Privacy Policy

Last updated: February 23, 2026

1. Introduction

Clinica AI ("we", "our", "us") provides AI-powered voice receptionist services for dental clinics. This policy explains how we collect, use, and protect the personal data of clinic patients and clinic staff who interact with our system.

2. Data We Collect

When patients call a clinic using our service, we collect:

• Patient name — as provided during the call
• Phone number — the caller's number for SMS confirmations and appointment management
• Appointment details — service type, preferred doctor, date and time
• Call metadata — timestamp, language, call duration

From clinic staff using the dashboard, we collect:

• Patient notes — written by doctors about patient visits
• Settings changes — business hours, doctor schedules, closures

3. How We Use Data

All collected data is used exclusively to:

• Book, cancel, and reschedule appointments on the clinic's calendar
• Send SMS confirmations and reminders to patients
• Display analytics and call logs in the clinic's private dashboard
• Store doctor notes for the clinic's internal records

We do not sell, share, or transfer personal data to any third parties for marketing or advertising purposes.

4. Data Storage

Data is stored in:

• Google Workspace (Google Sheets and Google Calendar) — hosted on Google's secure infrastructure in compliance with Google's privacy standards
• Twilio — for SMS delivery only, subject to Twilio's privacy policy

Each clinic's data is stored in a separate, dedicated Google Sheet and Calendar. No clinic can access another clinic's data.

5. Data Retention

Appointment data and call logs are retained for the duration of the clinic's active subscription. Patient notes are retained until deleted by the clinic through the dashboard. Upon cancellation of service, all clinic data can be exported or deleted upon request within 30 days.

6. Data Security

We implement the following security measures:

• API authentication via secret keys for all data access
• Rate limiting to prevent unauthorized bulk access
• Input sanitization to prevent data injection
• Audit logging of all data modifications
• HTTPS encryption for all data in transit

7. Patient Rights

Patients have the right to:

• Access — request what data we hold about them (via the clinic)
• Correction — request corrections to inaccurate data
• Deletion — request deletion of their data
• Portability — receive their data in a standard format

To exercise these rights, patients should contact their clinic directly, or email us at clinica.ai@contactclinicaai.com.

8. Clinic Responsibilities

Clinics using Clinica AI are data controllers for their patient data. Clinics are responsible for informing their patients that an AI system may handle their calls and for obtaining any necessary consent required by applicable laws.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated to active clinic clients via email. The "last updated" date at the top reflects the most recent revision.

10. Contact Us

For questions about this privacy policy or data handling:

• Email: clinica.ai@contactclinicaai.com
• WhatsApp: +20 100 698 2698