Privacy Policy

1. Introduction

Welcome to AppointFlow ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical appointment scheduling service and AI-powered phone system.

2. Information We Collect

2.1 Information You Provide

When you use AppointFlow, we collect information that you provide directly:

• Clinic Information: Clinic name, address, phone number, email address, business hours
• Patient Information: Name, phone number, email address, preferred language, appointment history
• Appointment Details: Date, time, duration, appointment type, doctor assignment, notes
• Account Information: Username, email, password (encrypted), and account preferences

2.2 Information Collected Automatically

• Phone Call Data: Call recordings, transcripts, duration, phone numbers, call outcomes
• Usage Data: AI call minutes used, SMS messages sent, login history, feature usage
• Technical Data: IP address, browser type, device information, operating system

2.3 Health Information

We may collect limited health-related information such as appointment types and basic medical notes. We are committed to handling this information in compliance with applicable healthcare privacy laws, including HIPAA where applicable.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Schedule appointments, send reminders, manage clinic operations
• AI Phone System: Process incoming calls, understand patient requests, book appointments
• Communication: Send appointment confirmations, reminders (24-hour and 2-hour), and cancellation notices via SMS
• Account Management: Create and maintain your account, process payments, provide customer support
• Analytics: Improve our service, understand usage patterns, optimize AI performance
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

• Vapi.ai: AI-powered phone system for call handling and voice recognition
• Twilio: SMS delivery for appointment reminders and notifications
• Firebase/Google Cloud: Data storage, hosting, and authentication
• Stripe: Payment processing for subscriptions

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication mechanisms
• Secure Storage: Data stored in Firebase with enterprise-grade security
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff trained on data protection and privacy practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Account Data: Retained while your account is active and for 3 years after closure
• Appointment Records: Retained for 7 years to comply with healthcare record-keeping requirements
• Call Recordings: Retained for 90 days for quality assurance, then deleted
• SMS Records: Retained for 2 years for compliance and billing purposes

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request a copy of your data in a portable format
• Opt-Out: Opt out of marketing communications (appointment reminders cannot be opted out)
• Restrict Processing: Request restriction of how we process your data

To exercise these rights, please contact us at privacy@appointflow.ai

8. SMS Communications

By providing your phone number and using our service, you consent to receive SMS messages related to your appointments, including:

• Appointment confirmations
• 24-hour advance reminders
• 2-hour advance reminders
• Cancellation notices

Message Frequency: Message frequency varies based on your appointment schedule. Typically, you will receive 2-3 messages per appointment.

Message and Data Rates: Message and data rates may apply. Check with your carrier.

Opt-Out: Reply STOP to any message to unsubscribe from appointment reminders. However, this may affect your ability to receive important appointment information.

Help: Reply HELP for assistance or contact support@appointflow.ai

9. Children's Privacy

AppointFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place for such transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of personal information
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

12. HIPAA Compliance

For healthcare providers subject to HIPAA, we act as a Business Associate and comply with HIPAA regulations. A Business Associate Agreement (BAA) is available upon request for eligible customers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of AppointFlow after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: