Legal

Privacy Policy

FrontDesk, LLC • Effective Date: March 31, 2026

FrontDesk, LLC (“FrontDesk,” “we,” “us,” or “our”) is committed to protecting the privacy of its users. This Privacy Policy describes how we collect, use, store, share, and safeguard information in connection with the FrontDesk web application, mobile applications (iOS and Android), and all related services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Services immediately.

  1. Information We Collect

    We collect only the information necessary to provide, maintain, and improve the Services. The categories of information we collect include:

    • Account Information. When an administrator creates an account, we collect the following: first name, last name, and email address.
    • Provider / Staff Profiles. Administrators may add provider or staff member profiles that include a name (with optional prefix and suffix), an email address, and an optional profile photograph.
    • Business Information. We collect the company or practice display name, the names of practice locations, branding customization data (colors and logo images), and organizational structure information necessary to operate the Services.
    • Billing Information. Payment card information is collected and processed exclusively by our third-party payment processor, Stripe, Inc. (“Stripe”). FrontDesk does not directly store credit card numbers, bank account numbers, or other sensitive payment credentials. We store only a Stripe customer identifier to associate your account with your payment profile.
    • Device Tokens. When providers or staff install the companion mobile application, we collect device tokens solely for the purpose of delivering push notifications (e.g., client check-in alerts).
    • Referral Program Data. If you participate in our referral program, we generate and store a unique referral code linked to your company account, along with usage counts and redemption records.
    • Log & Operational Data. We maintain transient logs of processed webhook events and transactional email delivery records for troubleshooting and operational integrity. These logs are automatically deleted after thirty (30) days.
  2. Information We Do Not Collect

    FrontDesk is designed to facilitate internal staff workflows and client check-in processes. We do not collect, store, or process any of the following:

    • Patient or client names, contact information, or demographic data
    • Appointment schedules, booking details, or visit history
    • Medical records, diagnoses, treatment plans, or any health-related information
    • Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”)
    • Precise geolocation or GPS data
    • Social Security numbers, government-issued identification, or biometric data
  3. HIPAA Disclaimer

    FrontDesk is not a “Covered Entity” or a “Business Associate” as those terms are defined under HIPAA and its implementing regulations. The Services are not designed to create, receive, maintain, or transmit Protected Health Information on behalf of any Covered Entity. FrontDesk does not offer or enter into Business Associate Agreements (“BAAs”). Clients who are Covered Entities under HIPAA are solely responsible for ensuring that their own use of the Services complies with all applicable privacy and security regulations.

  4. How We Use Your Information

    We use the information we collect for the following purposes:

    • To provide, operate, and maintain the Services, including the check-in kiosk, provider notifications, and administrative portal
    • To identify and authenticate authorized users and administrators
    • To display provider profiles within the check-in experience
    • To deliver push notifications to provider devices upon client check-in
    • To process subscription billing, apply referral credits, and manage payment-related communications through Stripe
    • To send transactional emails (e.g., welcome onboarding emails, referral code delivery)
    • To respond to customer support inquiries
    • To detect, prevent, and address fraud, security incidents, or technical issues
    • To comply with applicable legal obligations
  5. Third-Party Service Providers

    We engage a limited number of trusted third-party service providers to help us operate the Services. These providers access information only as necessary to perform their functions and are contractually obligated to maintain its confidentiality.

    • Firebase (Google LLC). We use Firebase for user authentication, cloud database storage (Firestore), cloud file storage (Cloud Storage), serverless backend logic (Cloud Functions), and web hosting. Data processed through Firebase is subject to Google’s Terms of Service and Firebase Privacy Policy.
    • Stripe, Inc. We use Stripe to process all subscription payments, manage billing operations, and handle refunds. Payment card information is collected, processed, and stored by Stripe in accordance with PCI-DSS Level 1 standards. For more information, see Stripe’s Privacy Policy.
    • Mailgun (Sinch Email). We use Mailgun for transactional email delivery, including welcome onboarding emails and referral code communications. Mailgun processes recipient email addresses and email content subject to its own privacy policy.
    • Google Fonts. The Services load web fonts from Google Fonts, which may result in your browser transmitting your IP address and request headers to Google servers.
  6. Data Sharing & Disclosure

    FrontDesk does not sell, rent, lease, or trade your personal information to third parties for marketing or advertising purposes. We may disclose information only in the following limited circumstances:

    • Service Providers. To the third-party providers described in Section 5, solely as necessary for them to perform services on our behalf.
    • Legal Compliance. When required to do so by law, regulation, legal process, or enforceable governmental request.
    • Protection of Rights. To enforce our Terms and Conditions, protect the rights, property, or safety of FrontDesk, our users, or the public.
    • Business Transfers. In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, in which case your information may be transferred to the successor entity.
    • With Your Consent. In any other circumstance where you have provided express consent to such disclosure.
  7. Cookies & Browser Storage

    The FrontDesk web application does not use third-party cookies, tracking pixels, retargeting scripts, or web beacons. We do not engage in cross-site tracking or behavioral advertising.

    The Services use browser-native storage mechanisms (localStorage and sessionStorage) for strictly functional purposes, including:

    • Caching company data locally to improve page load performance
    • Remembering onboarding dismissal states and user interface preferences
    • Maintaining session-level state during checkout and signup flows
  8. Data Security

    We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

    • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
    • Firestore security rules enforce role-based access control, ensuring users can only access data belonging to their own organization
    • Cross-Origin Resource Sharing (CORS) policies restrict API access to authorized domains

    Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

  9. Data Retention & Deletion

    We retain your information only for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

    • Active Accounts. Your data is retained for the duration of your active subscription.
    • After Cancellation. If your subscription is canceled and not reinstated before the end of the current billing period, FrontDesk will automatically delete all associated company data, provider profiles, stored files, and authentication accounts within thirty (30) days following the termination of the subscription.
    • Operational Logs. Processed webhook event logs and email delivery records are automatically deleted after thirty (30) days.
    • Stripe Records. Billing history and payment records retained by Stripe are subject to Stripe’s own data retention policies.
  10. Your Rights

    Depending on your jurisdiction, you may have certain rights with respect to your personal information, including:

    • Access. You may request a copy of the personal information we hold about you.
    • Correction. You may request that we correct inaccurate or incomplete information.
    • Deletion. You may request that we delete your personal information, subject to certain legal exceptions.
    • Data Portability. Where technically feasible, you may request your data in a structured, commonly used format.

    To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within thirty (30) days.

  11. California Privacy Rights

    If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). FrontDesk does not sell personal information as defined under the CCPA/CPRA, and we do not use personal information for cross-context behavioral advertising. California residents may exercise the rights described in Section 10 by contacting us at [email protected].

  12. Children’s Privacy

    The Services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (“COPPA”). If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

  13. International Users

    The Services are hosted and operated in the United States. If you access the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to the transfer of your information to the United States.

  14. Changes to This Privacy Policy

    We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the “Effective Date” at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes constitutes your acceptance of the revised Privacy Policy.

  15. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

    FrontDesk, LLC
    Email: [email protected]