Privacy Policy

Cancel Catch is a business-to-business service. We do not collect information directly from end clients. All client information we process is provided to us by our med spa partners under their existing customer relationships and consent. The information we handle typically includes:

• Client first name and last initial only — we intentionally minimize identifiers.
• Mobile phone number for SMS delivery.
• Treatment history, preferred provider, and prior booking patterns to match clients to the right open slot.
• Outbound and inbound SMS message content for audit and compliance.
• Opt-out status (phone numbers that have replied STOP).

We also collect operational information from our med spa partners themselves — business contact details, account credentials, and basic usage logs — to administer the service.

We use information solely to operate and improve the cancellation recovery service. Specifically:

• Match a med spa's open appointment slot to the most appropriate clients based on treatment fit, provider preference, and timing.
• Send SMS messages on behalf of the spa offering the open slot.
• Process inbound replies, claim slots atomically, and notify the front desk.
• Maintain audit logs of every message sent and received.
• Monitor service performance and improve our matching models.

We do not use client information for advertising, profiling unrelated to appointment matching, or any purpose beyond delivering the service to our med spa partners.

The following terms apply to every SMS sent through Cancel Catch on behalf of a med spa partner.

Purpose

Messages are appointment-related only. We send notifications about open cancellation slots at the spa where the client is already a customer. We do not send marketing, promotional, or unrelated content.

Frequency

Message frequency varies and depends entirely on when cancellations occur at the partner spa. There is no fixed schedule.

Cost

Message and data rates may apply. Cancel Catch and the partner spa do not charge clients for messages, but standard carrier rates from the client's mobile plan apply.

Opt out

Reply STOP to any message to unsubscribe immediately. Once received, the phone number is added to our opt-out list and no further messages will be sent from Cancel Catch on behalf of any partner spa.

Help

Reply HELP for assistance, or contact us at contact@cancelcatch.com.

Carrier liability

Mobile carriers are not liable for delayed or undelivered messages.

Every outbound message includes opt-out instructions. Every inbound STOP is honored before any further send is attempted.

We do not sell client information, ever. We share information only with the service providers required to deliver the service, and only to the extent needed for them to perform their function:

Supabase

Encrypted database hosting for slots, clients, messages, and opt-out records.

Twilio

SMS delivery and inbound message processing.

Anthropic

Large language model inference used to generate candidate matches and message copy. We do not send full client records — only the minimum context needed for a single matching decision.

Each provider is bound by their own data protection terms. Where applicable, we maintain HIPAA Business Associate Agreements with our med spa partners and operate accordingly.

We may also disclose information when required by law, valid legal process, or to protect the rights, safety, or property of Cancel Catch, our partners, or the public.

We treat client data as sensitive by default. Our practices include:

• Encryption in transit (TLS) and at rest for stored records.
• Role-based access controls — only authorized personnel and processes can read partner data.
• Audit logging of every SMS sent and received, every slot claim, and every administrative action.
• Minimization — we store first name and last initial only, never full last names, addresses, or unrelated PII.
• Atomic slot claiming enforced at the database level to prevent double-booking and race conditions.

No system is perfectly secure. We continuously improve our controls and will notify affected partners promptly if we ever become aware of a data incident affecting their information.

We retain client information for the duration of the service relationship with the partner med spa, plus any additional period required by applicable law (for example, telecommunications and SMS audit requirements). Message logs and opt-out records are retained for the full period required for compliance and dispute resolution. When a partner relationship ends, we delete or de-identify records on the partner's request and within a reasonable wind-down period, except where retention is legally required.

Clients of partner med spas have the following rights with respect to information Cancel Catch processes on their behalf:

Opt out of SMS at any time

Reply STOP to any message. Opt-outs are immediate and permanent unless you re-subscribe through your med spa.

Request deletion

Email contact@cancelcatch.com to request deletion of your records. We will coordinate with your med spa to honor the request, subject to applicable retention laws.

Ask questions

Email contact@cancelcatch.com or contact your med spa directly to ask how your information is being used.

Med spa partners may export, correct, or delete their own account data at any time through their account or by contacting us.

Residents of certain U.S. states — including California, Colorado, Virginia, and others — may have additional rights under state privacy laws such as the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Colorado Privacy Act (CPA), and the Virginia Consumer Data Protection Act (VCDPA). Depending on your state of residence, these rights may include:

• The right to know what personal information is collected about you and how it is used.
• The right to request deletion of your personal information.
• The right to opt out of certain data sharing or sales (Cancel Catch does not sell personal information).
• The right to non-discrimination for exercising any of these rights.

To exercise any of these rights, email contact@cancelcatch.com. We will verify your request and respond within the timeframes required by applicable law. Because Cancel Catch processes client information on behalf of our med spa partners, we may coordinate with the relevant Partner to fulfill your request.

Cancel Catch is not directed at children under 18. We do not knowingly collect or process information about minors. Med spa partners are responsible for ensuring that the contact information they provide to Cancel Catch belongs to adult clients who have consented to receive SMS messages from the spa. If we become aware that we have processed information about a minor, we will delete it promptly.

We may update this Privacy Policy from time to time as our service evolves. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will notify med spa partners by email and, where appropriate, ask them to communicate the change to their clients. Continued use of the service after a change takes effect constitutes acceptance of the updated policy.

Questions about this Privacy Policy, requests for data access or deletion, or any other privacy-related matter can be sent to: