Legal

Privacy Policy

How au2.bot collects, uses, and protects your information. Your privacy matters to us.

Last updated: May 30, 2026

shield_lock
HIPAA Compliant

Clinical data handled to HIPAA standards with Business Associate Agreements.

public
GDPR & CCPA Ready

Regional data protection, data subject rights, and consumer opt-outs.

mail
Contact us

Privacy questions? Email legal@au2.bot

1. Introduction

At au2.bot ("we," "us," or "our" — a design product developed by stealth startup 0 labs), we are committed to protecting your privacy. We take great care with your personal information when you access or use au2.bot and related websites, applications, and services (collectively, the "Services").

This Privacy Policy explains how we treat your personal information. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy. If you do not agree, you may not use the Services.

2. HIPAA and Protected Health Information

Certain demographic and health-related information that au2.bot collects about users on behalf of healthcare providers may be "protected health information" ("PHI") governed by the Health Insurance Portability and Accountability Act ("HIPAA").

When au2.bot receives identifiable information about a user on behalf of a healthcare provider that is a "Covered Entity" under HIPAA, and au2.bot acts as a "Business Associate," that information is regulated as PHI and is subject to HIPAA protections, not this Privacy Policy.

Personal information that users provide when au2.bot is not acting as a Business Associate is covered by this Privacy Policy. This includes information you provide when you:

  • Create an account or search for healthcare providers
  • Post reviews or provide feedback
  • Browse our website (device/IP information)
  • Authorize a covered entity to disclose PHI to au2.bot via a HIPAA Authorization form

3. Personal Data We Collect

3.1 Information You Provide Directly

  • Account Information — name, email address, phone number, mailing address
  • Booking Data — appointment date/time, provider information, appointment procedure, patient status
  • Communications — messages, reviews, feedback, survey responses
  • Business Information — practice or property name, organizational details (when applicable)

3.2 Information Collected Automatically

  • Device & Browser Data — IP address, device type, operating system, browser type
  • Usage Data — pages visited, time on site, clicks, scroll depth, referring URL
  • Location Data — IP address-based location information
  • Cookies & Tracking Technologies — for session management, analytics, and advertising preferences

3.3 Information from Third Parties

  • Service Providers — payment processors, analytics partners, communication providers
  • Healthcare Providers — appointment and billing information to facilitate booking and care coordination
  • Social Networks — if you sign in via third-party credentials
  • Advertising Partners — information about how you interact with advertisements

4. How We Use Your Information

We use your personal data for the following purposes:

  • Providing, customizing, and improving the Services
  • Creating and managing your account
  • Processing payments and billing
  • Sending service updates, appointment reminders, and communications
  • Marketing the Services and showing you relevant advertisements
  • Analyzing usage patterns and optimizing the Services
  • Detecting, preventing, and addressing fraud or security incidents
  • Complying with legal obligations and resolving disputes

5. How We Share Your Information

We share your personal data with the following categories of third parties:

  • Service Providers — payment processors, hosting providers, analytics partners, security consultants
  • Healthcare Providers — when you choose to book an appointment or authorize sharing
  • Advertising Partners — for targeted advertising and interest-based ads
  • Legal Requirements — when required by law, court order, or regulatory authority
  • Business Transfers — in the event of a merger, acquisition, or bankruptcy

We do not sell consumer personal information to unaffiliated parties for money. However, we may share cookies and web analytics data with advertising partners in a manner that might be considered "sharing" or "selling" under privacy laws like the CCPA.

6. Tracking Technologies and Cookies

Au2.bot uses cookies, web beacons, pixels, and similar tracking technologies to recognize your device, understand how you use the Services, and personalize your experience. We use the following types of cookies:

  • Essential Cookies — required for login and basic functionality
  • Functional Cookies — remember your preferences and settings
  • Analytics Cookies — measure usage and performance
  • Advertising Cookies — deliver targeted advertisements based on your interests

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Services. We do not currently honor "Do Not Track" browser signals, except as required by applicable privacy laws.

7. Interest-Based Advertising

We and our advertising partners may serve you targeted advertisements based on your online activity, interests, and demographics. This information may include IP address, device ID, browsing history, and geographic location. Even if you opt out of interest-based advertising, you will still see non-targeted ads from au2.bot.

8. Data Security

We implement industry-standard security measures to protect your personal data, including encryption (SSL/TLS), access controls, and secure data storage. However, no method of transmission over the internet is 100% secure. While we work to protect your information, we cannot guarantee absolute security and are not responsible for unauthorized access, loss, or disclosure of your data.

9. Data Retention

We retain your personal data as long as necessary to provide the Services, fulfill the purposes for which it was collected, or comply with legal obligations. Retention periods vary based on the type of data and applicable laws:

  • Account information is retained as long as your account is active
  • Booking and appointment data is retained per healthcare provider requirements and legal obligations
  • Analytics and usage data is retained for performance monitoring
  • PHI is retained per Business Associate Agreements and HIPAA requirements

10. Children's Privacy

The Services are not directed to individuals under 13 years of age. We do not knowingly collect personal data from children under 13. If we learn that we have received personal data from a child under 13 without parental consent, we will delete that information and contact the parent or guardian.

If you are between 13 and the age of majority, you may use the Services only with parental or guardian consent or supervision.

11. Your Rights and Choices

11.1 General Rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal data
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Withdraw consent for marketing communications

To exercise these rights, email us at legal@au2.bot with your request. We will respond within 30 days.

11.2 California Consumer Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know — request what personal data we collect and how we use it
  • Right to Delete — request deletion of your personal data (subject to exceptions)
  • Right to Correct — request correction of inaccurate information
  • Right to Opt-Out — opt out of the sharing of your personal data for targeted advertising
  • Right to Limit Use — limit use of sensitive personal information to necessary business purposes

We will not discriminate against you for exercising your CCPA rights. To exercise these rights, contact us at legal@au2.bot and indicate "California Rights" in the subject line.

12. International Data Transfers

Au2.bot operates globally. Your personal data may be transferred to, stored in, and processed in the United States or other countries. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards to ensure your data receives adequate protection.

13. Third-Party Links

Our Services may contain links to third-party websites and services. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. Please review their privacy policies before sharing your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, requests, or concerns:

If you are a resident of the European Economic Area, UK, or other GDPR-equivalent jurisdiction and have concerns about our processing of your data, you have the right to lodge a complaint with your local data protection authority.