Privacy Policy
Last updated: October 8, 2024
Purpose and Scope
Why This Policy Exists & Who It Applies To
This privacy policy explains how Anserina ("Anserina", "we", "us", "our") collects, uses, shares, and protects personal data to:
- Maintain transparency about data handling practices
- Help individuals understand their privacy rights
- Comply with applicable privacy laws
- Build trust with medical clinic customers and their patients
This policy applies to:
- Customers: Medical clinics and their staff
- End Users: Patients and callers whose data is processed through our AI receptionist
- Online Users: Website visitors
- Partners: Business partners and vendors
Note: Anserina operates as a data processor on behalf of medical clinics who are the data controllers. Clinics maintain the primary relationship with patients and are responsible for obtaining appropriate consent.
Types of Personal Data Collected
Customer-Provided & Processed Data
Business Information
- Business name and clinic contact information
- Staff names and email addresses
- Cliniko or similar software API credentials
Account Details
- Account credentials and user preferences
- Payment information for service purchases
Call Data (processed on behalf of customers)
- Call recordings and transcripts
- Patient names and appointment details
Automatically Collected Data
- Device information (type, operating system, browser)
- IP address and general location
- Usage analytics and log data for security and service improvement
Cookies and Similar Technologies
How We Use Cookies
Anserina uses cookies and similar technologies to operate our website and services, analyze usage, enhance security, and personalize your experience.
Types of Cookies
Essential Cookies
Required for core functionality (authentication, preferences). Cannot be disabled as they're necessary for service operation. Duration: Session to 1 year.
Analytics Cookies
Help us understand site usage patterns through Google Analytics. Duration: Up to 2 years.
Functionality Cookies
Remember your preferences and settings. Duration: Up to 1 year.
Managing Your Preferences
You can control cookies through your browser settings to block or delete cookies. Note that blocking essential cookies may impact service functionality. For more information about managing cookies, visit www.allaboutcookies.org.
Purposes of Data Use
Service Delivery & Operations
- Providing and maintaining our AI receptionist service
- Account creation and management
- Processing transactions and payments via Stripe
- Transcribing calls via ElevenLabs and AssemblyAI
- Analyzing call content using Anthropic & OpenAI
- Sending appointment confirmations through Twilio
- Ensuring platform security and preventing fraud
- Analyzing usage patterns to improve services
Communication & Legal Obligations
- Responding to inquiries and support requests
- Sending service-related notifications and updates
- Complying with applicable laws and regulations
- Enforcing our terms of service
- Sending marketing communications (with consent)
Legal Basis for Processing
We process personal data only when we have a valid legal basis:
Consent (withdrawable at any time)
- Marketing communications
- Non-essential cookies
- Call processing (through customer agreements with patients)
Contractual Necessity
- Service delivery and core functions
- Payment processing
- Account management and support
Legitimate Interests
- Service enhancement
- Security and fraud prevention
- Business operations and analytics
Data Sharing & Third-Party Providers
Internal Access
- Limited to authorized personnel on a need-to-know basis
- Protected by access controls, confidentiality agreements, and multi-factor authentication
Service Providers
We engage third-party service providers who process data only for specified purposes under written contracts and must maintain appropriate security controls:
ElevenLabs
Call storage & voice AI
AssemblyAI
Call transcription
Anthropic & OpenAI
Transcript analysis
Twilio
Telephony & messaging
Cliniko
Patient data interface
Stripe
Payment processing
Cross-Border Transfers
- Data processing occurs primarily in US and EU cloud environments
- Protected by standard contractual clauses or other legal safeguards where required
- Service providers maintain GDPR and APP compliance
Data Retention
Your Rights & How to Exercise Them
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion when no longer needed
- Receive your data in a portable format
- Object to certain processing activities
- Withdraw consent previously given
How to Exercise Your Rights:
- For Medical Clinic Customers: Exercise rights through your Anserina account or by contacting us.
- For Patients/End Users: Contact your medical clinic directly as the data controller.
Contact us at privacy@anserina.com.au to exercise these rights. We aim to respond within 30 days.
Complaints & Security
Complaint Handling
Submit privacy concerns to privacy@anserina.com.au with detailed information. We'll acknowledge within 2 business days and aim to resolve within 30 days.
If unsatisfied, you may contact:
- Australia: Office of the Australian Information Commissioner (OAIC)
- EU: Your local data protection authority
Security Measures
We protect personal data through:
Encrypted Storage
Database encryption via secure cloud hosting
Secure Transmission
End-to-end encryption for data in transit
Multi-Factor Authentication
On all administrative services
Regular Security Reviews
Code reviews and security testing
Policy Updates
We regularly review this policy and will notify users of material changes at least 30 days before implementation. Minor changes will be posted on our website.
Contact Information
For questions about this policy, contact:
Anserina
Privacy Email: privacy@anserina.com.au
General Support: support@anserina.com.au
Website: www.anserina.com.au