PRIVACY POLICY

AI Dental Receptionist Service

Last Updated: May 25, 2026

Effective Date: May 25, 2026

AngelSpok ("Provider," "we," "us," "our") operates an AI-powered dental receptionist service ("Service") at dental.angelspok.com. This Privacy Policy explains how we collect, use, store, and protect information when dental practices ("Clients") use our Service and when patients ("Callers") interact with it.

1. INFORMATION WE COLLECT

1.1 From Dental Practice Clients

|-----------|---------|

Data Type	Purpose
Practice name, address, phone number	Service configuration and call routing
Office hours and appointment availability	Scheduling
Staff names and contact information	Call transfers and escalations
Accepted insurance plans	Responding to caller inquiries
Billing information (via Stripe)	Payment processing
Account email	Account management

1.2 From Callers (Patients)

|-----------|---------|

Data Type	Purpose
Caller phone number	Call routing, callback
Caller name	Scheduling, identification
Appointment details (date, time, type)	Scheduling
Dental symptoms or concerns (if volunteered)	Routing to appropriate staff
Insurance information (if volunteered)	Pre-visit preparation
Call recording (audio)	Quality assurance
Call transcript (text)	Service delivery
Call metadata (date, time, duration)	Analytics

Patient information is treated as Protected Health Information (PHI) under HIPAA. Handling of PHI is governed by a Business Associate Agreement (BAA) between AngelSpok and each dental practice Client.

2. HOW WE USE INFORMATION

**Service Delivery:** Answer calls, schedule appointments, respond to inquiries, transfer calls, request post-visit feedback.

**Service Improvement:** Aggregated, de-identified data only. We do NOT use identifiable patient data to train AI models without explicit written authorization from both the dental practice and the individual patient.

**Billing:** Process Client subscription payments via Stripe.

**Legal Compliance:** Respond to lawful requests from courts, regulators, or law enforcement as required.

3. HOW WE PROTECT INFORMATION

**Encryption in transit:** TLS 1.2 or higher on all connections.

**Encryption at rest:** AES-256 for call recordings and transcripts.

**Access controls:** Role-based, least-privilege access. Multi-factor authentication for administrative access.

**Audit logging:** All access to systems containing PHI is logged and retained for twelve (12) months.

**Infrastructure:** US-based cloud infrastructure in SOC 2 Type II certified data centers. No PHI stored outside the United States.

4. INFORMATION SHARING

We do NOT sell personal information or PHI.

We share information with the following service providers solely to deliver the Service:

|----------|---------|-----------|

Provider	Purpose	HIPAA BAA
Google Cloud (Vertex AI)	AI reasoning and response generation	Yes
Google Cloud Text-to-Speech	Voice synthesis	Yes
Twilio, Inc.	Telephony and call routing	Yes
AssemblyAI, Inc.	Speech-to-text transcription	Yes
Stripe, Inc.	Payment processing (no PHI)	N/A

We may also disclose information if required by law, regulation, or legal process, or in connection with a merger or acquisition (subject to the same privacy protections).

5. DATA RETENTION

|-----------|-----------------|

Data Type	Retention Period
Call recordings	90 days
Call transcripts	90 days
Appointment data	Duration of Client subscription + 30 days
System/audit logs	12 months
Client account data	Duration of subscription + 30 days
Billing records	As required by tax law

After the retention period, data is securely deleted using cryptographic erasure.

6. YOUR RIGHTS

Dental Practice Clients

**Access:** Request a copy of your account data.

**Correction:** Request correction of inaccurate practice information.

**Deletion:** Request deletion of your account and associated data.

**Data Export:** Request export of call logs and recordings in a machine-readable format within 30 days of account termination.

**Cancellation:** Cancel your subscription at any time.

Patients (Callers)

Patient rights regarding PHI are exercised through your dental practice, not directly through AngelSpok. Contact your dental practice to access, amend, or request restrictions on your health information.

California Residents: To the extent any personal information falls outside the HIPAA exemption, you have rights under CCPA/CPRA to know, delete, correct, and opt out of the sale/sharing of your personal information. Contact [email protected].

Texas Residents: Comparable rights under the Texas Data Privacy and Security Act apply for non-PHI data. Contact [email protected].

7. AI-SPECIFIC DISCLOSURES

**AI Nature:** Every caller is informed at the beginning of each call that they are speaking with an AI assistant. This disclosure is hard-coded and cannot be removed.

**No Clinical Function:** The AI does not provide clinical advice, diagnosis, or treatment recommendations.

**Call Recording:** Callers are informed of recording at the beginning of each call.

**Human Review:** Call recordings may be reviewed by authorized personnel for quality assurance and compliance, under strict confidentiality obligations.

8. CHILDREN'S PRIVACY

Parents or guardians may call on behalf of minor patients. Information about minor patients is treated as PHI under HIPAA. We do not knowingly collect personal information from children for marketing purposes.

9. CHANGES TO THIS POLICY

Material changes will be communicated to Clients via email at least thirty (30) days before taking effect.

10. CONTACT US

Email: [email protected]

Website: dental.angelspok.com

Address: [CAPTAIN: Virtual mailbox TX — preencher quando contratar]

For HIPAA-related inquiries or to report a potential breach: [email protected]

← Back to DentalAngel