SpaSphere.ai

SpaSphere Privacy Policy

Effective Date: April 13, 2026

SpaSphere, Inc. (“SpaSphere,” “we,” “our,” or “us”) provides software and related services for beauty, wellness, and related service businesses, including websites, booking flows, client management tools, messaging tools, payment-related integrations, analytics, monitoring, logging, and AI-powered features (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Services, including as a Tenant or authorized business user, or when you interact with a SpaSphere-powered booking page, website, form, checkout flow, or related interface as an End Client.

By using the Services, you agree to this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information we collect through:

  • SpaSphere websites and web applications
  • SpaSphere-powered mobile and browser-based experiences
  • public booking pages, forms, and checkout flows powered by SpaSphere
  • integrations connected through the Services
  • communications with SpaSphere
  • support interactions
  • analytics, monitoring, logging, and technical interactions with the Services

This Privacy Policy does not apply to third-party websites, services, or integrations that are not controlled by SpaSphere, even if they are linked to or connected with the Services.

2. Who This Policy Covers

This Privacy Policy applies to:

  • Tenants, meaning businesses, professionals, and authorized users who register for and use SpaSphere for business purposes
  • End Clients, meaning individuals who book appointments, purchase services, submit forms, make payments, redeem packages, or otherwise interact with a Tenant through a SpaSphere-powered experience

For data connected to a Tenant's relationship with its End Clients, the Tenant is generally the primary controller or “business,” and SpaSphere generally acts as a service provider or processor, except where SpaSphere processes information for its own legitimate operational purposes as described in this Privacy Policy.

3. Information We Collect

We collect personal information in the categories described below.

A. Information You Provide Directly

Depending on how you use the Services, we may collect:

Account and contact information

  • name
  • email address
  • phone number
  • business name
  • business address
  • profile photo or logo
  • login credentials or authentication-related data

Business and professional information

  • business type
  • service offerings
  • service descriptions
  • pricing
  • business hours
  • staff information
  • cancellation and booking policies
  • branding content
  • website content and public business details

Appointment and client data

  • appointment and scheduling details
  • calendar-related data
  • client notes
  • client contact information entered by a Tenant
  • intake responses or booking form submissions
  • package, membership, or booking-related details

Payment and billing information

  • billing address
  • Stripe account identifiers
  • payment-related tokens or references
  • transaction metadata
  • subscription and billing information

Integration data

If you connect third-party services, we may collect or store information needed to support those integrations, such as:

  • Google account email for calendar integration
  • encrypted access and refresh tokens
  • synced event identifiers
  • external account references

Communications and support information

  • emails you send to us
  • support requests
  • support chat content
  • messages sent through support systems such as Chatwoot
  • account troubleshooting details

AI-related inputs

  • prompts
  • instructions
  • text submitted for generation, rewriting, or suggestion features
  • generated outputs stored in connection with your use of AI-powered features

B. Information We Collect from End Clients Through SpaSphere-Powered Flows

When an End Client uses a SpaSphere-powered booking page, form, or checkout flow, we may collect information such as:

  • name
  • phone number
  • email address
  • booking details
  • selected services or packages
  • appointment preferences
  • payment-related information or payment tokens handled through integrated processors
  • notes or form responses submitted in connection with booking

This information may be collected on behalf of the applicable Tenant in order to provide the booking, scheduling, payment, communication, and related platform functionality.

C. Information from Third Parties and Other Sources

We may collect information from third parties and other sources, such as:

  • Stripe and other payment-related providers
  • Google Calendar and other authorized integrations
  • service providers supporting fraud prevention, analytics, communications, support, or infrastructure
  • identity, abuse, safety, or fraud-related signals from third-party tools or sources
  • other information you direct third parties to provide to us

We may also receive supplemental information for identity verification, fraud prevention, abuse detection, security review, or account protection purposes, to the extent permitted by law.

D. Information Collected Automatically

When you access or use the Services, we and our service providers may automatically collect technical, device, and usage information, including:

  • IP address
  • browser type and version
  • device type and identifiers
  • operating system
  • referral source
  • pages viewed
  • feature usage
  • interaction events
  • timestamps
  • session activity
  • approximate location inferred from IP address
  • crash data
  • performance metrics
  • diagnostic events
  • error logs
  • security and abuse-monitoring signals

We may use cookies, pixels, local storage, session technologies, and similar tools to support authentication, preferences, analytics, monitoring, security, and product improvement.

We use tools such as Google Analytics, PostHog, Logfire, and Sentry to help us understand usage, monitor performance, investigate issues, log system events, track errors, and improve the Services.

4. How We Use Information

We use personal information for business and operational purposes, including to:

  • provide, operate, maintain, and improve the Services
  • create and manage accounts
  • support appointment scheduling, booking flows, packages, and client interactions
  • sync appointments and related data with connected integrations such as Google Calendar
  • process subscription billing and support payment-related functionality through Stripe and related providers
  • send confirmations, reminders, receipts, system notifications, and other service-related communications
  • provide support and troubleshoot issues
  • monitor system health, uptime, performance, diagnostics, errors, abuse signals, and security events
  • prevent fraud, spam, abuse, unauthorized access, and other harmful activity
  • personalize product experiences and improve workflows
  • support AI-powered features and generate requested outputs
  • analyze usage patterns and improve product design, performance, reliability, and usability
  • enforce our Terms of Service and other platform rules
  • comply with legal obligations, investigations, and valid legal process
  • protect the rights, safety, property, and security of SpaSphere, our users, End Clients, and the public

5. AI Features and Related Data Use

SpaSphere may offer AI-powered features that process prompts, inputs, client or business context, and related content in order to generate suggested text, drafts, recommendations, summaries, or other outputs.

When you use AI-powered features:

  • your submitted prompts and related inputs may be processed to generate outputs
  • generated outputs may be stored as part of your account or workflow history
  • SpaSphere may use aggregated, anonymized, or de-identified usage data to improve platform features, analytics, reliability, and product performance
  • certain AI-related processing may involve third-party subprocessors or service providers that help us deliver the requested feature

You should not submit protected health information or other regulated medical data into AI-powered features unless SpaSphere expressly supports that use case in writing.

6. No Medical Software; Health-Related Information

Important: SpaSphere is not medical software. SpaSphere is not a medical record system and is not represented as HIPAA-compliant unless SpaSphere expressly states otherwise in a separate written agreement.

You should not upload or store protected health information or other regulated medical data in the Services. If such data is submitted, SpaSphere reserves the right, but not the obligation, to remove, restrict, redact, or permanently delete such data in order to preserve the non-medical nature of the platform and reduce compliance risk.

7. How We Disclose Information

We may disclose personal information in the following circumstances:

A. Service Providers and Vendors

We may disclose information to vendors and service providers that help us operate the Services, including providers supporting:

  • payment processing
  • calendar sync and integrations
  • cloud hosting and infrastructure
  • communications and notifications
  • customer support
  • analytics
  • monitoring, logging, and diagnostics
  • error tracking
  • fraud prevention and security
  • AI feature delivery

Examples may include Stripe, Google, Twilio, Resend, Chatwoot, Google Analytics, PostHog, Logfire, and Sentry.

B. At Your Direction

We may disclose information when you direct us to do so, such as when you connect an integration or choose to use a third-party service through the platform.

C. Legal, Security, and Protection Purposes

We may disclose information if we believe doing so is necessary to:

  • comply with law, regulation, subpoena, court order, or other legal process
  • investigate or prevent fraud, abuse, security incidents, or unlawful conduct
  • enforce our Terms of Service or other policies
  • protect the rights, safety, or property of SpaSphere, users, End Clients, service providers, or the public

D. Business Transfers

We may disclose information in connection with an actual or proposed merger, acquisition, financing, asset sale, bankruptcy, reorganization, or similar business transaction.

E. Professional Advisors

We may disclose information to legal, accounting, insurance, financial, and other professional advisors where necessary to support and protect our business.

F. Aggregated or De-Identified Information

We may disclose aggregated, anonymized, or de-identified information that does not reasonably identify a person.

8. Cookies, Analytics, and Similar Technologies

We use cookies and similar technologies to:

  • keep users logged in
  • remember preferences
  • secure sessions
  • analyze usage
  • understand feature adoption
  • monitor errors and performance
  • improve product experience

We currently use analytics and monitoring tools including Google Analytics, PostHog, Logfire, and Sentry.

These tools may collect information such as:

  • IP address
  • browser and device data
  • pages viewed
  • session behavior
  • feature interactions
  • timestamps
  • crash and error information
  • performance and diagnostic data

You may be able to control some cookie settings through your browser. Disabling certain cookies may affect functionality.

SpaSphere does not currently describe its practices as selling or renting personal information for advertising or audience matching purposes.

9. Communications

SpaSphere may send:

  • transactional emails
  • appointment confirmations and reminders
  • receipts
  • booking updates
  • account and billing notifications
  • support and security communications
  • optional SMS notifications where enabled

SMS-related communications may be delivered through providers such as Twilio. Transactional email communications may be delivered through providers such as Resend.

Message frequency may vary based on account activity, booking activity, and notification settings. Message and data rates may apply depending on the recipient's carrier and plan.

10. Data Retention

We retain personal information for as long as reasonably necessary to:

  • provide the Services
  • maintain accounts
  • support bookings, transactions, and communications
  • comply with legal, tax, accounting, and audit obligations
  • address disputes, chargebacks, refunds, and fraud prevention
  • enforce our agreements
  • support backup, disaster recovery, and security operations

If a Tenant cancels its subscription, the account may remain in a recoverable inactive state for up to three (3) months. During that period, associated data may be recoverable. After that period, SpaSphere may permanently delete account data, subject to limited retention where reasonably necessary for:

  • payments and transaction history
  • tax and accounting records
  • fraud prevention and security logging
  • legal compliance and dispute resolution
  • backup and disaster recovery systems for a limited period

11. Your Choices and Rights

Depending on your relationship with SpaSphere and your location, you may have the right to:

  • access certain personal information
  • correct certain personal information
  • request deletion of certain personal information
  • disconnect certain integrations
  • request an export of your data
  • opt out of certain optional communications

Tenants may also be able to manage certain account data directly within the Services.

To submit a privacy, data access, correction, export, or deletion request, contact: support@spasphere.ai

If you are an End Client and your request relates primarily to a Tenant's business records or client relationship data, we may direct you to contact the applicable Tenant first, unless applicable law requires otherwise.

12. California and Other U.S. State Privacy Rights

Residents of certain U.S. states, including California, may have privacy rights under applicable state privacy laws, which may include rights to access, correct, delete, or obtain information about how personal information is collected, used, or disclosed.

SpaSphere does not sell or rent personal information in the ordinary sense of those words. We process personal information primarily to provide and support the Services.

To exercise applicable privacy rights, contact support@spasphere.ai.

We will not unlawfully discriminate against you for exercising privacy rights provided under applicable law.

If we deny a rights request and applicable law gives you a right to appeal, you may submit your appeal by replying to our response or contacting support@spasphere.ai with “Privacy Appeal” in the subject line.

13. Children's Privacy

SpaSphere is not intended for children under 13, and we do not knowingly collect personal information directly from children under 13.

If you believe a child under 13 has provided personal information to SpaSphere, contact support@spasphere.ai, and we will take appropriate steps to review and address the matter.

14. Security

We use administrative, technical, and organizational measures designed to protect personal information, including measures such as:

  • encrypted transmission over HTTPS
  • encrypted storage of certain tokens and credentials
  • access controls
  • system monitoring
  • logging and diagnostics
  • error tracking
  • backup and recovery processes

No system can be guaranteed completely secure, and SpaSphere cannot guarantee absolute security.

15. Third-Party Links and Services

The Services may contain links to third-party websites or services. We are not responsible for the privacy, security, or information practices of third parties. Their practices are governed by their own policies and terms.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by email, in-product notice, or other reasonable means before the changes become effective.

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acknowledgment of the revised Policy.

17. Contact Us

If you have questions about this Privacy Policy or want to submit a privacy-related request, contact:

SpaSphere, Inc.

Support: support@spasphere.ai