Privacy Policy

1. Introduction

SIRRIUS OFFICE INC. ("Vocatively," "we," "us," or "our") provides AI-powered receptionist services to healthcare providers, professional service firms, and other businesses ("Subscribers"). This Privacy Policy describes how we collect, use, disclose, and protect information through our AI receptionist platform, subscriber dashboard, and website at vocatively.app (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Scope of This Policy

This Privacy Policy applies to information we collect from:

• Subscribers who register for and use our AI receptionist services
• Visitors to our website
• Individuals who contact us for support or inquiries

Important Notice: When our AI receptionist handles calls on behalf of a Subscriber, the Subscriber—not Vocatively—is the data controller for caller information. Each Subscriber determines how caller data is collected, used, and retained. We encourage callers to review the privacy practices of the business they are contacting.

3. Information We Collect

3.1 Information from Subscribers

When you create an account and use our Services, we collect:

• Account Information: Business name, contact name, email address, phone number, and business type
• Configuration Data: AI receptionist settings, voice preferences, greeting scripts, and appointment types
• Integration Data: Information from connected calendars, CRM systems, or practice management software
• Communication Records: Support tickets, emails, and chat conversations with our team

3.2 Information from Callers

On behalf of our Subscribers, our AI receptionist may collect:

• Contact Details: Name, phone number, email address
• Appointment Information: Preferred dates, times, and reason for visit
• Call Content: Information shared during the conversation, which may include health-related information for medical practices
• Recordings and Transcripts: Audio recordings and text transcriptions of calls

3.3 Automatically Collected Information

We automatically collect certain technical information:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, and interaction patterns
• Network Information: IP address, referring URLs, and access timestamps

4. How We Use Your Information

We use collected information to:

• Provide Services: Operate the AI receptionist, process appointments, and deliver call transcripts
• Improve Our Platform: Analyze usage patterns, enhance AI accuracy, and develop new features
• Communicate: Send service updates, respond to inquiries, and provide technical support
• Ensure Security: Detect fraud, prevent abuse, and protect our systems
• Meet Legal Obligations: Comply with applicable laws and respond to lawful requests
• Process Payments: Manage subscriptions and billing through our payment processors

5. Call Recordings and Transcripts

Our AI receptionist records calls and generates transcripts to provide our Services. Callers receive an automated notification at the beginning of each call informing them that the call may be recorded. By continuing the call after this notification, callers consent to recording.

Ownership: Recordings and transcripts belong to the Subscriber, not Vocatively. Subscribers control how long recordings are retained and how they are used within their practice.

Encrypted Delivery: All transcripts are delivered via HIPAA-compliant encrypted email to designated recipients within the Subscriber's organization.

6. How We Share Information

We do not sell your personal information. We do not share personal information with third parties for their marketing purposes.

We may share information in the following circumstances:

• With Subscribers: Caller information is shared with the Subscriber whose AI receptionist handled the call
• Service Providers: We work with trusted vendors for cloud hosting (AWS), email delivery, payment processing (Stripe), and telecommunications (Twilio)
• Legal Requirements: We may disclose information when required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets, information may be transferred to the acquiring entity
• With Consent: We may share information when you have given us explicit permission

8. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+
• Infrastructure: Our systems are hosted on AWS with SOC 2 Type II certified data centers
• Access Controls: Role-based access ensures only authorized personnel can access sensitive data
• Monitoring: Continuous security monitoring and regular vulnerability assessments
• Training: All employees complete privacy and security training

Payment Security: We do not store payment card information. All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor.

9. Data Retention

We retain information as follows:

• Subscriber Accounts: Active account data is retained while your subscription is active. Upon cancellation, account data is deleted within 30 days unless longer retention is required by law
• Call Recordings: Retained according to Subscriber preferences and applicable retention requirements. Default retention is 90 days unless otherwise specified
• Billing Records: Retained for 7 years to comply with financial record-keeping requirements
• Marketing Communications: Contact information is retained until you opt out or after 2 years of inactivity

10. Your Privacy Rights

10.1 Rights for All Users

Depending on your location, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Receive your data in a structured, commonly used format
• Opt-Out: Unsubscribe from marketing communications at any time

10.2 California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information is collected and the right to opt out of the sale of personal information. As stated above, we do not sell personal information.

10.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@vocatively.app. We will respond to verified requests within 30 days.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website and improve your experience:

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand how visitors use our site
• Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

12. Children's Privacy

Our Services are designed for business use and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will promptly delete it.

13. Geographic Limitations

Our Services are available to businesses located in the United States and Canada. Subscribers may not make our AI receptionist available to callers in jurisdictions outside these countries without our prior written consent.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify Subscribers of material changes via email and post the updated policy on our website with a revised "Last Updated" date. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: