1. Who We Are

KaraFlows is an AI-powered patient acquisition platform for dental clinics, operated by Kara Labs. We provide AI chatbot, automated lead response, appointment reminder, patient reactivation, and review generation services to dental clinic clients across Canada, the UAE, and internationally. Our services may include automated and AI-assisted communications intended for administrative, customer service, marketing, and operational support purposes.

Contact: [email protected]  |  karaflows.com

2. Information We Collect

2.1 Information You Provide Directly

When you visit our website, book a demo call, or contact us, we may collect:

• Full name and business name
• Email address and phone number
• Clinic name, location, and website URL
• Information submitted through our booking forms and surveys
• Messages sent to us via email or contact forms

2.2 Information Collected Automatically

When you visit karaflows.com, we automatically collect certain technical information:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited and time spent on each page
• Referring website or source
• Device type (desktop, mobile, tablet)
• Cookies and similar tracking technologies (see Section 7)

2.3 Information About Your Clinic's Patients (Client Data)

If you are a dental clinic client using our services, our AI system processes patient data on your behalf, including patient names, phone numbers, email addresses, and appointment information. This data is processed solely to deliver our agreed services to your clinic. We act as a data processor for this information — you remain the data controller responsible for your patients' data.

Clinic clients are solely responsible for ensuring that all patient data provided to KaraFlows has been collected lawfully and that all necessary patient consents, notices, and permissions required under applicable privacy, healthcare, marketing, and communications laws have been obtained.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to your demo requests and sales enquiries
• To provide and manage our AI patient acquisition services to your clinic
• To provide AI-assisted automated communication and workflow automation services
• To send appointment confirmations, reminders, and follow-up communications on behalf of your clinic
• To generate monthly performance reports for clinic clients
• To send you service-related communications and updates
• To improve our website and services based on usage patterns
• To comply with legal obligations and enforce our terms
• To detect and prevent fraud, abuse, or security incidents

We do not sell your personal information to third parties. We do not use your information for advertising purposes unrelated to our services.

4. Legal Basis for Processing (GDPR & Canadian PIPEDA)

Where applicable, we process personal data under the following legal bases:

• Contractual necessity: To fulfill our service agreement with dental clinic clients
• Legitimate interests: To operate and improve our business, respond to enquiries, and ensure security
• Consent: For marketing communications and cookies where consent is required
• Legal obligation: Where required by applicable law

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

5. How We Share Your Information

We may share your information with:

• Service providers: Third-party platforms we use to operate our business, including GoHighLevel (CRM and automation platform), email delivery services, and calendar systems. These providers are contractually required to protect your data.
• Subprocessors and infrastructure providers: We may use trusted third-party infrastructure and software providers including cloud hosting providers, AI technology providers, communications platforms, analytics providers, payment processors, and automation platforms necessary to deliver our services.
• Professional advisors: Lawyers, accountants, or auditors where necessary for our business operations
• Law enforcement or regulators: When required by applicable law, court order, or governmental authority
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity

We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law:

• Client account data: retained for the duration of the service agreement plus 2 years
• Demo enquiry data: retained for 12 months from the date of enquiry
• Patient data processed on behalf of clinic clients: retained per the clinic's instructions and applicable healthcare regulations
• Website analytics data: retained for up to 26 months

After applicable retention periods, we securely delete or anonymize your information.

Upon written request and subject to applicable legal obligations, we will make commercially reasonable efforts to delete or return client data in accordance with our service agreements.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and collect analytics data. We use:

• Essential cookies: Required for the website to function properly. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website. Where required by applicable law, analytics and non-essential cookies are used only after obtaining your consent through our cookie consent banner.
• Functional cookies: Remember your preferences and settings to improve your experience.

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. For more details, see our Cookie Policy.

You may manage your cookie preferences at any time through our cookie consent settings or your browser settings.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

Depending on your jurisdiction, additional rights may apply under local privacy and consumer protection laws.

• Right to access: Request a copy of the personal information we hold about you
• Right to correction: Request correction of inaccurate or incomplete information
• Right to deletion: Request deletion of your personal information, subject to legal obligations
• Right to restrict processing: Request that we limit how we use your information
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (HTTPS/TLS)
• Access controls limiting who can access personal data
• Secure third-party platforms with their own security certifications
• Regular review of our data handling practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a data security incident affecting personal information, we will take commercially reasonable steps to investigate, mitigate, and provide notifications where required under applicable law.

10. International Data Transfers

KaraFlows operates internationally, serving clients in Canada, the UAE, and other countries. Your information may be transferred to and processed in countries other than your country of residence. Where we transfer personal data internationally, we take commercially reasonable steps to ensure appropriate safeguards are in place in accordance with applicable privacy and data protection laws, including contractual protections with relevant service providers where appropriate.

11. Children's Privacy

Our services are directed exclusively at businesses (dental clinics) and their adult representatives. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected].

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

13. SMS Communications

If you provide your phone number and consent to receive SMS messages from us, you may receive appointment confirmations, demo reminders, and service-related text messages. Message and data rates may apply. You may opt out at any time by replying STOP to any message. For assistance, reply HELP.

By providing your phone number and opting in, you represent that you are authorized to receive communications at the provided number and understand that consent is not a condition of purchasing services.

14. AI-Assisted Communications

KaraFlows may use AI-assisted technologies, automated workflows, and chatbot systems to help clinics respond to enquiries, schedule appointments, send reminders, and improve operational efficiency.

While we strive to maintain high accuracy and reliability, automated communications may occasionally contain errors, incomplete information, or unintended responses. Clinics using our services are responsible for reviewing and monitoring communications sent through our systems.

KaraFlows does not provide medical advice, diagnosis, or treatment recommendations. Any automated communications generated through our systems are intended for administrative, informational, customer service, or marketing purposes only.

Patients experiencing medical emergencies should contact emergency services or the relevant healthcare provider directly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: karaflows.com
• Company: KaraFlows, a product of Kara Labs

We are committed to resolving any privacy concerns promptly and fairly.