MedSpa Butler← Back to home

Privacy Policy

Effective date: June 18, 2026

This Privacy Policy explains how MedSpa Butler ("we," "us," or "our") collects, uses, and shares information when you use our software-as-a-service platform and websites (the "Service").

1. Information we collect

  • Account information — the spa name, email address, phone number, and password you provide when registering.
  • Client data you upload — information about your clients (such as names, contact details, appointments, and treatment records) that you import or enter to use the Service on your behalf.
  • Billing information — handled by our payment processor, Stripe. We do not store full card numbers.
  • Usage and device data — basic logs and analytics generated when you use the Service.

2. How we use information

  • To provide, maintain, and improve the Service.
  • To send messages on your behalf to your clients (for example, SMS and email reminders) as you configure.
  • To process payments and manage your subscription.
  • To communicate with you about your account, support requests, and service updates.
  • To detect, prevent, and address security or technical issues.

3. Roles and your clients' data

For the client data you upload, you are the controller and MedSpa Butler acts as a processor that handles that data on your instructions. You are responsible for having a lawful basis and any required consents to process your clients' information and to contact them.

4. How we share information

We do not sell your personal information. We share information with service providers who help us operate the Service, including:

  • Supabase — database, authentication, and file storage
  • Stripe — payment processing
  • Twilio — SMS delivery
  • Resend — email delivery
  • Vercel and Railway — application hosting

We may also disclose information if required by law or to protect our rights, and in connection with a business transfer.

5. Data retention

We retain your information for as long as your account is active and as needed to provide the Service, comply with legal obligations, and resolve disputes. You may request deletion of your data as described below.

6. Security

We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal information. To make a request, contact us at the address below. If you are an end client of a med spa using the Service, please contact that business directly, as they control your data.

8. International transfers

Your information may be processed in the United States and other countries where we or our service providers operate.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date.

10. Contact

Questions or requests? Email support@medspabutler.com.

This document is a template provided for general informational purposes and is not legal advice. Have it reviewed by qualified counsel and complete the placeholders (legal entity name, address, and any jurisdiction-specific disclosures such as GDPR/CCPA) before relying on it.