Skip to main content

Privacy Policy

Last updated: February 2026

NeuroMatic AI ("NeuroMatic," "we," "us," or "our") is committed to protecting the privacy of our clients, their patients, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

Call Data

When our AI voice agent handles calls on behalf of your practice, we may process the following information:

  • Caller phone number and call duration
  • Call recordings and transcriptions (when enabled by the practice)
  • Appointment scheduling details
  • Caller inquiries and responses
  • Call metadata (time, date, call routing information)

Form Submissions

When you submit a form on our website (such as the contact form or pilot request), we collect:

  • Name and job title
  • Email address and phone number
  • Practice name and specialty
  • Message content and any additional information you provide

Analytics & Website Data

We automatically collect certain information when you visit our website, including:

  • IP address and browser type
  • Pages viewed and time spent on pages
  • Referring website and search terms
  • Device type and operating system
  • Cookies and similar tracking technologies

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve our AI voice reception services
  • Process and schedule patient appointments on behalf of your practice
  • Respond to inquiries and provide customer support
  • Send service-related communications and updates
  • Analyze website usage to improve user experience
  • Comply with legal obligations and enforce our terms
  • Detect, prevent, and address technical issues or fraud

3. HIPAA Compliance

NeuroMatic understands the critical importance of protecting patient health information (PHI) in healthcare settings. Our commitment to HIPAA compliance includes:

  • Business Associate Agreements (BAAs): We execute a BAA with every healthcare client before processing any patient data. This legally binds us to protect PHI in accordance with HIPAA regulations.
  • Minimum Necessary Standard: We only access, use, and disclose the minimum amount of PHI necessary to perform our services.
  • Employee Training: All team members undergo regular HIPAA compliance training and are bound by confidentiality agreements.
  • Breach Notification: In the unlikely event of a data breach involving PHI, we will notify affected clients within the timeframes required by HIPAA.
  • All data is encrypted both in transit and at rest, ensuring PHI remains protected at every stage.

4. Data Security

We implement robust security measures to protect your information:

  • 256-bit AES encryption for all data at rest and TLS 1.2+ encryption for all data in transit
  • US-based data centers with SOC 2 Type II compliance and physical security controls
  • Regular security audits and penetration testing
  • Role-based access controls with multi-factor authentication
  • Continuous monitoring and intrusion detection systems
  • Automated backup and disaster recovery procedures

5. Third-Party Services

We may share information with third-party service providers who assist us in operating our platform, including:

  • Cloud infrastructure and hosting providers
  • Analytics and performance monitoring services
  • Customer relationship management (CRM) tools
  • Payment processing services

All third-party providers are carefully vetted and contractually obligated to protect your data. Where PHI is involved, we ensure appropriate BAAs are in place with these providers.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

6. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Call data and recordings: Retained for the duration of the service agreement plus 30 days, unless longer retention is required by law or requested by the client.
  • Account information: Retained for the duration of the business relationship plus 7 years for legal and compliance purposes.
  • Website analytics data: Retained for up to 26 months.
  • Form submissions: Retained for up to 2 years or until the inquiry is resolved.

Upon termination of services, clients may request deletion of their data. We will process such requests within 30 days, subject to any legal retention requirements.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Opt-Out: Opt out of marketing communications at any time.
  • Data Portability: Request your data in a structured, commonly used format.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with a revised "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: