Privacy Policy

Arsinnovate LLC ("Arsinnovate," "we," "us," or "our") operates the Ars Flow platform and its vertical products: Ars Thalia (beauty, wellness, and aesthetic services), Ars Hygieia (medical and health services), and Ars Nereus (trades and field services) — collectively referred to as the "Services." This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our websites (arsflow.com, arsthalia.com, arshygieia.com, arsnereus.com), use our AI-powered communication tools, or otherwise interact with the Services.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

1. Information We Collect

Information You Provide

• Account information: Name, email address, phone number, business name, and business address when you create an account or join a waitlist
• Service configuration: Business details such as services offered, pricing, hours of operation, and scheduling preferences
• Payment information: Billing details processed through our third-party payment processors (we do not store full credit card numbers)
• Communications: Messages you send through our platform, including SMS conversations with our AI assistant and support inquiries
• Client data you upload: Contact lists, appointment records, and service histories you import into the platform

Information Collected Automatically

• Usage data: Pages visited, features used, time spent, clicks, and navigation patterns
• Device information: Browser type, operating system, device identifiers, IP address, and screen resolution
• SMS and communication metadata: Message timestamps, delivery status, opt-in/opt-out actions, and conversation session identifiers
• AI interaction data: Anonymized conversation patterns used to improve our AI models (never individual conversation content)

Information from Third Parties

• Calendar integrations: Appointment and availability data from connected scheduling tools
• Social platforms: Business profile information when you connect Facebook, Instagram, or WhatsApp for messaging

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services, including AI-powered answering, booking, and client communication
• Process transactions and send related information (confirmations, invoices, receipts)
• Send appointment reminders, cancellation recovery messages, and other service-related SMS communications on behalf of our business subscribers
• Respond to your inquiries, comments, and support requests
• Send promotional communications (only with your explicit consent; you may opt out at any time)
• Monitor and analyze usage trends to improve user experience
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations and enforce our terms

3. SMS and Messaging Disclosures

Our Services include AI-powered SMS and messaging communications. The following applies specifically to text message interactions:

• Consent is per-service: Each Arsinnovate vertical (Ars Thalia, Ars Hygieia, Ars Nereus) requires separate, explicit opt-in consent before sending SMS messages. Consenting to messages from one vertical does not authorize messages from another.
• Message frequency: Message frequency varies based on your interactions. Appointment-related messages are sent as needed. Promotional messages are limited and require separate consent.
• Opt-out: You may opt out of SMS communications at any time by replying STOP to any message. You will receive a single confirmation message and no further texts from that service.
• Help: Reply HELP to any message for support information.
• Message and data rates: Standard message and data rates may apply depending on your carrier and plan.
• AI disclosure: Our AI assistant will identify itself as an AI when directly asked. All AI-generated messages are sent on behalf of the business subscriber.
• Carrier data: No mobile information collected through SMS opt-in will be shared with third parties or affiliates for marketing or promotional purposes.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• With business subscribers: If you are a client interacting with a business through our platform, your communication data (messages, appointment details) is shared with that business
• Service providers: We share information with third-party vendors who perform services on our behalf (cloud hosting, SMS delivery, payment processing, analytics) under strict data processing agreements
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
• With your consent: We may share information for any other purpose with your explicit consent

5. Vertical-Specific Provisions

Ars Thalia (Beauty, Wellness & Aesthetic)

Ars Thalia processes appointment data, service preferences, and client communication histories for beauty and wellness businesses. Client preference data (e.g., preferred stylist, service history, product preferences) is stored to enable personalized service and may be retained as long as the business subscriber maintains an active account.

Ars Hygieia (Medical & Health Services)

Ars Hygieia is designed to be compliant with the Health Insurance Portability and Accountability Act (HIPAA). For Ars Hygieia subscribers, the following additional protections apply:

• Protected Health Information (PHI) is encrypted at rest and in transit
• Access to PHI requires multi-factor authentication (phishing-resistant FIDO2 or biometric)
• Audit logs are maintained for all access to PHI
• Business Associate Agreements (BAAs) are executed with all subprocessors handling PHI
• PHI is never used to train AI models
• De-identification follows the HIPAA Safe Harbor method when data is used for product improvement

Ars Nereus (Trades & Field Services)

Ars Nereus processes job scheduling data, service area information, and client communication for trades and field service businesses. Location data may be collected to support service area routing and dispatch functionality.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. We also retain information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, it is securely deleted or anonymized.

• Account data: Retained while the account is active, plus 90 days after account closure
• SMS/communication logs: Retained for 24 months for service quality and compliance purposes
• Billing records: Retained for 7 years per tax and financial reporting requirements
• Ars Hygieia PHI: Retained per HIPAA requirements (minimum 6 years from date of creation or last effective date)

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, and regular security assessments. While no method of electronic storage is 100% secure, we are committed to protecting your personal information using commercially reasonable safeguards.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain legal exceptions
• Portability: Request your data in a structured, machine-readable format
• Opt-out of marketing: Unsubscribe from promotional communications at any time
• Opt-out of SMS: Reply STOP to any text message from any of our verticals

State-Specific Rights

California (CCPA/CPRA): California residents have additional rights including the right to know what personal information is collected, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

Virginia (VCDPA), Texas (TDPSA), and other states: Residents of states with consumer data privacy laws may have similar rights to access, correct, delete, and opt out. Contact us to exercise these rights.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party tools (e.g., calendar platforms, social media). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes affecting how we process your data, we will provide additional notice (e.g., email or in-app notification).