Privacy Policy

Last updated: June 2025

CallRope (“we,” “us,” or “our”) operates callrope.com and provides AI voice agent services to healthcare practices. This Privacy Policy explains how we collect, use, and protect information when you use our website and services.

Information We Collect

From website visitors: We collect basic analytics data including pages visited, time on site, and general location (country/region). We do not sell this data or use it for advertising.

From customers (practices): When you sign up or book a demo, we collect your name, email address, practice name, and phone number. This information is used to set up your account and communicate with you about your service.

From call interactions: Our AI voice agent handles inbound calls on behalf of your practice. Call audio, transcripts, and booking data generated through these calls may constitute Protected Health Information (PHI) under HIPAA. We handle this data as described in our Business Associate Agreement (BAA), which governs all healthcare data processing.

How We Use Your Information

We use the information we collect to:

  • Provide and operate the CallRope service
  • Set up and configure your AI voice agent
  • Send you call logs, booking confirmations, and service updates
  • Respond to support requests
  • Improve the quality and accuracy of our voice agents

We do not sell your information. We do not use patient call data for any purpose other than delivering the service to your practice.

Protected Health Information (PHI)

CallRope is designed for use by HIPAA-covered entities. We operate as a Business Associate under HIPAA when processing call data on behalf of healthcare practices. Our data handling practices include:

  • End-to-end encryption for all call audio and transcripts, in transit and at rest
  • Role-based access controls limiting who can access call data
  • Audit logging of all data access events
  • Data retention controls (raw call audio purged after 30 days by default)
  • SOC 2 Type II certified infrastructure via our voice AI provider (Retell AI)

A signed Business Associate Agreement is required before using CallRope for any application involving patient data. You can request and sign our BAA at callrope.com/baa.

Third-Party Service Providers

We use the following sub-processors to deliver our service:

  • Retell AI — voice infrastructure, speech recognition, and text-to-speech (SOC 2 certified, HIPAA BAA signed)
  • Clerk — user authentication and account management
  • Twilio / Telynx (via Retell AI) — telephony and call routing

Each sub-processor handles data only as necessary to deliver their component of the service. We require all sub-processors handling PHI to maintain HIPAA-compliant controls.

Data Retention

  • Call audio: deleted 30 days after the call date (configurable upon request)
  • Call transcripts and booking records: retained for the duration of your active subscription plus 90 days after cancellation
  • Account data: deleted within 30 days of account closure upon written request

Your Rights

You may request access to, correction of, or deletion of your account data at any time by emailing usman@callrope.com. Requests related to patient PHI should be directed to the covered entity (your practice), which remains the data controller for patient information.

Security

We implement administrative, technical, and physical safeguards to protect your data. In the event of a data breach involving PHI, we will notify affected covered entities within the timeframes required by HIPAA and applicable state law.

Changes to This Policy

We may update this policy from time to time. We will notify active customers of material changes by email at least 14 days before they take effect.

Contact

For privacy-related questions, contact us at: usman@callrope.com