Back to Home

Privacy Policy

Last updated: April 12, 2026

1. Information We Collect

CallClerk collects information you provide directly: your name, email address, phone number, and business details. When your AI receptionist handles calls, we process call audio recordings, transcripts, and caller information necessary to deliver the service. If you connect Google Calendar, we access your calendar data solely to check real-time availability and create appointment bookings on your behalf.

2. How We Use Your Information

We use collected data exclusively to operate and improve the CallClerk AI receptionist service, including: processing phone calls, booking appointments, generating call summaries, handling billing, and providing customer support. We do not use your data — including any Google user data — for advertising, marketing to third parties, or for training AI models. We do not sell your personal data.

3. Google API Data — Calendar Integration

CallClerk requests access to your Google Calendar to check real-time availability and create appointment bookings during AI-assisted phone calls.

  • No advertising use: We do not sell or use Google user data for advertising, analytics, or profiling purposes.
  • Purpose limitation: Google Calendar data is accessed solely to provide the appointment scheduling feature you have authorized. It is not used for marketing or any purpose beyond completing the calendar operation requested during the call.
  • No AI model training: We do not use Google user data to train AI models.
  • Token security: Google OAuth access tokens and raw Google Calendar API responses are stored and processed exclusively on our servers and are never transmitted to any third party.

CallClerk's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Artificial Intelligence Services

CallClerk uses a third-party AI voice processing provider for natural language understanding during phone calls.

When an appointment is scheduled during a call, the result of the calendar operation — for example, "Appointment confirmed for March 28 at 10:00 AM" — is included in the conversation context provided to our AI provider solely to allow it to verbally confirm the booking to the caller. This sharing is strictly limited to:

  • The appointment confirmation or availability result (date, time, status)
  • The caller's name and phone number, as needed to complete the booking

Google OAuth access tokens and raw Google Calendar API responses are never transmitted to our AI provider. Our AI provider does not store, retain, sell, or use calendar booking information to train models. All data shared is used exclusively within the active call session to complete the action the caller requested.

5. Data Storage & Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Call recordings and transcripts are stored securely and accessible only through your authenticated dashboard. OAuth tokens for third-party integrations are stored encrypted and never exposed client-side.

6. HIPAA Compliance

CallClerk is designed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA) for healthcare providers, including dental offices, medical spas, and other covered entities.

Protected Health Information (PHI)

When CallClerk handles calls on behalf of a healthcare provider, caller information — including name, phone number, reason for the call, appointment details, and insurance inquiries — may constitute Protected Health Information (PHI) under HIPAA. We treat all such data with the safeguards required by HIPAA and the HITECH Act.

Business Associate Agreement (BAA)

CallClerk will execute a Business Associate Agreement (BAA) with any covered entity upon request. The BAA establishes our obligations to safeguard PHI, report security incidents, and limit use of PHI to the services we provide on your behalf. To request a BAA, contact us at [email protected].

Technical Safeguards

  • Encryption in transit: All call audio, transcripts, and PHI are transmitted using TLS 1.2 or higher.
  • Encryption at rest: All stored data — including call recordings, transcripts, and caller details — is encrypted using AES-256.
  • Access controls: PHI is accessible only through your authenticated CallClerk dashboard. Role-based access ensures only authorized personnel can view call data.
  • Audit logging: Access to PHI is logged for accountability and compliance auditing.

Administrative Safeguards

  • Third-party sub-processors (AI voice, telephony) are contractually bound to handle PHI in accordance with HIPAA requirements.
  • CallClerk maintains internal security policies and conducts regular security reviews.
  • In the event of a breach involving PHI, we will notify affected covered entities within 72 hours as required by law.

Data Retention of PHI

Call recordings and transcripts containing PHI are retained for 90 days by default. Healthcare providers can download or permanently delete call data at any time from the dashboard. Upon account cancellation, all PHI is permanently deleted within 30 days.

7. Data Retention

Call recordings and transcripts are retained for 90 days by default. You can download or delete them anytime from your dashboard. Account data is deleted within 30 days of account cancellation. Google Calendar OAuth tokens are deleted immediately upon disconnecting the integration.

8. Third-Party Service Providers

To operate CallClerk, we work with trusted third-party service providers in the following categories:

  • AI voice processing — Natural language understanding and voice interaction during phone calls
  • Telephony infrastructure — Phone number management and call routing
  • Calendar integration — Google Calendar API for appointment scheduling (optional, user-authorized)
  • Payment processing — Subscription billing and invoicing

We may share limited, necessary data with these providers strictly to deliver the core functionality of the service. For AI voice processing, this may include:

  • Caller name and phone number
  • Appointment scheduling results (date, time, confirmation status)

We do not share Google OAuth tokens or raw Google Calendar API responses with any third-party provider. All third-party providers are contractually restricted from:

  • Using the data for advertising, profiling, or analytics
  • Retaining data beyond what is necessary to provide the service
  • Using data to train AI or machine learning models

CallClerk's use and transfer of information received from Google APIs to any third party complies with the Google API Services User Data Policy, including the Limited Use requirements.

9. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can disconnect any third-party integration (such as Google Calendar) from your dashboard settings. To request deletion of your account and all associated data, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of CallClerk after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, data requests, HIPAA inquiries, or BAA requests, contact us at: [email protected]