Conversation AI Privacy Policy

All data captured by AI is treated as confidential. The data protections in place for AI-captured data default to PII classification; however, if PHI or PCI is captured, the handling of those data types will align with those requirements. Our internal policies, processes, and controls meet the requirements of data privacy legislation in the United States (e.g., CCPA, HIPAA…), as well GDPR, and include mechanisms to satisfy consumer rights, such as the Right to be Forgotten, the Right to Fix, and the Right to know what data has been collected and how that data is being used. The online privacy policy also includes links to subprocessor lists (e.g., Google), providing transparency into how the data may be used and shared. Lastly, we have a Vendor program in place, which validates the data privacy, compliance, security, and availability of every vendor that we use, the products we sell, and the services we provide. Our Vendor Program requires that the vendors/services/products, including AI, meet our Governance, Risk, and Compliance (GRC) standards before being implemented/offered and then at least annually thereafter. Our GRC standards are ISO 27001 certified, SOC 2 Type II audited, and align with HIPAA, PCI-DSS, GDPR, and state/international data privacy legislation.