Avenor logo
Login Book a demo
Login Book a demo
Privacy Policy

How Avenor handles data.

This policy explains how Avenor collects, uses, stores, and protects information across the public website, demo requests, embedded webforms, CRM workflows, ads integrations, AI assistant, patient portal, billing, and platform communications.

Last updated: April 30, 2026

1. Scope

This Privacy Policy applies to Avenor's public website, demo request forms, embeddable webforms, CRM platform, super-admin and workshop admin panels, patient portal, notifications, billing flows, and connected integrations.

Avenor is a platform for lead capture, advertising attribution, CRM operations, appointment and patient workflows, reporting, AI assistance, and SaaS administration. Workshop customers are responsible for the data they collect from their own leads, clients, and patients through their workspace.

This page is provided as operational privacy information for Avenor. It should be reviewed by legal counsel before production use in jurisdictions with specific privacy, medical, or advertising compliance requirements.

2. Data We Collect

Public website and demo requests

  • Name, email, phone, company or workshop name, preferred contact time, selected package, and message submitted through the Book a Demo form.
  • Basic technical request data such as IP address, browser information, request time, and anti-spam signals used for rate limiting and honeypot protection.

Webforms and CRM leads

  • Contact details such as full name, first name, last name, email, phone, country, city, and custom fields configured by a workshop admin.
  • Attribution data such as source, source platform, UTM values, landing page URL, referrer, gclid, gbraid, wbraid, fbclid, Meta lead IDs, and related campaign metadata when available.
  • CRM data such as lead status, priority, stage, assignee, notes, activities, duplicate indicators, conversion state, and webform source.

Care and patient workflows

  • Patient profile information, appointment history, treatment cases, clinical notes, portal account details, and medical audit records entered by authorized workspace users.
  • Patient portal login activity and read-only portal access state.

Platform and billing administration

  • User accounts, roles, permissions, workshop settings, subscriptions, plan limits, billing requests, payment gateway metadata, system logs, SMTP settings, branding settings, and integration settings.

3. How We Use Data

  • To respond to demo requests and manage sales follow-up.
  • To create, route, assign, de-duplicate, qualify, and manage CRM leads.
  • To connect leads to appointments, patient records, treatment cases, and clinical audit history where configured by the workshop.
  • To provide dashboards, reporting, conversion logs, notifications, role-based access, plan limits, subscription status, billing workflows, and support diagnostics.
  • To preserve advertising attribution and help workshops measure campaign outcomes.
  • To protect the platform from abuse, spam, unauthorized access, and unsafe destructive actions.

4. Advertising, Payment, And Email Integrations

Workshops may connect third-party services. The exact data shared depends on the integration enabled by the workshop or super-admin configuration.

  • Meta integrations: Avenor may retrieve Meta Lead Ads, store Meta lead identifiers and timestamps, subscribe pages to leadgen webhooks, send CRM lifecycle conversion events, display reporting data, manage scheduler publishing, and support Meta Ad Library workflows.
  • Google Ads integrations: Avenor may store click identifiers and conversion configuration so lead and status events can be prepared for online and offline conversion measurement.
  • SMTP notifications: Avenor may send operational emails, such as lead and appointment notifications, using platform or workshop SMTP settings.
  • Billing gateways: Stripe and PayPal payment flows may process payment and checkout metadata. Avenor stores billing request status and gateway references needed for subscription approval and auditability.

Third-party platforms process data under their own terms and privacy policies. Workshop admins should ensure they have permission to use these integrations with their data subjects.

5. AI Assistant

Where enabled by plan, global setting, workshop setting, permission, and budget, Avenor can send selected lead, patient, or scheduler context to an AI provider to generate summaries, draft follow-ups, answer record-scoped questions, or suggest text.

  • AI outputs are read-only suggestions unless a user chooses to copy or apply them in a note field.
  • Avenor logs AI usage, including model, token usage, estimated cost, request status, provider identifiers, and prompt or response context for super-admin review and prompt tuning.
  • Users should avoid entering unnecessary sensitive information into AI prompts unless their organization has approved that use.

6. Patient And Clinical Data

Avenor includes patient profiles, appointments, treatment cases, patient portal access, and append-oriented clinical audit records. Access is controlled through tenant-scoped roles and permissions such as admin, manager, doctor, and custom roles.

Medical or clinical data may be subject to additional legal requirements depending on the country, clinic type, and services provided. Workshops are responsible for configuring access, consent, retention, and patient communication practices appropriate to their jurisdiction.

7. Data Sharing

Avenor does not sell personal information. Data may be shared only as needed to operate the platform, provide support, process payments, send configured notifications, connect enabled integrations, comply with legal obligations, or protect the platform.

Super-admin users may access platform-level logs, usage, billing, demo requests, workshop records, integrations visibility, and tenant impersonation tools for support and operational review.

8. Security And Retention

  • Avenor uses authentication, role-based permissions, tenant scoping, session controls, webhook verification, rate limiting, honeypot checks, audit logs, and guarded destructive database commands.
  • Data is retained while needed for the workspace, legal, operational, billing, reporting, or audit purposes, unless deleted or changed according to applicable agreements and system capabilities.
  • No internet-connected system can guarantee absolute security, but Avenor is designed to reduce accidental cross-tenant access and preserve operational auditability.

9. Your Rights And Choices

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal information. If your data was submitted to a workshop using Avenor, contact that workshop first because they control the workspace data.

You can also contact Avenor for public website or demo request data questions.

10. Contact

For privacy questions about Avenor, demo requests, or this public website, contact the Avenor team through the official website or demo request form.

For lead, patient, appointment, or clinic-specific requests, contact the workshop or clinic that collected your information.