Legal

Privacy Policy

Last updated: March 2026 · Effective upon account creation

Molly Gee Webster / Wellspring Hair Spa (Wellspring, we, us, our) operates the Wellspring Platform, a practitioner-facing clinical tool accessible at app.wellspringhairspa.com. This Privacy Policy describes how we collect, use, and protect information when you use our platform.

By creating an account and using the platform, you consent to the practices described in this policy.

Section 01

Information We Collect

We collect information in the following categories:

Account Information: Your name, email address, and password when you register
Billing Information: Payment is processed by Stripe. We store your Stripe customer ID and subscription status, but we never see or store your full credit card details
Client Data You Enter: Names, contact information, date of birth, intake responses, scan scores, and report content that you input for your own clients
Usage Data: Pages visited, features used, and session activity for platform improvement and security purposes
Device and Technical Data: Browser type, IP address, and operating system for security and support purposes

Section 02

How We Use Your Information

To provide and maintain your access to the Wellspring Platform
To process your subscription payments through Stripe
To store your client records securely on your behalf
To generate clinical reports using the Anthropic API (Claude) based on data you provide
To send essential account communications (billing receipts, password resets, service updates)
To improve platform functionality and troubleshoot technical issues

Note on AI Report GenerationWhen you generate a report, client data you enter is sent to the Anthropic API solely to produce that report. This data is not used to train AI models. Anthropic processes data in accordance with their enterprise privacy terms. You are responsible for ensuring you have appropriate consent from your clients before entering their data into the platform.

Section 03

Data Storage & Security

Your account and client data is stored in Supabase, a secure cloud database platform with row-level security controls. Each practitioner can only access their own client records. Data is encrypted in transit (TLS) and at rest.

We implement reasonable technical and organizational safeguards to protect your data. However, no system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Section 04

Third-Party Services

We use the following third-party services to operate the platform:

Supabase — Database and authentication. Data is stored in Supabase infrastructure.
Stripe — Payment processing. Stripe processes billing data under their own privacy policy.
Anthropic — AI report generation. Client data submitted for reports is processed by Anthropic per their API privacy terms.
Vercel — Hosting and deployment. Vercel may collect standard server logs.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

Section 05

Your Client Data & HIPAA Notice

As a practitioner, you are solely responsible for the client data you enter into this platform. You represent that you have obtained appropriate consent from your clients to collect and process their health-related information. Wellspring is not a covered entity under HIPAA, and this platform does not constitute a HIPAA-compliant electronic health record system. Do not enter data for which you do not have appropriate authorization.

Section 06

Data Retention

We retain your account data and client records for as long as your account is active. If you cancel your subscription and do not reactivate within 90 days, we reserve the right to delete your account data. You may request deletion of your data at any time by contacting us directly.

Section 07

Your Rights

Access or export the data associated with your account
Request correction of inaccurate account information
Request deletion of your account and associated data
Opt out of non-essential communications

To exercise any of these rights, contact us at wellspringhairspa.com.

Section 08

Cookies

The platform uses session cookies and local storage to maintain your authenticated session and preserve your working state. We do not use third-party advertising cookies or tracking pixels.

Section 09

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice within the platform. Continued use of the platform after changes constitutes acceptance of the revised policy.