CleverAnswerAI ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Receptionist services (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy should be read in conjunction with our Terms of Service.

1. Information We Collect

We collect information in two primary categories:

1.1. Client Information: This is information about you, our client (the dental practice), that we collect to provide and manage your account. This includes:

• Contact Information: Name, email address, phone number, and physical address of your practice.

• Account Information: Usernames, roles, and permissions for your staff members who access the Service.

• Billing Information: Payment details processed by our third-party payment processor (e.g., Stripe).

• Configuration Data: Information you provide to customize the AI, such as your hours, services offered, and answers to frequently asked questions.

1.2. Service Data: This is information related to your patients that is processed through our Service on your behalf. As defined under HIPAA, much of this data may be considered Protected Health Information (PHI). This includes:

• Call Metadata: Caller's phone number, call date, time, and duration.

• Call Content: Audio recordings and text transcriptions of conversations between your patients and the AI Receptionist.

In our relationship, your practice is the "Covered Entity" (or "Controller") of this Service Data. CleverAnswerAI acts as a "Business Associate" (or "Processor"). Our use and disclosure of this data are governed by our Terms of Service and the Business Associate Agreement (BAA) we execute with your practice.

2. How We Use Your Information

2.1. Client Information is used to:

• Provide, operate, and maintain the Service.

• Process transactions and manage your subscription.

• Send you technical notices, updates, security alerts, and support messages.

• Improve our Service and for internal research and development.

• Comply with legal obligations.

2.2. Service Data is used solely to:

• Provide the Service to you as instructed, such as answering calls and booking appointments.

• Troubleshoot and provide support at your request.

• Generate anonymized, aggregated data for service improvement (e.g., to improve speech recognition accuracy). This aggregated data cannot be used to identify any individual.

We will never use your patients' Service Data for marketing or any purpose not explicitly outlined in our BAA with you.

3. Data Sharing and Disclosure

We do not sell your data. We may share information under the following limited circumstances:

3.1. Third-Party Sub-processors: We use a limited number of third-party service providers to help us provide the Service. These include cloud infrastructure providers (e.g., AWS, Google Cloud), telephony providers (e.g., Twilio), and AI model providers (e.g., OpenAI). These sub-processors are contractually bound to maintain the confidentiality and security of the data and are vetted for HIPAA compliance where applicable. A list of our current sub-processors is available upon request.

3.2. Legal Compliance: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

3.3. Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred as a business asset. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

4. Data Security

We implement a variety of administrative, technical, and physical security measures designed to protect the security and integrity of your data. This includes encryption of data in transit and at rest, access controls, and regular security assessments. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information.

5. A2P SMS Communication Policy

We only send transactional SMS messages to you, our Client, for service-related purposes, such as account verification or critical alerts. You consent to receive these messages when you provide your phone number. You can opt out at any time by replying STOP. We do not send marketing SMS messages, and we never send SMS messages to your patients.

6. Data Retention

We retain Client Information for as long as your account is active or as needed to provide you with the Service and comply with our legal obligations. Service Data (patient information) is retained according to the terms of our BAA and may be deleted by you through the Service or upon termination of our agreement.

7. Your Data Protection Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your Client Information. Please contact us at privacy@cleveranswerai.com to make such a request. Requests regarding your patients' Service Data should be directed to you, the data controller.

8. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: privacy@cleveranswerai.com.