1. Information We Collect
We collect information you provide directly when creating an account or configuring your clinic, including:
- Account data: name, email address, and password.
- Business data: clinic name, services, operating hours, and promotional content you enter into the platform.
- Patient conversation data: messages sent to your AI receptionist bot via Telegram, WhatsApp, Instagram, or Facebook Messenger. This data belongs to your clinic and is processed solely to operate the service.
- Booking data: appointment records created through the platform.
- Payment data: billing information processed by Stripe. We do not store card numbers on our servers.
- Usage data: log files, IP addresses, browser type, and interactions with the dashboard (for analytics and debugging).
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Receptys.ai platform.
- Power the AI receptionist, including understanding patient queries and booking appointments.
- Send appointment reminders and notifications on your behalf.
- Process payments and manage your subscription.
- Respond to support requests and troubleshoot issues.
- Comply with legal obligations.
We do not sell your data or your patients' data to third parties. We do not use conversation data to train AI models beyond your specific clinic context.
3. Data Storage and Security
All data is stored on Supabase infrastructure, hosted on AWS in the Singapore region. We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Row-level security policies restricting data access to authenticated users.
- Service role keys stored as environment variables, never exposed to clients.
- Regular security reviews and dependency updates.
No security system is infallible. In the event of a data breach we will notify affected users within 72 hours as required by applicable law.
4. Third-Party Services
Receptys.ai integrates with the following third-party services. Each operates under its own privacy policy:
- Meta (Facebook & Instagram): When you connect your Facebook Page or Instagram Business account, we receive and store a page access token and may process messages sent to those accounts. Data is subject to Meta's Data Policy.
- Google Calendar: With your explicit authorisation, we read and write to your Google Calendar to check availability and create bookings. We request only the minimum required scopes.
- Stripe: Payment processing is handled entirely by Stripe. We receive subscription status and billing metadata but never store payment card details.
- Supabase: Our primary database and authentication provider. Data is stored in their managed Postgres infrastructure.
- OpenAI: Patient messages may be sent to OpenAI's API to generate AI responses. OpenAI does not use API data to train its models by default. We recommend reviewing OpenAI's enterprise privacy commitments.
- WATI (WhatsApp): WhatsApp messaging on the Pro plan is routed through WATI, an official Meta Business Solution Provider. WATI maintains its own data processing agreements.
5. Data Retention
We retain your data for as long as your account is active. If you cancel your subscription:
- Your account and associated data are retained for 30 days to allow reactivation.
- After 30 days, business configuration data, conversation logs, and booking records are deleted.
- Billing records may be retained for up to 7 years to comply with financial regulations.
You may request immediate deletion of your data at any time by contacting us at the address below.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your personal data (right to be forgotten).
- Restrict or object to certain processing activities.
- Data portability — receive your data in a machine-readable format.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at support@cvidsproductions.net. We will respond within 30 days.
7. Cookies
We use session cookies required for authentication. We do not use tracking or advertising cookies. Analytics, if any, are privacy-preserving and do not fingerprint individual users.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-dashboard notice at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.