Privacy Policy

1. Introduction

Sarah AI, Inc. ("we," "our," or "us") provides virtual receptionist services to medical spas and aesthetic practices. We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, and protect information when you use our virtual receptionist service.

2. Information We Collect

Business Information

• Business name, address, and contact information
• Website URL and business hours
• Service offerings and pricing information
• Calendar integration details

Customer Interactions

• Chat conversations and inquiries
• Appointment requests and booking details
• Customer contact information provided during booking
• Service preferences and requirements

Technical Data

• Website analytics and usage patterns
• IP addresses and device information
• Browser type and operating system

3. How We Use Information

• Provide virtual receptionist services and respond to customer inquiries
• Schedule appointments and manage bookings
• Send appointment confirmations and reminders
• Analyze service performance and improve our AI responses
• Process payments and manage subscriptions
• Comply with legal obligations and business requirements

4. HIPAA-Ready Framework

Our service is designed to be HIPAA-ready for healthcare practices. We implement appropriate technical, physical, and administrative safeguards to protect health information. A Business Associate Agreement (BAA) is available for covered entities upon request.

Important: During the pilot period, we recommend avoiding the collection or discussion of specific health information (PHI) until a BAA is executed.

5. Information Sharing

We do not sell, trade, or rent personal information. We may share information with:

• Service Providers: Stripe for payment processing, calendar services for scheduling
• Analytics: Google Analytics and Meta Pixel for website performance (anonymized data)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain business information for the duration of your subscription plus 3 years for business records. Customer interaction data is retained for 2 years to improve service quality. You may request data deletion at any time, subject to legal retention requirements.

8. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Opt-out of non-essential communications
• Receive a copy of your data

9. Cookies and Tracking

We use cookies for website functionality, analytics, and advertising optimization. You can control cookie preferences through your browser settings. Disabling cookies may affect website functionality.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. For material changes, we will provide notice via email or service notifications.

11. Contact Information

For privacy-related questions or requests, contact us at: