Roman← Home

Privacy Policy

Last updated: June 12, 2026

Who we are

Roman Copilot ("Roman", "we", "us") is an operations platform for medical spas. We provide clinic owners and managers with analytics, a daily task queue, and an AI copilot that draws on the clinic's own operational data.

What we collect

  • Account data — your name, work email, role (owner / manager), and authentication metadata.
  • Clinic settings — clinic name, timezone, currency, brand voice prompt, and EMR connection metadata (e.g. location, last sync timestamp).
  • EMR operational data — appointments, transactions, and aggregate patient activity synced from your connected EMR (currently Boulevard). We pull the minimum-necessary record set to generate insights and tasks.
  • Usage data — feature usage, task outcomes, and copilot interactions used to improve the product.

What we do NOT collect

Roman is not designed to ingest or store Protected Health Information (PHI). We do not pull clinical notes, diagnoses, treatment records, photos, or medical history. Where possible we de-identify or aggregate patient records before analysis. You should not paste PHI into the copilot or any free-text field.

How we use it

We use your data to operate the service: render dashboards, generate AI recommendations, send authentication and operational emails, and improve product quality. We do not sell your data and we do not use it to train third-party foundation models.

Service providers

We rely on vetted infrastructure providers — including our database and authentication host, our email sender, and the large-language-model providers powering the copilot — under standard data-processing terms. EMR credentials are stored encrypted at rest and are only readable by server-side processes.

Security

All access to clinic data is gated by row-level security keyed to your user account and clinic membership. EMR credentials are not readable by clinic managers. Authentication uses industry-standard password hashing with leaked-password protection enabled.

Your choices

  • You can update your name and password from Settings → Profile.
  • Clinic owners can disconnect the EMR at any time from Settings.
  • To delete your account or clinic data, email us at the address below.

Contact

Questions about privacy? andrew@leanengineering.io.