify your identity and secure your account.

Service Delivery: Provide dashboard features: client management, SMS automation, booking, payments, AI analytics, and loyalty tools.

AI Features: Generate churn risk predictions and health scores using anonymized client metrics. We send aggregate metrics — not names or phone numbers — to AI provider APIs (Anthropic, OpenAI, xAI Grok) unless you explicitly include personal data in an AI chat message.

Billing: Process your subscription payments and maintain billing records.

Compliance & Safety: Detect fraud, enforce our Terms, respond to legal requests, and protect user safety.

Service Improvement: Analyze usage patterns to improve features and fix bugs. We do not sell this data.

Supabase: Database, authentication, and real-time subscriptions. All data is encrypted at rest and in transit.

Twilio: SMS delivery for OTP verification and business-to-client messaging. Phone numbers are shared with Twilio to route messages.

Stripe: Payment processing and Terminal hardware. Stripe receives transaction data and card details directly. Subject to Stripe's Privacy Policy.

Anthropic (Claude): AI-powered churn prediction and chat assistant. Anonymized client metrics and user chat inputs are sent to Anthropic's API.

OpenAI: Alternative AI chat assistant (user-selectable). Chat inputs may be sent to OpenAI's API.

xAI (Grok): ML-based business forecasting. Aggregated metrics only.

Upstash Redis: Rate limiting. IP addresses are used ephemerally for rate-limit counters and are not stored long-term.

Cloudflare: Application hosting and edge network. Subject to Cloudflare's Privacy Policy.

Active Accounts: Data is retained for the duration of your account. You can export your client data at any time from the dashboard.

Account Deletion: Upon account termination, your data is retained for 30 days for recovery purposes, then permanently deleted.

SMS Logs: Outbound and inbound SMS message logs are retained for up to 12 months, then purged.

Payment Records: Transaction records are retained for 7 years to comply with financial regulations.

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data (subject to legal retention requirements).

Portability: Export your client data in a machine-readable format from the dashboard at any time.

Opt-Out of SMS: Reply STOP to any SMS message or contact us to opt out of all SMS communications.