Privacy Policy

Effective Date: [15/02/2026]

1. Who We Are

BlueEchoAI we operate the Kinetic Flow Operating System (KFOS), an operational automation system designed for sports and physiotherapy clinics.

We are a UK-based business and act as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Business Name: BlueEchoAI
Contact Email: [email protected]
Location: United Kingdom

If you have any questions about this Privacy Policy, you may contact us using the details above.

2. What Information We Collect

When you interact with our website, book a consultation, or submit a form, we may collect:

Full name

Email address

Phone number

Clinic / business name

Role within the business

Information about your clinic operations

Any information voluntarily provided in enquiry forms

We may also collect limited technical data including:

IP address

Browser type

Device information

Website interaction data (via analytics tools)

We do not collect or store patient medical records directly through our website.

3. How We Use Your Information

We use your information to:

Respond to enquiries

Book and manage consultation calls

Assess clinic compatibility for KFOS

Provide our automation services

Send follow-up communications

Improve our website and marketing

Operate and maintain our CRM and automation systems

If you become a client, we may process business contact data necessary to implement and manage the Kinetic Flow Operating System.

We process data under the following lawful bases:

Your consent

Legitimate business interests

Contractual necessity (if you become a client)

4. Use of Automation & AI Systems

As part of the Kinetic Flow Operating System, we deploy automation tools including:

Voice AI systems

SMS and WhatsApp confirmation workflows

CRM platforms

Reactivation campaigns

These systems are used to automate lead handling, booking, appointment confirmations, and patient reactivation for our client clinics.

Where we act as a service provider to clinics, we operate as a Data Processor on behalf of the clinic, who remains the Data Controller of patient data.

We do not use clinic patient data for our own marketing purposes.

5. How We Store and Protect Data

Data is stored using secure third-party providers, which may include:

CRM platforms (e.g., GoHighLevel or equivalent)

Voice AI providers

Secure cloud hosting platforms

Messaging providers (SMS / WhatsApp integration services)

We implement reasonable technical and organisational safeguards to protect personal data against unauthorised access, alteration, or disclosure.

6. Sharing of Information

We do not sell personal data.

We may share data with trusted third-party service providers strictly for business operations, including:

Hosting providers

CRM software providers

Communication platforms

Analytics services

All third parties are required to process data securely and in compliance with applicable data protection laws.

7. Data Retention

We retain personal data only for as long as necessary to:

Fulfil the purpose for which it was collected

Comply with legal obligations

Resolve disputes

Enforce agreements

You may request deletion of your personal data at any time, subject to legal retention requirements.

8. Your Rights Under UK GDPR

You have the right to:

Access your personal data

Request correction of inaccurate data

Request deletion of your data

Restrict or object to processing

Withdraw consent at any time

To exercise your rights, contact us at:
[email protected]

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

9. Cookies and Tracking

Our website may use cookies and tracking technologies for analytics and marketing purposes.

You may manage cookie preferences through your browser settings.

10. Updates to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date.