Privacy policy

1. Introduction

BooQik ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information and Protected Health Information (PHI) entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (booqik.com) or use our AI-powered call answering and appointment scheduling services.

2. Information We Collect

2.1 Website Visitors

When you visit booqik.com, we may collect standard web analytics data including IP address, browser type, pages visited, and referring URLs. We do not sell this information to third parties.

2.2 Business Clients

When you sign up for BooQik's services, we collect business information necessary to deliver our services, including business name and address, contact name, email, and phone number, provider/staff names and availability schedules, accepted insurance plans, appointment types and durations, and payment information (processed via Stripe).

2.3 Callers (Your Patients/Customers)

When individuals call a phone number serviced by BooQik, our AI assistant may collect the caller's name, phone number, reason for calling, appointment preferences (date, time, provider), insurance information (if voluntarily provided), and any other information the caller voluntarily shares during the conversation.

For healthcare clients, some of this information constitutes Protected Health Information (PHI) under HIPAA. See Section 5 for our HIPAA practices.

2.4 Call Data

Our systems may process call transcripts (text versions of the conversation), call metadata (duration, time, phone number), call recordings (if enabled and disclosed to the caller), and appointment booking data.

3. How We Use Information

We use the information we collect to deliver and improve our services, including answering calls and booking appointments on behalf of our clients, sending appointment confirmations and reminders via SMS or email, generating performance reports for our clients, improving our AI conversation quality and accuracy, communicating with clients about their accounts, and complying with legal obligations.

3.1 We Do NOT

• Sell personal information or PHI to third parties
• Use PHI for marketing purposes
• Use caller data for any purpose unrelated to delivering our services
• Train AI models on individual client or patient data without explicit authorization

4. How We Share Information

We share information only as necessary to deliver our services:

Service Providers: We use third-party services to deliver our core functionality, including telephony providers, voice AI platforms, scheduling platforms, email delivery services, and workflow automation platforms. Each third-party provider that handles PHI is bound by a Business Associate Agreement (BAA) and is required to maintain appropriate security safeguards.

Our Clients: We share caller data with the business client whose phone number was called. This includes appointment details, caller information, and call summaries. This sharing is necessary to deliver the service and is covered under the client's relationship with their patients/customers.

Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

5. HIPAA Compliance

5.1 Our Role

When BooQik provides services to HIPAA-covered entities (such as dental practices, medical offices, and other healthcare providers), we act as a Business Associate under HIPAA. We execute a Business Associate Agreement (BAA) with each healthcare client before handling any PHI.

5.2 Safeguards

We implement the following safeguards to protect PHI:

Technical Safeguards: Encryption of PHI in transit (TLS 1.2 or higher) and at rest (AES-256), access controls with role-based permissions, audit logging of all PHI access, secure API connections between all service components, and automatic session timeouts.

Administrative Safeguards: Written privacy and security policies, workforce training on HIPAA requirements, incident response procedures, regular risk assessments, and vendor management (BAAs with all sub-processors).

Physical Safeguards: Secure hosting infrastructure, access-controlled facilities for any physical equipment, and device and media controls.

5.3 Minimum Necessary Standard

We collect and process only the minimum amount of PHI necessary to perform our services. Our AI assistants are designed to collect only information relevant to scheduling and basic patient communication.

5.4 Breach Notification

In the event of a breach of unsecured PHI, BooQik will notify affected clients within 48 hours of discovering the breach, cooperate with client's breach notification obligations, document the breach and remediation steps, and report to the Secretary of HHS as required.

6. Data Retention

6.1 Call Data

Call transcripts and metadata are retained by BooQik for ninety (90) days from the date of the call. Call recordings, if enabled, are retained for ninety (90) days from the date of the call. Aggregated, de-identified analytics derived from call data may be retained longer for service-quality improvement, in accordance with the de-identification standards set forth in 45 CFR § 164.514(b). Clients receive contemporaneous copies of all appointment data through their integrated calendar, sheet, or practice management system; BooQik's short retention window does not affect the client's own records.

6.2 Client Data

Business client account information (contracts, signed BAAs, billing records, and security documentation) is retained for six (6) years from the termination date of the client relationship. This retention period is required by 45 CFR § 164.316(b)(2)(i), which obligates Business Associates to maintain written documentation of policies, procedures, actions, activities, and assessments for six (6) years from the date of creation or the date when last in effect, whichever is later. This retention applies to documentation only; it does not extend the retention of call data or PHI, which are governed by Section 6.1.

6.3 Deletion

Upon termination of services, client data will be returned upon request within 30 days and deleted from our systems within 60 days, unless legally required to retain it. PHI will be destroyed or returned in accordance with the BAA.

7. AI Disclosure

BooQik's services are powered by artificial intelligence. All callers are informed at the beginning of each call that they are speaking with an AI assistant. This disclosure is mandatory and cannot be disabled. Callers who do not wish to interact with the AI assistant may request to leave a message or be transferred to the office directly.

8. Call Recording

Calls handled by BooQik may be recorded for quality assurance and service improvement. A clear recording disclosure is delivered at the very beginning of every call, before any substantive conversation, as part of the AI assistant's opening greeting. In jurisdictions requiring all-party consent for recording (including Washington State under RCW 9.73.030), the disclosure and the caller's continued participation in the call after the disclosure constitute consent to recording. Callers may end the call at any time.

9. SMS/Mobile Messaging

BooQik may send SMS text messages to individuals who provide their phone number during a call handled by our service. These messages include appointment confirmations, reminders, and related updates.

9.1 Consent

By providing a phone number and verbally agreeing during a call to receive text messages, individuals opt in to receive SMS communications. Consent is not a condition of purchase. Standard message and data rates may apply. Message frequency may vary.

9.2 Opt-In Data Protection

We will not share or sell your mobile/SMS opt-in data or consent status with any third parties for marketing or promotional purposes. We may share your information with third parties that help us provide our messaging services, including but not limited to platform providers, but only as necessary to deliver the service you consented to.

9.3 Opt-Out

You may opt out of SMS messages at any time by replying STOP to any message. You may also text HELP for assistance. Upon opting out, you will receive no further messages unless you re-subscribe.

10. Your Rights

10.1 Business Clients

You have the right to access your account data, request correction of inaccurate data, request deletion of your data (subject to legal retention requirements), receive a copy of your data in a standard format, and terminate services at any time per our Terms of Service.

10.2 Callers

If you are a patient or customer who has interacted with BooQik's AI assistant, you may contact the business you called to exercise your privacy rights. For healthcare practices, this includes your rights under HIPAA to access your records.

10.3 California Resident Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. BooQik does not sell or share personal information for cross-context behavioral advertising. Health information that constitutes PHI under HIPAA is governed by HIPAA and is exempt from CCPA/CPRA. To exercise your California rights, contact us at contact@booqik.com with the subject line "California Privacy Request" and we will respond within forty-five (45) days as required by law.

11. Children's Privacy

BooQik's services are not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will delete it promptly.

12. Security

We take the security of your information seriously and implement industry-standard measures to protect it. However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to clients via email at least 30 days before taking effect. The updated policy will be posted on booqik.com with a revised effective date.

14. Contact

For questions or concerns about this Privacy Policy, contact us at: