Ginivo← Home

Privacy Policy

Last updated: June 24, 2026

Ginivo (“Ginivo”, “we”) provides an AI front-desk assistant for salons, spas, and clinics. This policy explains what data we collect, how we use it, and the choices you have. Questions: privacy@ginivo.ai.

Who this covers

Our customers are businesses (“clinics”) that use Ginivo to run their front desk. Clinics provide information about their business and their own clients. Where a clinic uploads client data, the clinic is the data controller and Ginivo is its processor.

Information we collect

  • Account data: name, email, and login credentials of the clinic owner/staff.
  • Business data: services, prices, hours, staff, policies, and FAQs (often imported from the clinic's own website).
  • Client records: client names, contact details, visit history, and consent status, as provided by the clinic.
  • Conversations: messages exchanged with the AI assistant.
  • Google data: see the dedicated section below.

Google user data — what we access and why

When a clinic connects its Google Calendar, Ginivo requests these scopes:

  • calendar.readonly — to read busy/free intervals only, so the assistant never offers a time that is already taken. We do not read the titles, attendees, or contents of events we did not create.
  • calendar.events — to create, update, and delete only the appointment events that Ginivo itself books on the clinic's calendar. Ginivo never edits or deletes events it did not create.

We store an encrypted Google refresh token to maintain the connection, and exchange it for short-lived access tokens at request time. A clinic can disconnect at any time from Settings, which stops all access.

Limited Use. Ginivo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not sell it, and do not allow humans to read it except where required for security, to comply with law, or with the user's explicit consent.

How we use data

  • Answer client questions and book/confirm/cancel appointments.
  • Generate win-back outreach to a clinic's lapsed clients who have consented to contact.
  • Show the clinic owner their schedule and client history inside the dashboard.
  • Operate, secure, and improve the service.

Sharing

We do not sell personal data. We share data only with infrastructure providers that run the service (hosting, database, email/SMS delivery, and the AI model provider), strictly to deliver the product, and with Google as needed to provide the calendar integration you enabled.

Retention & deletion

We retain data while a clinic's account is active. A clinic can request deletion of its data, and end clients can opt out of outreach at any time via the unsubscribe link in any message. Disconnecting Google revokes our access and removes the stored token.

Security

Data is encrypted in transit. Sensitive tokens are encrypted at rest. Access is scoped per clinic (multi-tenant isolation) so one clinic can never see another's data.

Contact

privacy@ginivo.ai

This template should be reviewed by counsel before relying on it for a production launch.