ChatOS Privacy Policy

ChatOS is a communication command center for medspa, beauty, wellness, and similar service businesses. This Privacy Policy explains how ABL services LLC collects, uses, discloses, and protects information when businesses and their authorized users access our website, login flows, onboarding flows, communication inbox, integrations, widgets, and related services.

When we process client or conversation data on behalf of a customer workspace, the customer remains responsible for its relationship with its own clients, patients, prospects, subscribers, and messaging contacts. We process that workspace content to provide the service, follow workspace configuration, support connected integrations, maintain security, and comply with applicable law.

Information we collect

We collect account, workspace, and user information such as names, business names, email addresses, roles, login identifiers, connected account identifiers, settings, permissions, and onboarding status.

We collect operational communication data needed to route and display conversations, including names, contact details, channel identifiers, message content, attachments or metadata where supported, timestamps, delivery state, staff actions, contact matching decisions, status labels, booking links, payment links, form links, and audit events.

We collect technical and usage data such as device and browser information, IP address, log data, page or feature usage, errors, security events, integration health, and similar diagnostic information.

How we use information

We use information to provide, secure, maintain, and improve the service; authenticate users; connect channels; route inbound messages; support staff-approved replies; generate operational status; provide support; detect misuse; comply with legal obligations; and enforce applicable terms.

AI-assisted features, where enabled, are used to help draft or summarize communication workflows for staff review. They are not intended to diagnose, treat, or provide medical advice.

Sharing and service providers

We do not sell personal information. We may share information with hosting, database, security, analytics, messaging, payment, support, and other operational service providers that help us run the platform.

We also exchange information with third-party integrations that a workspace connects, such as Meta, Google, TikTok, Twilio, Telegram, Stripe, website chat infrastructure, booking systems, CRM systems, or other services selected by the workspace. Those providers may have their own policies and terms.

We may disclose information when required by law, to protect rights and safety, to investigate fraud or abuse, or as part of a merger, acquisition, financing, reorganization, or transfer of assets.

Healthcare and sensitive information

The platform is designed to be HIPAA-aware and PHI-minimizing, but public messaging channels such as SMS, Instagram, Facebook, TikTok, Telegram, and website chat may not be appropriate for sensitive medical details. Customers are responsible for configuring workflows, staff training, notices, consents, and secure alternatives.

Do not use the service for emergencies, diagnosis, treatment recommendations, or medical decision-making. Sensitive requests should be routed to staff review, secure forms, an official client portal, or another approved workflow.

Retention, rights, and choices

We retain information for as long as needed to provide the service, maintain security, resolve disputes, comply with legal obligations, and support legitimate business records. Retention periods may vary by workspace, connected channel, legal requirement, and customer configuration.

Depending on your location and relationship to the service, you may request access, correction, deletion, portability, restriction, objection, or other privacy rights. If your data is controlled by one of our customer workspaces, we may direct you to that customer so the request can be handled by the correct business.

To request deletion or review data associated with this platform, follow the instructions on the data deletion page.

Security, children, and changes

We use administrative, technical, and organizational safeguards designed to protect information. No system is perfectly secure, and customers should limit connected users to authorized staff and maintain appropriate access controls.

The service is intended for business use and is not directed to children. We may update this Privacy Policy from time to time, and the updated version will be posted at this same URL.