Privacy Policy
Your patients trust you. You can trust Eva with their data.
Eva AI was designed for regulated medical environments. We collect only the data that is required to deliver reliable receptionist coverage, and we give you full visibility into how it is stored, accessed, and deleted.
Last updated: November 19, 2025
Information We Collect
- Contact details shared during demos, trials, or support interactions
- Practice-level configuration data needed to train Eva on your services, pricing, and availability
- Call, SMS, and email transcripts that are required for booking accuracy and quality monitoring
- Usage analytics such as feature adoption, response latency, and error rates so we can improve reliability
How We Use Your Data
- Deliver real-time receptionist services, including appointment booking and follow-up communications
- Maintain backups, audit trails, and dispute resolution logs for regulatory purposes
- Provide proactive account insights (e.g., staffing recommendations, conversion metrics)
- Send critical product updates, security notifications, and billing correspondence
Patient & Customer Privacy
- All Protected Health Information (PHI) is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access to PHI is role-based and logged; every retrieval or export requires an authorized user
- You maintain full ownership of patient data. We never sell or monetize PHI or communications data
- Data retention defaults to 365 days, but Enterprise customers may request custom retention or deletion schedules
Your Controls
- Download or delete transcripts, call recordings, and analytics exports directly from the admin dashboard
- Request a full data inventory or audit log by emailing privacy@eva-ai.com
- Designate a privacy contact so we know who to coordinate with for HIPAA or GDPR requests
- Update notification preferences (marketing, product, billing) at any time inside Settings → Notifications