Back to home
Plain-language summary · Final legal version coming soon

Privacy notice.

This page summarizes, in plain English, how CliniVox handles data. The legally binding version sits alongside your Business Associate Agreement; if anything below conflicts with that document, the BAA governs.

Last updated July 2, 2026.

What we collect

From your dental practice: organization name, billing contact, team member emails, the API credentials needed to talk to your PMS, and any phone numbers you forward to CliniVox.

From your patients (on your behalf): call audio, transcripts, callback numbers, names, dates of birth as needed to look them up in your PMS, and the appointments they ultimately book. We hold this as your Business Associate. It never leaves your organization.

From your browser when you use the dashboard: device type, IP address, and page interactions so we can keep the product working. We do not use ad-tech cookies or sell traffic data.

How we use it

To answer calls, take messages, and write appointments into your PMS. That's what you signed up for.

To run the campaigns and SMS flows you configure inside your organization.

To support your team when you contact us. Support reps see only what they need; impersonation sessions are logged and visible to you in your audit log.

We do not train shared AI models on your patient data. Voices and scripts are configured per-organization; the underlying speech models are general-purpose and frozen at version release.

How we protect it

Patient data is encrypted at rest with per-organization keys. Decryption only happens inside CliniVox services that need it (the call engine, the PMS bridge, the dashboard you log into).

PMS credentials use OAuth where the vendor supports it. Where they don't (older on-prem systems), our signed Bridge agent tunnels outbound. Your server never opens to the internet.

We host in US cloud regions. Patient data does not leave the United States. Backups are encrypted and retained for 30 days.

Your rights and your patients' rights

You own your data. Export everything (calls, transcripts, campaigns, contacts) at any time from the Settings page or the API.

Your patients have the rights HIPAA grants them: access, correction, portability, deletion. Forward any request to us and we'll honor it within 30 days.

Cancel anytime. After cancellation, your organization is retained for 60 days (so you can reactivate) then permanently deleted, including backups, within 90 days unless legally required to keep it.

Sub-processors

We use a small set of vendors to deliver CliniVox: cloud hosting, AI model providers for speech and language, a telephony carrier, a payments processor, and a transactional email service.

Every sub-processor that touches PHI signs a Business Associate Agreement with us before handling any data. Email hello@clinivox.ai for the current list; we'll notify you at least 14 days before adding one that processes PHI.

Questions?

Email hello@clinivox.ai and a human will get back to you.