Privacy Policy

When a clinic signs up, we collect registration and setup details such as the names, work email addresses, and phone numbers of clinic staff who use Vocalis, along with the clinic or practice name, business address, time zone, operating hours, and account and billing configuration.

To handle calls, scheduling, and follow-up for a clinic, we process patient information that the clinic provides or that is collected during an interaction. This can include a patient's name, phone number, email address, appointment dates and times, the reason for the visit, and related scheduling notes.

Vocalis records and transcribes calls handled by the AI voice agent and stores the resulting audio, transcripts, AI-generated summaries, and call metadata such as the phone numbers involved, call duration, and outcome. We also store the content of SMS and email messages sent or received through the platform on behalf of the clinic.

Because Vocalis serves medical and dental practices, the information above can include Protected Health Information. Vocalis processes PHI only as a Business Associate on behalf of the clinic and under a signed Business Associate Agreement. See the HIPAA Compliance section below for details.

When a clinic connects a third-party service, Vocalis receives the data needed to operate that integration. This includes OAuth tokens and calendar event details for Google Calendar, send authorization for Gmail, and, where a clinic connects an electronic health record or practice management system, the specific records the clinic authorizes us to read or write. We request the narrowest access required for each feature.

Like most online services, we automatically collect technical data when you use the platform, including IP address, browser and device type, log data, and product usage analytics. We use cookies and similar technologies as described in the Cookies and Analytics section.

We share data with vetted service providers (subprocessors) that help us deliver the platform. Each subprocessor is bound by contract to protect the data and to use it only to provide services to Vocalis, and any subprocessor that handles PHI does so under a Business Associate Agreement. Our current subprocessors include the following categories and providers:

• Cloud hosting, storage, and databases: Amazon Web Services (AWS).
• Telephony and voice AI: Retell AI and Amazon Connect.
• Speech recognition and synthesis: Deepgram and ElevenLabs.
• AI language models: Anthropic and Amazon Bedrock.
• SMS delivery: Twilio and AWS End User Messaging.
• Email delivery: Resend and Amazon SES.
• Calendar and email integrations: Google, when a clinic connects its account.

A current and complete list of subprocessors is available on request at privacy@vocalis.team.

When a clinic connects an electronic health record, practice management, or CRM system, Vocalis exchanges data with that system at the clinic's direction and only to the extent the clinic authorizes. The clinic controls these connections and can disconnect them at any time.

We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request, or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Vocalis, our customers, or the public.

If Vocalis is involved in a merger, acquisition, or sale of assets, customer data may be transferred as part of that transaction. We will require the recipient to honor the commitments in this Privacy Policy, and any transfer of PHI will remain subject to HIPAA.

Vocalis does not sell personal information or PHI, does not share it with data brokers, and does not use Google user data or PHI to train generalized AI or machine-learning models.

Vocalis requests the following Google API scope when a clinic administrator connects their Gmail account:

• https://www.googleapis.com/auth/gmail.send

This scope grants Vocalis the ability to send email on behalf of the authorized user. It does not grant access to read, search, list, or modify any messages or inbox data.

Vocalis uses the gmail.send scope exclusively to send transactional emails from the clinic's connected Gmail account to its patients. Specific use cases include:

• Scheduling links and appointment confirmation emails
• Appointment reminder emails
• Summaries of phone calls handled by the Vocalis AI receptionist

These emails are sent only as a direct result of clinic-configured automations or AI-handled calls. Vocalis does not send marketing emails, does not email on behalf of anyone other than the connected clinic, and does not initiate email sends without a triggering event in the platform.

The gmail.send scope is send-only. Vocalis:

• Does not read, list, search, or access any messages in the authorized account
• Does not modify, archive, or delete any messages
• Does not access drafts, labels, threads, or inbox content of any kind
• Does not access contacts, calendar events, or any other Google service
• Does not request any Google API scope beyond gmail.send

When a clinic administrator authorizes Vocalis via Google OAuth, we receive and store an OAuth refresh token to maintain access on the clinic's behalf. This token is handled as follows:

• Storage: OAuth refresh tokens are stored encrypted at rest in AWS RDS PostgreSQL. Encryption uses AWS Key Management Service (KMS) with AES-256.
• Transit: All data in transit between Vocalis systems, Google APIs, and end users is encrypted using TLS 1.2 or higher.
• HIPAA: Vocalis operates under an AWS Business Associate Agreement (BAA), meaning our AWS infrastructure meets HIPAA standards for the protection of PHI and associated credentials.
• Access control: Refresh tokens are accessible only to internal Vocalis services that need them to send email. No human employee has routine access to plaintext tokens.

