Privacy Policy

Last updated: March 2026

1. Introduction

Clinic Assistant AI ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI avatar receptionist service and website.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Clinic Assistant AI provides AI avatar receptionist services for aesthetic clinics. If you have any questions about this policy, you can contact us at:

• Email: nick.summers@clinicassistant.co.uk
• Website: https://www.clinicassistant.co.uk

3. What Data We Collect

We collect different types of information depending on how you interact with us:

3.1 Information You Provide to Us

• Contact form enquiries: When you contact us via our website form, we collect your name, email address, clinic name, and any other information you choose to provide in your message.
• Client account information: If you become a client, we collect clinic details, billing information, and contact details for account management purposes.
• Client Content: FAQ data, brand materials, and photographs provided for avatar creation.

3.2 Information Collected Automatically

• Google Analytics: We use Google Analytics with IP anonymisation enabled. This collects anonymous usage data such as pages visited, time on site, and browser type. This information cannot identify you personally.
• Cookies: We use only essential and analytics cookies. Our cookie consent tool requires your opt-in before any non-essential cookies are set.

3.3 Information Collected via the Avatar Service

• Anonymous question data: When visitors interact with our avatar on your clinic website, we record the questions they ask. This is purely to understand frequently asked questions and improve the service.
• We do NOT collect: IP addresses, names, email addresses, or any personally identifiable information about your clinic's website visitors. All data collected via the avatar is anonymous and aggregated for reporting purposes only.

4. How We Collect Data

• Direct interactions: When you complete our contact form, email us, or communicate with us directly.
• Automated technologies: Through Google Analytics and Firebase (for anonymous question logging).
• During onboarding: When you provide Client Content for your avatar creation.

5. How We Use Your Data

We use your information for the following purposes:

• To provide our service: Creating and maintaining your clinic's avatar, responding to enquiries, and delivering the Professional Care Plan.
• To communicate with you: Responding to contact form submissions, sending service updates, and billing communications.
• To improve our service: Analysing anonymous question data to refine FAQs and enhance the avatar experience.
• To meet legal obligations: Maintaining accurate billing records and complying with UK GDPR requirements.
• To protect our business: Managing accounts, preventing fraud, and enforcing our Terms of Service.

We will never sell your personal data to third parties.

6. Lawful Basis for Processing (UK GDPR)

We process your personal data on the following lawful bases:

• Contract performance: To fulfil our agreement with you when you purchase our service.
• Legitimate interests: To improve our service, respond to enquiries, and manage our business operations.
• Consent: For analytics cookies, which you may accept or deny via our cookie consent tool.
• Legal obligation: To maintain financial records and comply with UK law.

7. Data Sharing and Third Parties

We share your data only with trusted third parties who help us deliver our service:

• Google Analytics: Provides anonymous website usage statistics. Their privacy policy is available at policies.google.com/privacy.
• Firebase: Stores anonymous question data for reporting purposes. No personal data is stored.
• IONOS: Our VPS hosting provider for website and avatar files.
• Payment processors: For billing and subscription management (details provided at point of sale).

We may also disclose information if required by law or to protect our legal rights.

8. International Data Transfers

Your data is primarily stored within the UK and European Economic Area (EEA). Where third-party services (such as Google Analytics) may involve data transfers outside the UK, we rely on appropriate safeguards such as Standard Contractual Clauses and the UK International Data Transfer Agreement.

9. Data Retention

• Contact form enquiries: Retained for up to 12 months unless you become a client.
• Client account data: Retained for the duration of our agreement plus 6 years to meet HMRC requirements.
• Anonymous question data: Retained indefinitely in aggregated form for service improvement.
• Avatar files and Client Content: Retained while your account is active and for 30 days after cancellation to allow for reactivation.

10. Your Rights

Under UK GDPR, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (subject to legal obligations).
• Right to restrict processing: Limit how we use your data.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests.
• Rights related to automated decision-making: Our service does not make automated decisions affecting you.

To exercise any of these rights, please contact us at nick.summers@clinicassistant.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Cookies and Tracking

Our website uses only essential and analytics cookies:

• Essential cookies: Required for the website to function (cookie consent preference).
• Google Analytics cookies: Set only after you click "Allow" on our cookie consent banner. These help us understand how visitors use our site.

You can control cookies through your browser settings or our consent tool. Opt-in is required before any analytics cookies are set.

12. Security

We take appropriate technical and organisational measures to protect your data:

• Password-protected spreadsheets for client billing information, stored locally.
• Local accounting software with restricted access.
• Secure VPS hosting with IONOS.
• Firebase with appropriate security controls.
• HTTPS encryption throughout our website.
• Chatbot privacy filters: Our avatar includes automated checks to prevent the accidental entry of personal data such as credit card details, names, addresses, or other sensitive information. If a visitor attempts to share such data, the system flags or filters the input to avoid storing it on our servers.

While we implement strong safeguards, no method of transmission or storage is 100% secure.

13. Children's Privacy

Our service is intended for aesthetic clinics and their adult clients. We do not knowingly collect data from children under 18. If you believe a child has provided us with personal information, please contact us so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. If we make significant changes, we will notify clients directly.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Email: nick.summers@clinicassistant.co.uk