Privacy, terms, and data handling are separated so clients can scan what applies before booking.
Policies
Policy center
Use this policy center to find the current Consulta rules and trust boundaries before booking or onboarding. The linked pages describe what is live now, what is intentionally gated, and what still needs Cristian/operator/legal review.
Security, notification, and availability pages explain current behavior without claiming unverified provider readiness.
Help and Account recovery stay visible because the confirmation pass remains the source of truth.
Privacy policy
The Privacy Policy explains what booking and contact data Consulta processes, how payment references are separated from card data, and how Beam receives only video access context.
- Read it before submitting booking contact details or intake notes.
- It states that Consulta stores payment references and statuses, not card data.
- It keeps live WOP/SMTP delivery and final legal review visible as open gates.
Terms and conditions
Terms and Conditions describe the booking relationship: free intros, paid-session holds, payment-webhook confirmation, policy-based reschedule/cancel actions, and browser video responsibilities.
- Free intros reserve real slots without creating payment records.
- Paid sessions confirm only after server-side payment proof.
- Final dispute, refund, and provider-specific language remains pending approval.
Data policy
The Data Policy explains operational records: booking status, audit events, temporary holds, payment references, notification delivery records, Beam room references, and retention work still needing approval.
- Booking state is the operational source of truth.
- Temporary Redis holds expire when checkout or booking creation does not complete.
- Final retention, export, deletion, and provider-specific commitments remain open.
Security and trust
Security and trust status explains server-side payment proof, tokenized confirmation/Beam access, secret boundaries, and the current no-regulated-use posture.
- Consulta does not claim HIPAA, PHI handling, SOC 2, ISO, or healthcare readiness in the MVP.
- Secrets belong in the API runtime, not the browser.
- Real-device video proof and connected calendar sync remain separate gates.
Notifications
Notification expectations distinguish transactional booking-state messages from optional reminders and follow-ups. The page also explains per-booking preferences and delayed-message recovery.
- The confirmation pass remains the source of truth if a message is delayed.
- Reminder and follow-up preferences are scoped to a booking pass.
- Live WhatsApp/email delivery needs WOP/SMTP credentials and smoke proof.
Availability and recovery
Availability status explains how dashboard-managed weekly windows, buffers, blackouts, minimum notice, slot holds, and policy windows affect what clients can book.
- Connected calendar sync is not claimed as live.
- Calendar downloads and shortcuts are handoff tools, not provider sync proof.
- Account and Help routes are the recovery paths when a client loses a confirmation pass.