This Privacy Policy describes how Doctor Lead Flow LLC ("Doctor Lead Flow," "we," "our," or "us") collects, uses, discloses, and protects personal information. This policy applies to our website (doctorleadflow.com), our platform (including CRM, AI chatbot, AI voice appointment agent, and automation tools), and all related services.
Our Dual Data Role: Doctor Lead Flow acts in two capacities: (a) as a data controller for information we collect directly from our website visitors, leads, and prospective clients; and (b) as a data processor for personal data we process on behalf of our clinic clients. This Privacy Policy primarily addresses our role as a data controller. Our processing of data on behalf of clients is governed by the Data Processing Agreement between Doctor Lead Flow and the respective client.
Communication: sending service updates, coaching session reminders, onboarding materials, and support responses
Marketing (with consent): sending promotional communications about our services
Analytics and improvement: monitoring platform performance, analyzing usage patterns, improving AI accuracy
Security: detecting and preventing fraud, unauthorized access, and platform abuse
Legal compliance: meeting regulatory obligations, responding to legal requests
AI-Specific Processing: AI chatbot and voice agent interactions are processed to generate responses, book appointments, route inquiries, and perform follow-up actions. We retain AI interaction logs for 90 days for quality assurance. We do not use client data to train general AI models. De-identified, aggregated interaction patterns may be used to improve prompt configurations and system performance.
4. HOW WE SHARE INFORMATION
4.1 Service Providers and Subprocessors
We share personal information with trusted third-party vendors that assist in providing our services, including: GoHighLevel (CRM and automation), Stripe (payment processing), Meta and Google (advertising), Slack (communication), and LLM providers (AI processing). These parties access information only as needed to perform their services and are contractually required to protect it.
4.2 Legal Requirements
We may disclose information if required by law, subpoena, court order, or regulatory request, or to protect our legal rights, investigate fraud, or ensure safety.
4.3 Business Transfers
In connection with a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity, subject to this Privacy Policy.
4.4 With Client Consent
With explicit consent, we may use client names, logos, or anonymized results in marketing materials.
4.5 No Sale of Personal Data
We do not sell personal information. We do not share personal information for cross-context behavioral advertising purposes as defined by the CCPA/CPRA.
5. SMS AND EMAIL MARKETING
5.1 SMS Communications
We may send SMS messages related to service delivery, appointment reminders, and (with consent) marketing communications. By providing your phone number and consenting to SMS communications, you agree to receive text messages from Doctor Lead Flow. Message and data rates may apply. You may opt out at any time by texting STOP. SMS consent is not a condition of purchase.
5.2 Email Communications
Commercial emails include a physical address, accurate header information, and an unsubscribe mechanism as required by CAN-SPAM. You may unsubscribe at any time. Transactional emails (account updates, billing confirmations, service notifications) are not marketing and are not subject to unsubscribe requests.
5.3 AI-Generated Communications
AI chatbots and voice agents may send automated messages on behalf of our clinic clients. These communications are initiated under the client's authority and consent framework. Doctor Lead Flow processes these communications as a data processor on behalf of the client.
6. AI-SPECIFIC DISCLOSURES
Doctor Lead Flow deploys AI-powered chatbots and voice agents as part of its services to clinic clients.
AI chatbots and voice agents process user inputs to generate responses, schedule appointments, and perform follow-up actions
AI-generated responses are probabilistic and may contain inaccuracies
AI conversation logs are retained for 90 days for quality assurance, then deleted
Client data processed by AI is not used for general model training unless the client expressly opts in
AI voice calls include a disclosure that the caller is an AI assistant
AI interactions may be recorded for quality assurance purposes
7. COOKIES AND TRACKING
We use cookies and similar technologies including:
Essential cookies: required for platform functionality and security
Analytics cookies: Google Analytics to understand website traffic and usage patterns
Advertising cookies: Meta Pixel, Google Ads conversion tracking to measure ad performance
Functional cookies: to remember preferences and improve user experience
You may manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality. For detailed cookie information, see our Cookie Policy at [INSERT: Cookie Policy URL].
8. DATA RETENTION
Data CategoryRetention PeriodAI conversation logs (chat + voice)90 days, then deletedCRM client dataDuration of agreement + 60 daysAd campaign dataDuration of agreement + 90 daysWebsite analytics26 months (Google Analytics default)Billing records7 years (tax and legal compliance)Account dataDuration of agreement + 60 daysMarketing consent recordsDuration of consent + 3 years
9. YOUR RIGHTS
Depending on your location, you may have the following rights regarding your personal information:
Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Portability: Request your data in a machine-readable format
Restriction: Request restriction of processing
Objection: Object to processing based on legitimate interests
Opt-out of sale/sharing: We do not sell personal information, but you may exercise this right if applicable
To submit a rights request, contact us at [email protected]. We will verify your identity and respond within thirty (30) days, extendable by thirty (30) days for complex requests. We will not discriminate against you for exercising your privacy rights.
10. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
[STATE-SPECIFIC — APPLICABLE FOR CALIFORNIA RESIDENTS]
California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. For the categories of personal information collected, purposes, and third parties with whom we share, see Sections 2, 3, and 4 above. To exercise your rights, contact [email protected].
11. SECURITY
We implement reasonable administrative, technical, and physical security measures to protect personal information, including encryption in transit and at rest, access controls, employee training, and incident response procedures. However, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.
12. CHILDREN
Our services are not directed to children under 13 (or 16 under GDPR). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
13. INTERNATIONAL TRANSFERS
Personal information may be transferred to and processed in the United States. If you are located outside the United States, your information will be transferred subject to appropriate safeguards as required by applicable law.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Material changes will be communicated by email or through our website with a new effective date posted prominently. Continued use of our services after the effective date constitutes acceptance.
15. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your rights: