Plain English summary: We collect only what we need to deliver the service. We never sell your data. Your client data belongs to you — always.
1. Who we are
Ecosysflow (“we”, “our”, “us”) is a medspa growth consultancy providing retention automation, compliance documentation, and revenue tracking to independent medspa owners in the US. Contact: hello@ecosysflow.com
2. What information we collect
Information you give us directly
- Contact information — name, email, phone, business name when you book a call or sign up.
- Business information — client volume, revenue estimates, and tools you use.
- Client data you share — exported client lists from Aesthetic Record, used solely to build your retention sequences. This data remains yours at all times.
- Payment information — processed through Payoneer. We do not store credit card numbers.
Information collected automatically
- Usage data — pages visited, browser type, device type, and IP address.
- Cookies — essential cookies only. No advertising or tracking cookies.
3. How we use your information
- To deliver the service — setting up sequences, building your dashboard, managing compliance documents.
- To communicate with you — onboarding calls, check-ins, service updates, responses to inquiries.
- To process payments — billing, refunds, and invoicing through Payoneer.
- To send service emails — revenue reports, sequence updates, compliance reminders. No unsolicited marketing.
4. Your client data — special commitment
- Client data is used exclusively to build and manage your retention sequences.
- We never sell, share, rent, or use client data for any other purpose.
- Client data is stored encrypted with restricted access.
- On cancellation, your full export is delivered within 48 hours then permanently deleted.
5. Who we share data with
We do not sell your data. We share only with these trusted providers for delivering the service:
| Provider | Purpose | Data shared |
|---|
| Payoneer | Payment processing & invoicing | Name, email, invoice amount only |
| Google Workspace | Dashboard, document storage | Client list data (encrypted) |
| Notion | Compliance documentation | Compliance checklist data |
| SimpleTexting | SMS sequence delivery | Client phone numbers only |
| Calendly | Call scheduling | Name and email address |
6. Data retention
We retain your data for as long as your account is active plus 12 months. Client list data is deleted immediately upon cancellation after your export is delivered. Request deletion anytime: hello@ecosysflow.com
7. Your rights
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion at any time
- Receive a portable copy of your data
- Opt out of non-essential communications
8. Security
We use SSL/TLS encryption, restricted access controls, and regular security reviews.
9. HIPAA notice
Ecosysflow is not a covered entity under HIPAA. The data we handle (name, contact, treatment types) does not constitute PHI. Consult your attorney for HIPAA compliance specific to your operations.
10. Changes & contact
We may update this policy with written notice. Questions: hello@ecosysflow.com