This Privacy Policy explains how Cliniflo ("Cliniflo", "we", "our", or "us") handles personal data when you ("Customer") use our AI-powered booking and lead-response platform, and when Cliniflo communicates on your behalf with individuals who contact your business ("End Users").
Cliniflo is operated by Reece Gunn, UK. If you have any questions about this policy or your data, email reece.gunn@gmail.com.
1. Who this applies to
This policy covers two groups of people:
- Customers — business owners and their team members who sign up to use Cliniflo. This includes login details, billing information, and account configuration.
- End Users — the leads, patients, or customers who contact Customers through channels Cliniflo is connected to (e.g. WhatsApp, Google Sheets lead intake, or web forms). Cliniflo processes their messages on behalf of the Customer.
2. Data we collect
From Customers
- Account details: name, email address, password hash.
- Business configuration: business name, opening hours, services, pricing, templates, tone of voice.
- Integration credentials — always stored encrypted at rest (AES/Fernet): OAuth refresh tokens, API keys, webhook secrets.
- Payment information: processed directly by Stripe. Cliniflo stores only the Stripe customer ID and last 4 digits of the card on file — never full card numbers.
- Usage metadata: login timestamps, IP address, browser type (used for session security and abuse detection).
From End Users (message senders)
- Phone number (WhatsApp identifier).
- Display name (as provided by WhatsApp).
- Message content sent to the Customer's WhatsApp Business number.
- Booking details: chosen appointment slot, service requested, deposit payment status.
- Any data the Customer's Google Sheets lead source contains about the End User (typically name, phone, email, treatment enquiry).
3. How we use data
We process data only for the following purposes:
- Providing the Cliniflo service — receiving inbound messages, classifying intent, generating AI replies, scheduling appointments, taking deposits.
- Running the AI receptionist. By default, AI replies are generated using your own OpenAI API key (BYOK) — your End User data is sent to OpenAI under your contract with them, not ours. See Section 7.
- Writing bookings back to your Google Calendar and deposit payments back to your Stripe account.
- Billing, platform analytics, fraud detection, and customer support.
- Complying with legal obligations (tax records, lawful requests).
4. Lawful bases (UK GDPR)
- Contract — to deliver the services you signed up for.
- Legitimate interests — to secure our platform, prevent abuse, and improve the product. We balance these against the rights of data subjects.
- Consent — where you explicitly connect a third-party integration (Google, Meta, Stripe).
- Legal obligation — to retain financial records or respond to lawful requests.
You, the Customer, are typically the data controller for End User data. Cliniflo acts as a data processor on your behalf. A separate Data Processing Addendum (DPA) is available on request.
5. Sharing with third parties
Cliniflo shares the minimum data necessary with the following sub-processors, each of which you explicitly connect:
- Meta (WhatsApp Cloud API) — to send and receive messages.
- Google (Sheets + Calendar APIs) — if you connect Google Workspace, to read leads and create calendar events. Cliniflo uses and transfers information received from Google APIs in adherence to the Google API Services User Data Policy, including the Limited Use requirements.
- Stripe — to take deposits; card data never touches Cliniflo.
- OpenAI (or the LLM provider you connect) — to generate AI replies.
- Wix Bookings or other booking systems — if you connect one, to sync confirmed bookings back to your site.
- Hosting / infrastructure — our cloud provider, who hosts the Cliniflo application and encrypted database.
We do not sell End User data, use it for third-party advertising, or use it to train machine-learning models.
6. International transfers
Data may be processed outside the UK or EEA by our sub-processors (notably OpenAI in the US, Meta in the US, Stripe). Transfers are covered by Standard Contractual Clauses and, where applicable, the UK Data Bridge.
7. Google User Data — specific disclosures
When you connect Google Workspace, Cliniflo requests the following scopes:
https://www.googleapis.com/auth/spreadsheets— to read lead rows from the single spreadsheet you select and, where relevant, append processed-row markers.https://www.googleapis.com/auth/drive.readonly— used only to populate the spreadsheet picker dropdown. Cliniflo does not read the contents of files you do not select.https://www.googleapis.com/auth/calendar— to read availability and create booking events on the single calendar you select.
Cliniflo's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not transfer Google user data to third parties except as necessary to provide or improve user-facing features; we do not use it for advertising; we do not allow humans to read it except for security investigations with your consent or where required by law; we do not use it to train generalised AI/ML models.
You can disconnect Google at any time from Settings → Integrations → Google Workspace → Disconnect. This revokes Cliniflo's access token and deletes our stored refresh token.
8. Security
- All traffic is served over HTTPS (TLS 1.2+).
- Passwords are hashed with bcrypt. OAuth refresh tokens, API keys, and webhook secrets are encrypted with Fernet (AES-128-CBC + HMAC) at rest.
- Access to production systems is restricted to authorised personnel and logged.
- We run regular dependency and vulnerability scans.
9. Data retention
- Conversations and messages: retained as long as the Customer's account is active; deleted within 30 days of account closure on request.
- Bookings: retained for 6 years to satisfy UK financial-record obligations.
- Integration credentials: deleted immediately when the Customer disconnects the integration or closes the account.
- Billing records: retained for 6 years as required by HMRC.
10. Your rights
Where UK GDPR applies, you have the right to access, rectify, erase, or port your personal data, and to object to or restrict processing. To exercise any of these rights, email reece.gunn@gmail.com. If you are an End User communicating with a business that uses Cliniflo, please direct your request to that business in the first instance — they are the data controller. We will cooperate with them to fulfil your request.
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
11. Cookies
Cliniflo uses a small number of strictly necessary cookies for authentication and session management. We do not use analytics or advertising cookies on the public landing page or in the authenticated app.
12. Children
Cliniflo is intended for business use by Customers aged 18 and over. We do not knowingly collect data from children.
13. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email to active Customers. The "Last updated" date at the top of this page will always reflect the current version.
14. Contact
Questions, requests, or complaints: reece.gunn@gmail.com.
