Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you fill out a contact form, request a consultation, subscribe to our newsletter, or communicate with us via email or phone. This may include:

• Name, email address, phone number, and company name
• Industry and business size information
• Messages and communications you send to us
• Information about your interest in our services

We also automatically collect certain technical information when you visit our website, including IP address, browser type, device information, pages visited, and referring URL. This data is collected via cookies and similar technologies.

2. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and provide requested services
• Send you relevant information about our services
• Improve our website and service offerings
• Analyze usage trends and optimize user experience
• Comply with legal obligations
• Protect against fraud and unauthorized access

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity on our website. You can control cookie preferences through your browser settings. We use:

• Essential cookies: Required for basic website functionality
• Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
• Marketing cookies: Used to deliver relevant advertisements and track campaign effectiveness

4. Third-Party Services

We may share your information with trusted third-party service providers who assist us in operating our business, including:

• Email and communication platforms (e.g., SendGrid, Mailchimp)
• CRM systems for managing client relationships
• Analytics providers (e.g., Google Analytics)
• Payment processors for billing purposes
• Hosting and infrastructure providers (e.g., Vercel)

These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Contact form submissions are retained for up to 3 years. Newsletter subscribers' data is retained until they unsubscribe.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access your personal information
• The right to correct inaccurate data
• The right to request deletion of your data
• The right to opt out of marketing communications
• The right to data portability

To exercise any of these rights, please contact us at privacy@clearpathai.com.

7. MedSpa Visualization Tool — Additional Disclosures

This section applies specifically to users of the ClearPath MedSpa Visualization Tool (the "Tool"), available at aiclearpath.com/medspas and embedded on MedSpa customer websites.

7.1 Photo Processing & Zero Retention

When a visitor uploads a photo to the Tool to generate a before/after preview, the photo is transmitted directly to our AI image processing provider (Google Gemini) for real-time processing. We do NOT store, cache, log, or otherwise retain the photo on our servers, your website, or any third-party system. The photo exists only in memory during the ~20-30 second generation process and is discarded immediately afterward. We have no ability to retrieve past uploaded photos — not even if legally compelled to do so, because they simply don't exist in persistent storage.

7.2 What Google Gemini Receives

To generate the AI visualization, we send the following to Google's Gemini image model: (a) the uploaded photo, (b) a text prompt describing the desired transformation (e.g., "show this person 30 days after Botox treatment"), and (c) a system instruction enforcing photorealism and same-person constraints. Google's terms for the Gemini API govern their own data handling. Per Google's published policy, input data sent via the paid Gemini API is not used to train Google's public models.

7.3 No Protected Health Information (PHI)

The Tool does not collect, store, or transmit any Protected Health Information (PHI) as defined by HIPAA. We do not ask for medical history, diagnosis codes, treatment plans, or any other health data. Because we do not handle PHI, ClearPath AI is not a HIPAA "covered entity" or "business associate", and HIPAA compliance requirements do not apply to our use of the Tool. That said, we still architect the Tool with privacy-first principles: zero retention, encrypted transit, and an explicit "no photos stored" guarantee.

7.4 Lead Capture & Email Gate

After viewing the first AI-generated visualization, users who wish to generate more are asked to provide a name and email address (the "email gate"). This information is transmitted to our email service provider (Resend), stored in our internal lead tracking, and used to fire conversion events to Google Analytics 4 and Meta Conversions API for marketing attribution. Email addresses are not sold, rented, or shared with any party other than ClearPath AI and its essential service providers. You may request deletion of your email and any associated lead data at any time by emailing privacy@clearpathai.com.

7.5 Payment Processing

When MedSpa customers purchase the ClearPath MedSpa Visualization Tool (via full-upfront payment or a $499 refundable deposit), payment is processed through Stripe, Inc., our PCI-DSS compliant payment processor. ClearPath AI does not store, receive, or have access to full credit card numbers, CVV codes, or card expiration dates — these are collected and stored by Stripe on their secure infrastructure under their published Privacy Policy. We receive only the payment confirmation, amount, customer email, and any metadata we explicitly attach to the checkout session (such as MedSpa name or website URL). Stripe acts as an independent data controller for payment card data, and their handling of that data is subject to their own privacy terms.

7.6 Booking & Scheduling Data

Implementation calls are booked through Cal.com, a third-party scheduling platform. When you book a call, Cal.com collects your name, email, selected time slot, and any notes you provide. This data is stored by Cal.com under their Privacy Policy and shared with ClearPath AI so we can prepare for your call. Cal.com also sends you a confirmation email and calendar invite on our behalf. Your booking data is not shared with any party other than ClearPath AI and Cal.com's essential sub-processors.

7.7 Simulation Disclaimer

All images generated by the Tool are AI simulations and are clearly labeled as such within the Tool interface. They are not a prediction, guarantee, or promise of any specific clinical outcome. Users should consult a licensed medspa practitioner before undergoing any treatment. The Tool is a marketing visualization aid, not a medical device, and is not intended to diagnose, treat, cure, or prevent any condition.

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: