Privacy Policy

1. Who we are

AnswerSpec ("we", "us", "AnswerSpec") provides an AI front-desk service for veterinary, med spa, and specialty healthcare practices.

2. What this policy covers

This Privacy Policy describes how we collect, use, and protect information from visitors to answerspec.com (the "Site") and customers who use the AnswerSpec service (the "Service"). It does not cover information we process as a Business Associate on behalf of a Covered Entity — that processing is governed by the Business Associate Agreement (BAA) between us and the Covered Entity.

3. Information we collect

From Site visitors:

• Email address you submit to the waitlist or contact form.
• Vertical (veterinary, med spa, specialty healthcare) you select.
• IP address, user agent, and timestamp of your submission.
• Standard server logs (request paths, response codes, latency).

From customers using the Service:

• Practice configuration: name, address, hours, providers, accepted insurance carriers, emergency contact line.
• Call telephony metadata: caller phone number, call duration, time, agent action taken.
• Call audio + transcripts (encrypted at rest; subject to BAA when applicable).
• Billing information processed by Stripe; we never see card numbers.

4. How we use information

• Operate the Site and the Service.
• Reply to your inquiry, schedule demos, send onboarding emails.
• Improve the Service (aggregated, de-identified analytics only — never individual call content for ML training).
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not sell personal information. We do not use call audio or transcripts to train AI models.

5. Sharing

We share information only with:

• Subprocessors we use to run the Service: voice infrastructure (Vapi/Retell), telephony (Twilio), LLM inference (Anthropic, OpenAI), hosting (Vercel, Railway), email (Resend/SendGrid), payments (Stripe). All subprocessors are bound by data protection agreements; HIPAA-grade providers cover BAA-protected workflows.
• The customer practice on whose behalf the call was answered.
• Law enforcement when legally compelled, with notice to the affected party where lawful.

A current list of subprocessors is available on request — use the contact form.

6. Retention

Waitlist email addresses: retained until you ask us to delete or for 24 months without engagement. Customer practice configuration: retained for the life of the account plus 90 days. Call audio + transcripts: 7-year retention default; configurable per practice from 30 days to 7 years.

7. Security

Encryption in transit (TLS 1.2+), encryption at rest (AES-256). Per-customer data isolation. Audit logging of all access to call records. Annual penetration test. SOC 2 Type II planned for late 2026. HIPAA compliance via BAA-bound subprocessors and tenant-isolated configuration.

8. Your rights

• Access: request a copy of personal information we hold about you.
• Correction: ask us to fix inaccurate information.
• Deletion: ask us to delete your information (subject to legal retention requirements).
• Portability: receive your information in a structured format.
• California residents (CCPA/CPRA), EU/UK residents (GDPR): additional rights as provided by your local law.

Use the contact form to exercise any of these rights. We respond within 30 days.

9. Children

The Service is not directed to children under 13. If you believe a child has provided us information, contact us via the form and we will delete it.

10. Changes

We will post material changes to this policy on this page and update the "last updated" date. Continued use of the Service after a change constitutes acceptance.

11. Contact

AnswerSpec
answerspec.com/contact