Who we are
Ironleaf is operated by OD “ISLAMOVIC”, registered in Sarajevo, Bosnia and Herzegovina. We build AI chatbot, virtual front desk, and automation systems for clinics and small businesses in the US and Europe.
For anything privacy-related, email contact@ironleaf.agency.
Information we collect
We may collect:
- Contact details — name, email, phone.
- Business information — clinic or company name, website, role.
- Messages submitted through our forms, chatbot, or email.
- Project and billing data when you become a client (billing contact, invoicing details, payment confirmations from our processors; we do not store full card numbers).
- Basic technical data — IP address, browser, device type, pages viewed, cookies and similar storage.
How we use information
We use this information to:
- Provide and improve our services
- Communicate with you about projects, support, and billing
- Optimize chatbot and automation performance
- Run our business (invoicing, accounting, security, fraud prevention)
- Comply with legal, tax, and accounting obligations
Marketing emails (if any) are sent only with consent or as permitted by law, and you can opt out at any time.
Cookies and analytics
We use a small set of cookies and local storage to make the site work (e.g. remembering your light/dark theme) and privacy-respecting analytics (e.g. Vercel Analytics) to understand aggregate traffic. We do not use cookies for cross-site advertising and we do not sell personal data. You can block cookies in your browser; some site features may stop working.
Data sharing
We do not sell your data. We share it only with trusted third parties that help us run the business, such as:
- Hosting, email, CRM, and analytics providers
- Payment processors
- AI infrastructure providers used to deliver our services
- Professional advisors (e.g. accountants, lawyers)
- Authorities, when required by law
- A successor entity in case of a merger or sale of assets
International transfers
We are based in Bosnia and Herzegovina and our providers may be located in the EU/EEA, the UK, the US, or other countries. Where required, transfers rely on appropriate safeguards (such as the EU Standard Contractual Clauses).
Retention
We keep personal data only as long as needed: prospect data for up to 24 months after our last interaction; client and billing records for the periods required by tax and accounting law; operational logs for shorter rolling windows. Where systems we build store conversation data, retention is configured per client.
Client responsibility
Clients using our chatbot and automation systems are responsible for ensuring their use complies with applicable laws and regulations, including healthcare privacy requirements (e.g. HIPAA in the US, GDPR in the EU/EEA), and for providing patient- or customer-facing notices and consents as required.
Data security
We take reasonable administrative, technical, and organizational steps to protect your data: encrypted transport (HTTPS), access-controlled tooling, least-privilege credentials, and isolated environments for client work. No system is completely secure; if a breach affects you, we will notify you and applicable regulators as required by law.
Your rights
Depending on where you live (e.g. EU/EEA, UK, certain US states), you may have the right to:
- access the personal data we hold about you,
- correct inaccurate or incomplete data,
- delete data, subject to legal retention obligations,
- object to or restrict certain processing,
- withdraw consent where processing is based on consent,
- request portability of data you provided to us,
- lodge a complaint with your local data protection authority.
To exercise any of these rights, email contact@ironleaf.agency from the address associated with your data. We respond within 30 days.
Children
Our website and services are intended for businesses and adults. We do not knowingly collect personal data from children under 16.
Third-party links
Our site may link to third-party services (e.g. LinkedIn, scheduling tools). Their privacy practices are governed by their own policies.
Changes
We may update this Privacy Policy. We will revise the “Last updated” date above and, for material changes, give additional notice. See also our Terms of Service and Refund Policy.