When Vocalis sends an email on your behalf, we log the following metadata for delivery troubleshooting purposes:

• Recipient email address
• Timestamp of send attempt
• Message-ID returned by Gmail
• Send status (success or error)

This metadata is retained for 90 days. Vocalis does not retain the body content of sent emails beyond this window in association with the user's Google identity. After 90 days, send log records are automatically purged.

Vocalis's use and transfer of information received from Google APIs — including Gmail and Google Calendar — to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google user data — including OAuth tokens and any data derived from Google APIs — is not sold, shared with third parties, or transferred to any other application or service for advertising purposes or any other commercial purpose beyond operating the Vocalis service for the connected clinic.

Google user data is not used to train, fine-tune, or otherwise improve any generalized AI or machine-learning models — including Vocalis's own AI models. The AI functionality in Vocalis operates on call audio and transcripts provided by the clinic's telephony integration; it does not use Gmail data as training input in any form.

You can disconnect Vocalis's Gmail access at any time through two paths:

• In-app: Navigate to Settings → Integrations → Gmail and click "Disconnect." This immediately revokes Vocalis's ability to send email and queues deletion of the stored OAuth token.
• Via Google: Visit myaccount.google.com/permissions, find "Vocalis," and remove access. Google will revoke the token server-side; Vocalis will detect the revocation on the next send attempt and remove the stored credential.

In either case, Vocalis will permanently delete stored Google OAuth tokens within 30 days of revocation. Send logs subject to the 90-day retention window described above will be purged on their normal schedule; they are not linked to your Google identity after the token is deleted.

For questions specifically about how Vocalis handles your Google user data, email us at privacy@vocalis.team. We respond to privacy inquiries within 5 business days.

Vocalis requests the following Google API scope when a clinic administrator connects their Google Calendar account:

• https://www.googleapis.com/auth/calendar

This scope grants Vocalis the ability to read and write calendar events on behalf of the authorized user.

Vocalis uses the calendar scope exclusively to manage appointments on behalf of the connected clinic. Specific use cases include:

• Creating new appointments booked by the Vocalis AI receptionist during inbound calls
• Reading existing calendar events to check availability and avoid double-booking
• Updating or canceling appointments at the direction of clinic staff or confirmed patient requests

Vocalis does not access calendar data for any purpose beyond managing clinic appointments within the platform.

Vocalis:

• Does not read, modify, or delete calendar events unrelated to Vocalis-initiated or clinic-directed actions
• Does not share calendar data with third parties for any purpose
• Does not use calendar data to train, fine-tune, or improve any AI or machine-learning models
• Does not access any other Google service beyond the calendar scope listed above

OAuth refresh tokens for Calendar access are stored encrypted at rest in AWS RDS PostgreSQL using AWS KMS with AES-256. All data in transit is encrypted using TLS 1.2 or higher. Access is restricted to internal Vocalis services only.

You can disconnect Vocalis's Calendar access at any time through Settings → Integrations → Google Calendar and clicking "Disconnect," or by visiting myaccount.google.com/permissions and removing Vocalis. Stored OAuth tokens will be permanently deleted within 30 days of revocation.

When a patient provides their phone number to a clinic using Vocalis — through a web form, a phone booking handled by the AI agent, or directly with clinic staff — Vocalis stores that phone number along with consent metadata (timestamp, source of consent, clinic identifier) to deliver the requested SMS communications.

Phone numbers and SMS consent data are used solely to:

• Send transactional SMS messages on behalf of the clinic the patient engaged with
• Maintain a record of consent and opt-out status
• Comply with carrier and regulatory requirements (TCPA, CTIA)

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Patients can opt out of SMS messages at any time by replying STOP to any message. Opt-out is processed immediately and is honored across all clinics using the Vocalis platform for that phone number unless the patient re-enrolls. Reply HELP for assistance.

Message frequency varies based on appointment activity. Message and data rates may apply, based on the patient's mobile carrier and plan.

The Vocalis SMS program is compatible with all major U.S. carriers, including AT&T, T-Mobile, Verizon, and others. Carriers are not liable for delayed or undelivered messages.