๐ Your Privacy & Data Security is Our Priority. Catchsera is committed to protecting your personal data and Protected Health Information (PHI) in compliance with HIPAA and Massachusetts state law.
1. Introduction
Catchsera, operated by Smart Zone Corp, is committed to protecting your personal data and Protected Health Information (PHI) in compliance with HIPAA and Massachusetts state law (M.G.L. c. 93H and 201 CMR 17.00).
This Privacy Policy applies to all visitors and clients of www.catchsera.com and www.care.catchsera.com.
2. Information We Collect
Account Data (from our clients โ dental/medical offices):
- Business name and address
- Owner and contact person name
- Email address and phone number
- Billing information (processed securely via Stripe)
Communication Data (from patient callers):
- Caller name and phone number
- Reason for calling and preferred callback time
- Call recordings and transcriptions
- SMS logs generated by the AI Assistant
Website Data (automatic collection):
- IP address and browser type
- Pages visited and time spent
- Device type and referring website
What We Do NOT Collect:
- Social Security numbers
- Full insurance policy numbers
- Detailed medical histories or clinical information
- Credit card numbers (handled directly by Stripe)
3. How We Use Your Information
- To provide and operate our AI receptionist service
- To notify your team of incoming patient calls
- To process payments via Stripe
- To send service notifications and updates via SMS/email
- To improve our AI models and service quality
- To comply with legal obligations
- To respond to support requests
4. HIPAA Compliance
Catchsera functions as a Business Associate for healthcare clients under HIPAA (45 CFR Parts 160 and 164).
- We utilize AES-256 encryption for all data at rest and TLS 1.2+ for all data in transit
- We execute a Business Associate Agreement (BAA) with all covered entities before service activation
- Our AI agents are strictly restricted from collecting or discussing PHI beyond what is minimally necessary
- All call recordings involving healthcare patients are stored in HIPAA-compliant infrastructure
- Staff with access to PHI are trained on HIPAA requirements and bound by confidentiality obligations
5. SMS Privacy โ A2P 10DLC Compliance
- Mobile information will not be shared with third parties for marketing or promotional purposes
- SMS opt-in data and consent information will never be shared with any third parties
- We share non-SMS data only with essential service providers to operate our AI platform
- To opt out of SMS: text "STOP" at any time
- For help: text "HELP" or email contact@catchsera.com
6. Data Retention
- Call Recordings: Retained 90 days then permanently deleted
- Account Data: Retained during subscription + 90 days after cancellation
- Billing Records: Retained 7 years as required by tax regulations
- Website Analytics: Retained 12 months then purged
To request data deletion, email contact@catchsera.com with subject "Data Deletion Request." We process within 30 days.
7. Data Sharing & Third Parties
๐ซ We do NOT sell your data to anyone. Ever.
We share data only with these essential providers:
- Stripe โ Payment processing (stripe.com/privacy)
- PulsyAI โ AI voice infrastructure, HIPAA compliant subprocessor
- Netlify โ Website hosting (netlify.com/privacy)
- Google Workspace โ Email and calendar (policies.google.com/privacy)
- Anthropic โ AI language model for website chat assistant (anthropic.com/privacy)
All subprocessors who may handle Protected Health Information are bound by Business Associate Agreements in compliance with HIPAA 45 CFR Parts 160 and 164.
8. Cookies
Our website uses minimal cookies for basic functionality, analytics, and session management. We do NOT use advertising or tracking cookies. You can disable cookies in your browser settings.
9. Your Rights
- Access โ Request a copy of data we hold about you
- Correction โ Request correction of inaccurate data
- Deletion โ Request deletion of your data
- Portability โ Request your data in a portable format
- Opt-Out โ Opt out of SMS communications anytime by texting STOP
To exercise any right, email contact@catchsera.com with subject "Privacy Rights Request."
10. Security
- AES-256 encryption for data at rest
- TLS 1.2+ encryption for data in transit
- Access controls and role-based authentication
- Regular security reviews and monitoring
In the event of a data breach, we will notify you within 72 hours as required by Massachusetts law (M.G.L. c. 93H).
11. Children's Privacy
Our services are intended for business use only and directed to adults operating healthcare practices. We do not knowingly collect personal information from anyone under 18 years of age.
12. Changes to This Policy
We will notify you of material changes by email at least 14 days before they take effect. The "Last Updated" date at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance.