Privacy Policy

AFT Labs ("AFT Labs," "we," "us," or "our") builds done-for-you AI revenue systems for aesthetic, wellness, property management, and other service businesses. This Privacy Policy describes how we collect, use, share, and protect information when you visit aftlabsai.com (the "Site"), submit an inquiry, or engage us to deliver services (the "Services").

Information you provide directly. When you fill out an inquiry form, book a call, send us an email, or enter into an engagement, you may give us your name, business name, job title, email address, phone number, website URL, the tools you use, and details about your business goals.

Information collected automatically. When you visit the Site we automatically collect IP address, device and browser type, operating system, referring URL, pages viewed, time on page, and similar usage data. This is collected via server logs, cookies, and analytics tools described in our Cookie Policy.

Information from clients. When we deliver Services, we may process business data you authorize us to access, including CRM records, scheduling data, message transcripts, call recordings, and reporting data. This data is governed by our Terms of Service and, where applicable, a separate Business Associate Agreement (BAA) or Data Processing Addendum (DPA).

We use the information we collect to:

• Respond to inquiries and provide the Services you requested.
• Build, configure, deploy, and improve AI workflows for clients.
• Send invoices, reports, and engagement-related communications.
• Send marketing communications about AFT Labs products and content you can opt out of at any time.
• Measure marketing performance and improve our Site, content, and advertising.
• Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Comply with legal obligations and enforce our agreements.

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: (a) performance of a contract with you or your organization, (b) our legitimate interests in running and growing our business, (c) your consent where required (for example, certain cookies and marketing communications), and (d) compliance with legal obligations.

We do not sell personal information. We share information with:

• Service providers who help us run the Site and deliver Services, including hosting (Vercel), analytics (Google Analytics, Vercel Analytics, Leadsy), advertising measurement (Meta Pixel), CRM and chat tools (LeadConnector / HighLevel), email and calendar providers, telephony and messaging providers, and large language model providers. Each is contractually required to handle data only for the purposes we authorize.
• Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred subject to standard confidentiality protections.
• Legal and safety. We may disclose information when required by law, subpoena, or court order, or to protect the rights, property, or safety of AFT Labs, our clients, or others.

We use cookies and similar tracking technologies on the Site. For a detailed list of the cookies we use, why we use them, and how to control them, see our Cookie Policy.

When we provide Services to a HIPAA-covered entity that involve Protected Health Information (PHI), we enter into a Business Associate Agreement and process PHI only as permitted by that BAA, HIPAA, and applicable state law. We use administrative, physical, and technical safeguards consistent with the HIPAA Security Rule. Visitors should not submit PHI through the Site contact forms.

We use industry-standard safeguards, including encryption in transit (TLS), encryption at rest (AES-256 where supported), access controls, and least-privilege access for personnel. No system is perfectly secure, and we cannot guarantee absolute security. If we discover a security incident affecting your information, we will notify you as required by law.

We retain information only as long as needed for the purposes described in this Policy and to satisfy legal, accounting, and reporting requirements. Inquiry data is typically retained for up to 24 months from your last interaction. Client engagement data is retained according to the applicable SOW or BAA. You can request deletion at any time using the contact details below.

Depending on your location, you may have the following rights with respect to your personal information:

• Access a copy of the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal information.
• Object to or restrict certain processing, including direct marketing.
• Request portability of your personal information.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority (EEA / UK residents).

California residents have additional rights under the CCPA / CPRA, including the right to know what categories of personal information we collect, the right to delete, the right to correct, the right to opt out of any sharing or sale (we do not sell), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, email info@aftlabsai.com. We may need to verify your identity before fulfilling your request.

AFT Labs operates in the United States. If you access the Site from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.

The Site and Services are intended for business users and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

You can opt out of marketing emails at any time using the unsubscribe link in any email or by contacting us. Transactional and engagement-related messages (such as invoices and project updates) may continue to be sent while you have an active engagement with us.

The Site may link to third-party websites and tools. We are not responsible for the privacy practices of those parties. Review their privacy policies before providing information.

We may update this Policy from time to time. Updates are effective when posted, and we will revise the "Last updated" date. Material changes affecting how we use your information will be communicated by a prominent notice on the Site or, where appropriate, by email.

Questions or requests regarding this Policy can be sent to info@aftlabsai.com.