Privacy Policy

1. Overview

This Privacy Policy explains how ApptOnly ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our platform ("Service"). We are committed to protecting the privacy of both our business users and their clients.

2. Information We Collect

We collect information you provide directly: name, email address, phone number, business details, and payment information when you create an account. For clients of our business users, we may store names, contact information, appointment history, and preferences as entered by the business user. We also collect usage data automatically, including IP addresses, browser type, device information, pages viewed, and actions taken within the Service.

3. Health & Wellness Information

Our Service allows business users to collect health-related information from their clients, including intake form responses, medical history, session notes (SOAP notes), pressure preferences, areas of concern, and medication information. This data is provided voluntarily and is stored with elevated security measures. We encrypt health-related data at rest and in transit. Access is restricted to the business user who collected it. We do not use health data for advertising, analytics, or any purpose other than providing the Service.

4. How We Use Your Information

We use your information to: provide, maintain, and improve the Service; process payments and subscriptions; send appointment reminders and notifications you have configured; provide customer support; send important service updates; and comply with legal obligations. We do not sell your personal information to third parties. We do not use your data or your clients' data to train machine learning models.

5. Information Sharing

We share your information only in the following circumstances: with Stripe for payment processing; with email and SMS service providers to deliver notifications you configure; with hosting and infrastructure providers who process data on our behalf; when required by law, regulation, or legal process; and to protect the rights, safety, or property of ApptOnly, our users, or the public. All third-party service providers are contractually obligated to protect your data and use it only for the services they provide to us.

6. Data Storage & Security

Your data is stored on servers located in the United States using industry-standard cloud infrastructure. We use encryption in transit (TLS) and at rest for all sensitive data. We implement access controls, audit logging, and regular security reviews. Passwords are hashed using industry-standard algorithms and are never stored in plain text. While we take reasonable measures to protect your data, no system is 100% secure.

7. Cookies & Tracking

We use essential cookies to maintain your session and authentication state. We use analytics cookies (Vercel Analytics) to understand how the Service is used and to improve it. We do not use advertising cookies or third-party tracking pixels. You can control cookie settings through your browser, though disabling essential cookies may prevent the Service from functioning properly.

For details on each cookie we set, see our Cookie Policy.

8. Your Rights

You have the right to: access the personal data we hold about you; correct inaccurate personal data; request deletion of your personal data; export your data in a portable format; opt out of non-essential communications; and withdraw consent for data processing where applicable. Business users are responsible for responding to data rights requests from their own clients. We provide tools to facilitate data export and deletion to help business users fulfill these obligations.

9. Data Deletion

You can delete your account at any time through your dashboard settings or by contacting support. Upon account deletion, we will remove your personal data and your clients' data within 30 days. Some data may be retained longer if required by law (e.g., financial records for tax compliance). Backups containing deleted data are purged within 90 days.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].