Agent IA VocalDentists
FR
Légal

Privacy policy

Last updated: November 1, 2025

Hosting
Canada (Montreal)
Retention
90 days default
Compliance
PIPEDA & Quebec Law 25
Ad cookies
None

1. Data controller

Agent IA Vocal inc., 3295 rue Dubé, Quebec City (QC) G1M 3T3, Canada.

Privacy officer: rprp@agentiavocal.ca. Response guaranteed within 30 business days.

2. Information collected

  • Inbound calls: patient name, phone number, reason for call, text transcript, and audio recording (duration, timestamp).
  • Practice account: practice name, contact email, professional phone, billing data (processed by Stripe, never stored by us).
  • PMS integration: if you enable Dentitek, Maxident, or Open Dental sync, we receive only available slots and booking confirmations — no complete health records.
  • Website: anonymized analytics (Plausible Analytics, EU-hosted, no tracking cookies).

Dental practice note: You remain the responsible party for your patients' health data under applicable health legislation. Agent IA Vocal acts as a processor and handles only the information necessary to book appointments.

3. Purposes

  • Providing the AI voice reception service (booking, qualification, emergency transfer).
  • Generating searchable transcripts viewable by your team via the dashboard.
  • Billing and subscription renewal.
  • Technical support and service improvement.
  • Voice model improvement — only with your explicit written consent, revocable at any time.

4. Hosting and retention

All audio recordings, transcripts, and call logs are stored exclusively in a Canadian data centre (AWS ca-central-1, Montréal).

  • Default retention: 90 days, then automatic and irreversible deletion.
  • Custom retention: configurable in your account settings to match your clinical or legal requirements (e.g. 2 years for medico-legal records).
  • No cross-border transfer of patient call data.

5. Security

  • Encryption in transit: TLS 1.3 on all connections.
  • Encryption at rest: AES-256 for all recordings and transcripts.
  • Access control: only staff with a legitimate business need can access data; full audit logs.
  • Penetration testing: performed annually by an independent third party.
  • Authentication: mandatory two-factor authentication (2FA) for all administrative access.

6. Processors

  • Twilio — phone numbers and voice transmission. Technical data only, no permanent storage.
  • ElevenLabs — text-to-speech. Only the text to be read, not linked to a patient.
  • Stripe — payment processing. Billing data; PCI-DSS Level 1 certified.
  • Neon Database — PostgreSQL hosted in the Canada-Central region.
  • Resend — transactional email delivery (confirmations, alerts).

Each processor has signed a data processing agreement in line with our legal obligations.

7. Your rights (PIPEDA & Quebec Law 25)

You and your patients have the following rights:

  • Access — obtain a copy of the information held about you.
  • Correction — fix any inaccurate information.
  • Deletion — request erasure of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Consent withdrawal — at any time, without penalty for non-essential purposes.
  • No automated decision-making — Sophie makes no autonomous medical decisions.

To exercise your rights: rprp@agentiavocal.ca. Response within 30 days. You may also file a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada.

8. Privacy incidents

Any incident (unauthorized access, breach, loss) is:

  • Immediately logged in our incident register.
  • Assessed against CAI severity guidelines within 24 hours.
  • Reported to the CAI if the risk is serious, within Law 25 timelines.
  • Notified to your practice and, where applicable, to affected patients.

9. Cookies

  • Functional cookies: login session only (expires: end of session).
  • Anonymized analytics: Plausible Analytics — no personal data, no third-party cookies.
  • No advertising or cross-site tracking cookies.

10. Changes

Any material change to this policy is:

  • Announced by email to your contact address 30 days before it takes effect.
  • Summarized in a change log accessible from your dashboard.
  • Subject to your explicit acceptance if it broadens the scope of processing.

The current version is always available at agentiavocal.ca/en/privacy.