Privacy Policy

We may collect the following types of information:

• Personal Information: Name, phone number, email address, date of birth, and mailing address.
• Health Information: Medical appointment details, prescription refill requests, insurance information, and other healthcare-related information you provide during calls.
• Communication Data: Call recordings, transcripts, SMS/text messages, and voicemails.
• Device Information: Phone number, carrier information, and device identifiers when you interact with our services.
• Usage Data: Information about how you interact with our services, including call times, durations, and service preferences.

When you opt in to receive SMS/text messages from Spriggan AI or healthcare providers using our platform, we collect and process:

• Your mobile phone number
• Your consent status and opt-in/opt-out history
• Message content and delivery status
• Timestamps of messages sent and received

Message Types: You may receive appointment reminders, confirmation requests, billing notifications, prescription refill updates, and other healthcare-related communications.

Opt-Out: You can opt out of SMS messages at any time by replying STOP to any message. Reply HELP for assistance. Message and data rates may apply. Message frequency varies based on your healthcare interactions.

We use the information we collect to:

• Provide AI-powered receptionist services to healthcare providers
• Schedule, confirm, reschedule, and cancel appointments on your behalf
• Process prescription refill requests
• Send appointment reminders and billing notifications via SMS/text or voice calls
• Facilitate communication between you and your healthcare provider
• Verify insurance eligibility
• Improve and optimize our services
• Comply with legal and regulatory requirements

Spriggan AI is fully committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA). We operate as a Business Associate under HIPAA and enter into Business Associate Agreements (BAAs) with all healthcare providers who use our services.

Protected Health Information (PHI): Any health information we collect on behalf of healthcare providers is treated as PHI and handled in accordance with HIPAA requirements. We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.

Minimum Necessary Standard: We only access, use, and disclose the minimum amount of PHI necessary to accomplish the intended purpose.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest (AES-256)
• Secure, access-controlled data centers
• Regular security audits and vulnerability assessments
• Employee training on data privacy and security
• Multi-factor authentication for system access
• Audit logging of all PHI access

We work with trusted third-party service providers who assist us in operating our services. These providers are contractually obligated to protect your information and comply with applicable privacy laws. Our service providers include:

• Telecommunications providers for voice and SMS services
• Cloud hosting providers
• Payment processors
• Analytics providers (using de-identified data only)

All third-party providers who handle PHI have signed Business Associate Agreements with us.

We retain your information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• PHI: Retained in accordance with HIPAA requirements and our agreements with healthcare providers (typically 6 years minimum)
• SMS/Call Records: Retained for the duration of your relationship with the healthcare provider plus any legally required retention period
• Consent Records: Retained for as long as required to demonstrate compliance with applicable regulations

You have the following rights regarding your information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Opt-Out: Opt out of SMS/text messages by replying STOP
• HIPAA Rights: Exercise your rights under HIPAA, including requesting an accounting of disclosures

To exercise any of these rights, please contact us at support@spriggan.ai

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our privacy practices, please contact us: