Privacy Policy

Last updated: March 19, 2026 — This is a working draft pending legal review.

1. Overview

Photon AI Receptionist ("the Platform") is an AI-assisted scheduling service operated by Photon Cyber Solutions ("we", "us", "our"), based in Ontario, Canada. This policy describes how we collect, use, and protect information from callers, practitioners, and administrators who interact with the Platform.

2. Data We Collect

Caller Data

  • Phone number: Used for call routing. We store a one-way cryptographic hash for repeat-caller identification — not the raw number itself.
  • Voice audio: All calls are recorded for quality and compliance purposes. Recordings are encrypted at rest and automatically purged according to your clinic's data retention policy.
  • Conversation transcripts: Full transcripts are generated and stored for every call. Transcripts are encrypted at rest using AES-256-GCM and automatically purged according to your clinic's data retention policy.
  • Caller-provided info: Name, phone number, email, and reason for call as voluntarily provided during the conversation. This information is encrypted at rest and used for booking summaries and practitioner follow-up.
  • Voicemails: Stored when a caller leaves a voicemail. Subject to the data retention policy below.

Practitioner Data

  • Name, email, business name, phone number
  • Calendar feed URLs (encrypted at rest with a dedicated encryption key)
  • AI configuration preferences (greeting, personality, services offered)
  • Billing information managed by a PCI-compliant payment processor — we do not store payment card details
  • Login credentials stored using industry-standard hashing (bcrypt)
  • WebAuthn/Passkey credentials for passwordless authentication (public keys only)

Usage Data

  • Call metadata: duration, timestamp, outcome
  • Booking requests: service, preferred date/time, status
  • System events: login attempts, configuration changes

3. How We Use Your Data

  • To provide AI-assisted phone answering and scheduling services
  • To check practitioner availability and offer appointment times
  • To send booking summaries to practitioners for confirmation
  • To generate billing invoices and track usage
  • To improve service quality and troubleshoot issues
  • To detect and respond to operational incidents
  • To comply with legal obligations

4. Third-Party Services

We use trusted third-party service providers in the following categories to operate the Platform. Each provider receives only the minimum data necessary for their function:

  • Voice AI provider: Processes call audio in real-time for speech recognition and AI conversation. Audio retention on the provider's systems is configured to match your clinic's retention policy.
  • Telephony provider: Handles phone number provisioning and call routing. Receives caller phone numbers for routing purposes only.
  • AI reasoning provider: Powers operational monitoring and practitioner help features. Receives only anonymized operational data — no caller PHI is sent to this provider.
  • Payment processor: Handles practitioner billing and payment collection. We never store payment card details directly.
  • Email delivery provider: Sends transactional emails (account invitations, password resets, billing notifications). Receives practitioner email addresses for delivery only. No PHI is included in emails.

A full list of sub-processors and their data handling practices is available to practitioners upon request.

5. Data Retention

All call data — including transcripts, recordings, caller information, booking details, and voicemails — is subject to an automatic retention policy. The clinic owner controls the retention period (30, 60, 90, or 180 days) from the Settings page. Data is automatically purged once it exceeds the configured retention window.

  • Call records, transcripts, and recordings: Automatically purged after the configured retention period.
  • Caller personal information: Names, phone numbers, and email addresses collected during calls are encrypted at rest and purged with their associated call records.
  • Voicemails: Subject to the same retention period and automatic purge.
  • Booking requests: Purged alongside their associated call records.
  • Availability data: Refreshed periodically. Historical availability is not retained.
  • Audit logs: Retained for 365 days, then purged.
  • Practitioner accounts: Data retained until account deletion. Upon deletion, all associated data is permanently removed.

6. Data Encryption & Protection

We employ multiple layers of encryption to protect sensitive data:

  • PHI encryption at rest: Caller names, phone numbers, email addresses, transcripts, and voicemail text are encrypted using AES-256-GCM with a dedicated encryption key, separate from other system keys.
  • Calendar feed encryption: Practitioner iCal feed URLs are encrypted at rest with a separate dedicated key.
  • Caller phone hashing: Raw phone numbers are stored only in encrypted form. A one-way SHA-256 hash (with a dedicated salt) enables repeat-caller identification without exposing the number.
  • TLS 1.3 in transit: All data transmitted between clients, our servers, and third-party providers is encrypted in transit.

7. Your Rights

Callers

  • Request to speak with a human instead of the AI at any time
  • Leave a voicemail instead of interacting with the AI
  • Contact the practitioner directly to request deletion of call data
  • Contact us for data access or deletion requests

Practitioners

Clinic owners control the following privacy settings from their dashboard:

  • Data retention period (30, 60, 90, or 180 days)
  • Voicemail (enable/disable)
  • AI disclosure preference (whether the AI identifies itself as AI when asked)

Right to Erasure

Clinic owners can request complete deletion of all clinic data through the admin panel. This permanently removes all call records, transcripts, recordings, caller information, bookings, voicemails, and configuration data associated with the clinic.

8. Security

We implement industry-standard security measures to protect your data, including:

  • Field-level AES-256-GCM encryption of all PHI at rest
  • TLS 1.3 encryption of all data in transit
  • Caller phone numbers stored as irreversible cryptographic hashes
  • Strict multi-tenant data isolation between clinics
  • Session-based authentication with automatic expiry
  • WebAuthn/Passkey support for passwordless authentication
  • Account lockout after repeated failed login attempts
  • Rate limiting on all API endpoints
  • Automatic data purging on configurable schedules
  • HMAC signature verification on all inbound webhooks
  • Audit logging with sensitive data redaction

9. Jurisdiction

This Platform operates under the laws of Ontario, Canada. We are committed to compliance with the Personal Health Information Protection Act (PHIPA) as applicable to our role as a service provider in the healthcare-adjacent space. See our Compliance Statement for details.

10. Contact

For privacy inquiries, data access requests, or deletion requests:

Photon Cyber Solutions
Email: [email protected]
Ontario, Canada