Effective Date: July 8, 2026
Last Updated: July 8, 2026
This Privacy Policy explains how Ubexis Solutions ("Company," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our AI-powered front desk, patient reactivation, review automation, analytics, and related services (the "Services") provided to multi-location aesthetic, medical spa, and wellness businesses ("Clients").
This Policy applies to two distinct groups, and we describe each separately below:
If you are an End User with a question about a specific interaction, please contact the business you called or texted directly — we act on their instructions, and they control that relationship. Contact details are in Section 12.
Ubexis Solutions provides a managed, AI-powered operations system to multi-location aesthetic and wellness groups. This Policy covers:
This Policy does not cover the Client's own website, booking/EMR platform, or any tools the Client operates independently of our Services.
When the Services are active for a Client, we process, strictly on that Client's instructions:
We are a data processor / service provider with respect to End User information. The Client is the data controller and is responsible for having its own lawful basis, notices, and consents in place with its patients and customers. We do not use End User information for our own marketing or resell it under any circumstances.
We use the information above to:
We do not use End User call/message content to train general-purpose AI models outside the scope of delivering the Services to that specific Client, and we do not sell personal information.
Delivering the Services requires sharing data with a limited set of third-party subprocessors, each bound by contract to protect the data and use it only to provide their service to us:
| Category | Example Providers | Purpose |
|---|---|---|
| Voice AI / telephony | Twilio, Vapi, Retell, or equivalent | Answering calls, speech-to-text, text-to-speech |
| Large language model providers | Anthropic, OpenAI, or equivalent | Generating conversational responses from call/message content |
| SMS / messaging | Twilio | Sending and receiving text messages |
| Booking / EMR integration | Boulevard, Zenoti, Mangomint, or the Client's specified platform | Reading/writing appointment data |
| Cloud hosting & infrastructure | AWS, Google Cloud, or equivalent | Hosting the system and storing data |
| Payment processing | Stripe | Billing and invoicing |
A current list of subprocessors is available on request. We will notify Clients of any material change in subprocessors that handle their data.
Where the Services involve information that qualifies as Protected Health Information under HIPAA (U.S. Clients only), we will execute a Business Associate Agreement (BAA) with the Client before that data is processed. Our obligations, permitted uses, breach notification timelines, and subcontractor requirements are governed by that BAA, which supplements and, where inconsistent, controls over this Policy for PHI. Clients outside the U.S. should refer to Section 8 for the applicable regional framework.
We configure the AI so that it never provides clinical or medical advice; any interaction resembling a clinical question is escalated immediately to the Client's designated human staff.
We share information only as follows:
We do not share End User information with data brokers or for third-party advertising.
California and other U.S. residents may have the right to know what personal information is collected, request deletion, and opt out of the sale or sharing of personal information. We do not sell personal information. Requests can be submitted to team@ubexis.com.
We process personal information in accordance with Canadian federal privacy law where applicable, including providing individuals reasonable access to their information on request.
Where applicable, individuals have the right to access, correct, delete, restrict, or port their personal data, and to object to certain processing. Our legal basis for processing is generally performance of a contract with the Client or the Client's own legitimate interests/consent as data controller. International transfers outside the UK/EEA are made using appropriate safeguards (e.g., Standard Contractual Clauses).
We comply with applicable local data protection requirements for Clients operating in other covered geographies; contact us for jurisdiction-specific detail.
We use administrative, technical, and physical safeguards appropriate to the sensitivity of the data involved, including access controls, encryption in transit and at rest where supported by our subprocessors, and role-based access limiting internal staff access to only what each role requires. No system is completely secure; we will notify affected Clients of any confirmed data breach affecting their data without undue delay and in accordance with applicable law and any signed BAA.
Our website may use cookies or similar technologies for basic analytics and functionality. You can control cookies through your browser settings. We do not use cookies for third-party behavioral advertising.
The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from individuals under 18 through our website's lead-generation tools.
Questions about this Privacy Policy, or requests regarding your personal information, can be directed to:
Ubexis SolutionsWe may update this Policy from time to time. Material changes affecting Clients will be communicated per the notice provisions in the applicable MSA. The "Last Updated" date above reflects the most recent revision.