Darter Privacy Policy

Scope and Applicability

This Policy applies when you visit our website, interact with our Services, or otherwise engage with Darter. Please note:

• When Darter processes data on behalf of our business customers (for example, hosting their custom-built mobile app, delivering push notifications, and routing appointment bookings on behalf of aesthetic clinics and MedSpas), we do so in the role of a data processor (or “service provider” in certain jurisdictions). In those cases, our Customers are the data controllers and their own privacy policies apply.
• This Policy does not cover third-party tools, apps, or services you connect with Darter (e.g., scheduling systems, EMR/PMS platforms, calendars, or CRM tools). Those services are governed by their own privacy policies.

Information We Collect

Information You Provide

• Account Information: name, email, phone number, password, and authentication credentials.
• Payment Information: if you purchase Services, our payment processor (currently Stripe) collects and processes your payment method and billing details. Darter stores only non-sensitive details (e.g., last four digits, card type).
• Practice Configuration Data: when setting up your Darter-built mobile app, you may provide business information, staff names, treatment offerings, pricing details, scheduling preferences, brand assets, and workflow configurations.
• App & Customer Data: when patients use the Darter-built mobile app, Customers may generate appointment bookings, in-app messages, loyalty and rewards activity, referrals, and other patient-interaction data tied to your practice. We process these strictly under our Customer’s instructions.
• Business Contact Information: if you represent a business, we may collect your name, job title, company, and contact details.
• Other Information: if you register for demos, webinars, support, or otherwise communicate with us.

Information Collected Automatically

When you interact with our Services, we may collect:

• Log Data: IP address, browser type, date/time, and interactions with our Site.
• Usage Data: features used, actions taken, in-app sessions, appointment bookings, push notification engagement, and activity within the Services.
• Device Information: device type, operating system, browser, mobile push tokens, and settings.
• Analytics Data: cookies and similar technologies (see “Tracking Technologies” below).

Information from Third Parties

• Authentication Providers (e.g., Google login).
• Partners & Service Providers who help us run our Services.
• EMR/PMS Integration Partners with whom you connect your Darter account.
• Public or Commercial Sources, such as LinkedIn profiles or industry databases.

How We Use Information

We use collected information to:

• Provide, operate, and improve our custom-built mobile app Services for aesthetic clinics and MedSpas.
• Authenticate users and enable account features.
• Process payments, invoices, and subscriptions.
• Route, reschedule, and manage appointments and push notifications on behalf of our Customers’ practices.
• Respond to inquiries and provide customer support.
• Analyze usage trends, app engagement patterns, and improve Service performance.
• Prevent fraud, security issues, and misuse.
• Comply with legal obligations.
• Send service-related communications (e.g., security alerts, updates, invoices) and send marketing communications about Darter.
• Create aggregated, anonymized data for analytics and research.

Sharing Your Information

We may share Personal Information:

• With Customers (when we act as a processor providing Services on their behalf, including their clinic staff and authorized users).
• With trusted service providers (e.g., AWS, Vercel, Apple App Store, Google Play, push notification and mobile analytics providers, Stripe for payments) who support our infrastructure and operations.
• With Integration Partners (practice management systems such as Boulevard, Mangomint, Zenoti, Aesthetic Record, and similar platforms) when you connect those services with Darter, subject to your configuration settings.
• In corporate transactions (e.g., mergers, acquisitions, or reorganizations).
• To comply with law, enforce agreements, or protect Darter’s rights and users’ safety.
• With your consent or direction.

We do not sell your Personal Information.

Tracking Technologies (Cookies)

Darter uses cookies and similar technologies to:

• Keep you logged in.
• Remember preferences and practice configurations.
• Understand how Services are used, including in-app engagement metrics, appointment-booking flows, and push notification performance.
• Improve functionality and performance.

You can control cookies via your browser, but disabling them may limit some functionality.

Security

We use industry-standard security measures to protect your data, including:

• Encryption of data in transit and at rest
• Secure hosting infrastructure
• Access controls and authentication requirements
• Regular security assessments

However, no system is 100% secure. You are responsible for keeping your account password confidential and maintaining the security of your integrated systems.

Data Retention

We retain Personal Information as long as necessary to provide our Services or comply with legal obligations. Customer data (e.g., appointment bookings, in-app messages, loyalty activity, and push notification engagement) is retained according to our Customer agreements and can be configured based on your practice’s preferences.

Your Rights

Depending on where you live, you may have rights under applicable privacy laws (e.g., GDPR, CCPA):

• Access, update, or delete your Personal Information.
• Object to or restrict processing.
• Withdraw consent where processing is based on consent.
• Request data portability.

To exercise your rights, contact us at privacy@dartertech.com.

Special Category Data (Health Information)

Darter is designed for use by aesthetic clinics and medical spas. While we process appointment, loyalty, and in-app interaction data, we are not a covered entity under HIPAA. However, we take data protection seriously:

• We implement appropriate technical and organizational measures to protect personal data, including encryption in transit and at rest.
• Customers are responsible for ensuring that any patient information shared with Darter complies with applicable healthcare privacy laws.
• Appointment bookings, in-app messages, and other patient-interaction data are processed at the direction of our Customers (the practices) and are governed by their privacy practices.
• Push notifications are sent only to patients who have granted operating-system-level permission to receive them. Patients may revoke permission at any time through their device settings.

Children

Darter is not directed to children under 16, and we do not knowingly collect their data. If you believe we have collected data from a child, contact us at privacy@dartertech.com and we will delete it.

Region-Specific Disclosures

European Residents (GDPR)

Our legal bases for processing may include:

• Your consent.
• Performance of a contract (providing our custom-built mobile app Services).
• Legitimate interests (improving our Services, preventing fraud).
• Legal obligations.

You may also lodge a complaint with your local data protection authority.

California Residents (CCPA)

You have the right to know what personal information we collect and how it’s used. We do not sell your personal information. To exercise your rights, contact us at privacy@dartertech.com.