Privacy Policy

Last updated: May 2026

1. Introduction

By using VoxyDent, you consent to the information collection practices outlined in this policy. If you do not agree, please do not use the platform.

2. Information We Collect

We gather the following types of information:

  • Account details (name, email, credentials)
  • Clinic information (practice name, address, hours, dentist details)
  • Call information including telephone call recordings, AI-generated transcriptions, and extracted appointment details
  • Usage metrics (pages visited, features accessed, session length)
  • Payment data (processed through an external provider; full card numbers are not stored internally)
  • Technical information (IP address, browser type, device data, cookies)

3. How We Use Your Information

We use collected data to:

  • Operate the voice receptionist service and transcribe calls
  • Improve AI models through anonymized pattern analysis
  • Process payments and communicate updates
  • Maintain platform security and meet legal obligations

4. Data Sharing and Third-Party Services

Information is shared with the following service providers:

  • ElevenLabs — voice AI processing
  • Twilio — telephony infrastructure
  • Clerk — authentication services
  • Google Calendar — appointment scheduling integration (see Section 5)
  • EasyBusy — dental practice CRM integration

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Google User Data

VoxyDent integrates with Google Calendar to let clinic staff and our voice agent manage appointments. When a clinic administrator connects their Google account through OAuth, we request the following scopes:

  • openid and https://www.googleapis.com/auth/userinfo.email — to identify which Google account is connected and display its email in the admin interface.
  • https://www.googleapis.com/auth/calendar.readonly — to read free/busy intervals on the clinic’s calendars so the voice agent does not double-book.
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete appointment events that the voice agent or clinic staff book through VoxyDent.

What we store. Encrypted Google OAuth access and refresh tokens, the connected account’s email address and Google account ID, the per-doctor calendar mappings configured by the clinic, and the IDs of events VoxyDent itself created. We do not mirror your calendar contents into our database.

How calendar data is used. Busy intervals are read in real time when an availability check is needed and held in process memory only for the duration of that request. Events are written when a booking is confirmed.

Limited Use. VoxyDent’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, do not use it for advertising or any purpose unrelated to the appointment-management features above, do not use it to develop, improve, or train generalized AI or machine-learning models, and do not allow humans to read it except where (a) you have given explicit consent for a specific support request, (b) it is necessary for security purposes such as investigating abuse, or (c) we are required to do so to comply with applicable law.

Retention and deletion. Tokens and integration metadata persist while the integration is connected. When the clinic disconnects the integration in VoxyDent — or revokes access at https://myaccount.google.com/permissions — we immediately delete the stored tokens, account email, account ID, and calendar mappings. Events that VoxyDent previously wrote to your Google Calendar are not deleted automatically; you can remove them in Google Calendar.

Revocation. You can revoke VoxyDent’s access at any time from the integrations page in the VoxyDent admin interface, or at https://myaccount.google.com/permissions.

Questions about Google data handling. Contact us at luka@voxydent.com.

6. Data Storage and Security

Data is stored in Frankfurt, Germany (EU). Protections include encryption, access controls, regular security assessments, and restricted personnel access.

7. Data Retention

Data is retained while your account is active or as required for service provision. Upon account deletion, data is removed or anonymized within 30 days, except where legal retention obligations apply.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure of your data
  • Data portability
  • Restrict processing
  • Object to processing

To exercise any of these rights, contact us at privacy@voxydent.com.

9. Cookies

We use essential cookies (required for sessions, non-disableable) and analytics cookies (disableable) for understanding usage patterns.

10. Changes to This Policy

Updates will be posted with a revised date. We encourage you to review this policy periodically.

11. Contact

For privacy-related questions, contact us at privacy@voxydent.com.