1. Introduction

Clientflo AI LLC ("Clientflo AI," "we," "us," or "our") is committed to protecting the privacy of individuals whose personal information we collect and process. This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with our website, services, and business operations.

By using our website, submitting information through our contact form or calendar, or engaging our services, you consent to the practices described in this Privacy Policy.

2. Who We Are

Clientflo AI LLC is a digital marketing agency registered in the United States. We provide digital marketing, advertising, and AI-powered lead generation services to clients across multiple jurisdictions, including Australia and the United States.

For questions about this Privacy Policy or your personal data, contact us at:

Email: [email protected]

3. Information We Collect

We collect personal information in the following ways:

3.1 Information You Provide Directly

Contact Form Submissions: Name, email address, phone number, and any additional information you choose to provide when contacting us through our website.

Calendar Bookings: Name, email address, phone number, and scheduling preferences when you book a call or appointment through our website calendar.

3.2 Information We Collect Through Service Delivery

In the course of providing services to our clients, we may collect and process information on their behalf, including:

Lead Information: Names, email addresses, phone numbers, and other contact details of individuals who interact with our clients' advertising campaigns, landing pages, or booking systems.

Advertising Platform Data: Campaign performance data, audience insights, and engagement metrics obtained through connected advertising accounts (e.g., Meta/Facebook Business Suite).

CRM Data: Contact records, appointment history, communication logs, and lead qualification data stored within our customer relationship management system (GoHighLevel), including client sub-accounts.

Calendar and Scheduling Data: Appointment details, availability preferences, and booking history from connected calendar systems.

3.3 Information Collected Automatically

When you visit our website, we may automatically collect:

- Device type and browser information

- IP address

- Pages visited and time spent on our website

- Referring website or source

We do not currently use cookies, tracking pixels, or similar tracking technologies on our website. If this changes in the future, we will update this Privacy Policy and implement appropriate consent mechanisms.

4. How We Use Your Information

We use personal information for the following purposes:

- Service Delivery: To provide digital marketing, advertising, and lead generation services to our clients, including campaign management, lead qualification, appointment booking, and reporting.

- Communication: To respond to inquiries submitted through our contact form, calendar bookings, or other channels.

- AI-Powered Lead Processing: To qualify leads and facilitate appointment booking through automated AI systems (see Section 5 below).

- Business Operations: To manage client relationships, maintain records, process payments, and administer contracts.

- Legal Compliance: To comply with applicable laws, regulations, and legal obligations.

- Business Development: To contact prospective clients via phone, email, or SMS in connection with our services.

5. AI-Powered Automated Processing

Clientflo AI uses artificial intelligence and automated systems as part of our lead qualification and appointment booking services. This means:

- What happens: When a lead interacts with a client's advertising campaign, landing page, or booking system, their information (including name, contact details, and responses to qualifying questions) may be processed by an automated AI system. This system is designed to qualify the lead based on predefined criteria and, where appropriate, facilitate appointment booking on behalf of our client.

- Nature of processing: The AI system may engage in automated conversations with leads via SMS, chat, or other messaging channels for the purpose of qualification and scheduling. These interactions are conducted by an AI system, not a human representative.

- Human oversight: While the initial qualification and booking process is automated, human review is available. Leads and clients may request human intervention at any point during the process.

- Data used: The AI system processes contact information, responses to qualifying questions, appointment preferences, and communication history.

- Your rights: If your information has been processed by our AI system and you wish to request human review of any automated decision, object to automated processing, or request deletion of your data, please contact us using the details in Section 2.

We are committed to using AI responsibly and transparently. Our AI systems are regularly reviewed to ensure accuracy and fairness in lead qualification.

SMS opt-in data and phone numbers collected for text message consent are processed by third-party systems solely for the purpose of delivering messages on behalf of Clientflo AI LLC, and are never shared with such parties for their own marketing or promotional use.

6. Our Role in Data Processing

Depending on the context, Clientflo AI acts in different data processing capacities:

- As a Data Controller: When we collect information directly through our website (contact form, calendar bookings) or through our own business development activities (cold calling, email, SMS outreach to prospective clients), we determine the purposes and means of processing and are responsible for that data.

- As a Data Processor: When we process personal information on behalf of our clients (e.g., managing leads in CRM sub-accounts, running advertising campaigns, processing lead data through AI systems), we act under our clients' instructions. In these cases, our clients are the data controllers and are responsible for ensuring they have a lawful basis for the collection and use of their customers' data.

Our obligations as a data processor are governed by our service agreements with each client, which include data processing provisions.

7. Legal Basis for Processing

We process personal information based on the following legal grounds:

- Consent: Where you have provided explicit consent (e.g., submitting a contact form, booking a calendar appointment).

- Contractual Necessity: Where processing is necessary to perform our contractual obligations to clients.

- Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., business development outreach, service improvement), provided those interests are not overridden by the rights of the individual.

- Legal Obligation: Where processing is required to comply with applicable laws or regulations.

8. Health Services Advertising Compliance (Australia)

Clientflo AI provides marketing services to clients in the health and cosmetic services industry in Australia, including medical spas (medspas). We acknowledge and operate in accordance with the following regulatory frameworks:

- Therapeutic Goods Administration (TGA): We do not make therapeutic claims about regulated goods or services in any advertising or marketing materials without appropriate substantiation and compliance with the Therapeutic Goods Act 1989 and the Therapeutic Goods Advertising Code.

- Australian Health Practitioner Regulation Agency (AHPRA): Where our clients are registered health practitioners, we ensure that advertising materials comply with the National Law and AHPRA's advertising guidelines, including prohibitions on testimonials for regulated health services, restrictions on before-and-after images, requirements to avoid creating unrealistic expectations, and prohibitions on offering incentives to attract patients.

- Client Responsibility: While we take reasonable steps to ensure marketing materials comply with TGA and AHPRA requirements, our clients are ultimately responsible for ensuring the accuracy of claims, the appropriateness of services advertised, and compliance with their professional registration obligations.

- Data Handling: Personal information collected through health services marketing campaigns is treated with heightened sensitivity. We do not collect or process health records. Any health-related information voluntarily provided by leads during the qualification process (e.g., service interests, consultation preferences) is handled in accordance with this Privacy Policy and applicable privacy legislation.

9. Sharing Your Information

Mobile opt-in data and phone numbers collected for SMS messaging will never be sold, rented, or traded with any third party for marketing or promotional purposes. While SMS delivery and automation may involve third-party platforms and AI systems acting solely as service providers on our behalf, these parties are contractually prohibited from using SMS opt-in data for any purpose other than delivering messages on behalf of Clientflo AI LLC. SMS consent data is never shared with external parties for their own marketing use, and is used solely to communicate with individuals who have explicitly opted in to receive messages from Clientflo AI LLC.

We may share personal information with the following parties:

- Our Clients: Lead and appointment data collected through campaigns and AI systems is shared with the relevant client for whom the campaign is operated.

- Service Providers: We use third-party platforms to deliver our services, including GoHighLevel (CRM and automation), Meta/Facebook (advertising), and calendar scheduling tools. These providers process data in accordance with their own privacy policies and our agreements with them.

- AI Service Providers: Lead data processed through our AI qualification systems may be transmitted to third-party AI service providers for processing. These providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

- Legal and Regulatory Authorities: Where required by law, regulation, legal process, or enforceable governmental request, we may disclose personal information to the relevant authorities. We will take reasonable steps to notify affected individuals of such disclosures unless prohibited from doing so by law.

- Business Transfers: In the event of a merger, acquisition, sale of assets, or other business restructuring, personal information we hold may be transferred to the relevant successor entity. We will notify affected individuals of any such transfer and any material changes to this Privacy Policy.

10. Cross-Border Data Transfers

Clientflo AI LLC is based in the United States and operates services on behalf of clients in Australia and other jurisdictions. As a result, personal information collected in Australia or relating to Australian individuals may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

Where we transfer personal information outside of Australia, we take reasonable steps to ensure that the recipient handles that information in a manner consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) or is subject to a law or binding scheme that provides comparable protections.

By submitting your information to us or engaging with our clients' campaigns, you acknowledge that your information may be transferred internationally as described in this Policy.

11. Data Retention

We retain personal information only for as long as is necessary for the purposes for which it was collected, or as required by law.

- Lead and campaign data collected on behalf of clients is retained for the duration of our engagement with that client and for a reasonable period thereafter, unless a shorter retention period is requested by the client or the individual.

- Website inquiry and booking data is retained for a period of up to 24 months from the date of collection, unless a longer period is required for legal or contractual purposes.

- Business development data (contact details of prospective clients) is retained for a reasonable period to pursue the relevant business relationship, after which it is securely deleted or de-identified.

When personal information is no longer required, we will take reasonable steps to destroy or permanently de-identify it in a secure manner.

12. Security of Your Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:

- Access controls limiting system access to authorised personnel only

- Use of encrypted and password-protected platforms for data storage and communication

- Data processing agreements with third-party service providers

- Regular review of our data handling practices and security measures

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of personal information.

13. Data Breach Response

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

1. Contain the breach and take immediate steps to prevent further data loss or access.

2. Assess the nature and scope of the breach, including what data was affected and who was involved.

3. Notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals as required under the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), as soon as practicable after becoming aware of the breach.

4. Document the breach, its effects, and the remedial steps taken.

5. Review the root cause and update our processes and controls to prevent recurrence.

Where we become aware of a breach affecting data we process on behalf of a client, we will notify that client promptly so they can fulfil their own obligations.

14. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These include:

Australian Individuals (Privacy Act 1988 - Australian Privacy Principles)

- Right of Access: You may request access to the personal information we hold about you.

- Right to Correction: If you believe personal information we hold about you is inaccurate, incomplete, or out of date, you may request that we correct it.

- Right to Complain: You have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe we have interfered with your privacy. Visit [www.oaic.gov.au](https://www.oaic.gov.au) for more information.

- Automated Decision-Making: If your information has been used in an automated decision that significantly affects you, you may request human review of that decision.

US Individuals (California - CCPA/CPRA, where applicable)

Where the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies to our processing of your information, you may have the following rights:

- Right to Know: Request information about the categories and specific pieces of personal data we have collected about you, and how it has been used or shared.

- Right to Delete: Request deletion of your personal information, subject to certain exceptions.

- Right to Correct: Request correction of inaccurate personal information we hold about you.

- Right to Opt-Out: Opt out of the sale or sharing of your personal information. Clientflo AI does not sell personal information to third parties.

- Right to Non-Discrimination: You will not be penalised for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law (generally 30 days under Australian law, and 45 days under CCPA/CPRA).

We may need to verify your identity before processing your request. We will not charge a fee for reasonable access requests.

15. Third-Party Websites and Links

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of external sites.

16. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a person under 18, please contact us immediately and we will take prompt steps to delete that information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or business practices. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated Policy.

18. Contact Us and Complaints

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a concern about how we have handled your personal information, please contact us at:

Clientflo AI LLC

Email: [email protected]

Website: https://clientflo.ai/

For Australian individuals: If you are not satisfied with our response to a complaint, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) at [www.oaic.gov.au].

For US individuals: If you are a California resident and have concerns about our data practices, you may contact the California Privacy Protection Agency at [www.cppa.ca.gov](https://www.cppa.ca.gov).