Privacy Policy
Last updated: May 6, 2026 · Effective: April 23, 2026 · Company: EletvaAi (Aria Dental)
Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights regarding your information.
1. Who We Are
EletvaAi operates Aria Dental, an AI voice receptionist platform for dental clinics. We are based in India and serve dental clinics primarily in the United States.
Privacy contact: legal@ariadental.co
2. What Data We Collect
Clinic data (you provide during onboarding):
- Clinic name, address, phone number
- Owner name and email address
- Doctor and staff names
- Business hours and services offered
- Insurance accepted
- Google Calendar credentials (OAuth — calendar access only)
- Payment information (processed securely via Razorpay/Stripe)
Patient scheduling data (collected during calls):
- Patient name and phone number
- Date of birth (for patient identification only)
- Appointment date, time, and reason for visit
- Insurance provider name
- Emergency contact name and number
Usage data (automatically collected):
- Call logs and durations
- Appointment booking history
- Dashboard usage patterns
- System performance data
What we do NOT collect: Medical records, diagnoses, treatment history, financial records, or any Protected Health Information (PHI) beyond basic scheduling data. We do not record call audio — transcripts only, used solely for call logging.
3. How We Use Your Data
- To provide the Aria Dental service
- To process appointment bookings, cancellations, and rescheduling
- To send appointment confirmations and reminders via SMS
- To send service emails (welcome, billing, updates)
- To improve our AI models and service quality
- To detect and prevent fraud or misuse
- To comply with legal obligations
We will never sell your data or use it for advertising purposes.
Google API Services User Data Policy
Aria Dental's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What Google data we access
When a dental practice connects their Google account, Aria Dental requests access to Google Calendar to manage patient appointments. Specifically, we access:
- Calendar events — to read availability, create new appointments, update existing events when patients reschedule, and cancel events when patients cancel
- Calendar metadata — to identify which calendar belongs to the clinic
How we use Google user data
We use Google Calendar data exclusively to provide the appointment management feature of Aria Dental. Specifically:
- Reading clinic calendar availability to prevent double-booking
- Creating calendar events when patients book appointments through our AI receptionist
- Updating calendar events when patients reschedule
- Removing calendar events when patients cancel
- Reading event details to provide appointment information to patients during calls
Limited Use of Google user data
Aria Dental's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We commit to the following:
- We do not use Google user data for advertising — we do not serve ads, target ads, or sell ad space using this data
- We do not transfer Google user data to third parties — except as necessary to provide or improve user-facing features that are prominent in the Aria Dental application, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user's prior consent
- We do not use Google user data for human review — except (a) to comply with applicable law, (b) for security purposes such as investigating abuse, (c) to perform aggregate and anonymized operations after the user gives explicit consent for the specific human review, or (d) for internal operations where the data has been aggregated and anonymized
- We do not sell Google user data — under any circumstances
Data retention and deletion
Google Calendar data is processed in real-time during patient phone calls and is not stored persistently on our servers beyond what is required to display appointment information in the clinic's dashboard. Calendar event details are retained only as long as the clinic maintains an active account with Aria Dental.
If a clinic deactivates their Aria Dental account, all stored Google Calendar data is deleted within thirty (30) days. Clinics can request immediate data deletion by emailing privacy@ariadental.co.
How to revoke access
Users can revoke Aria Dental's access to their Google account at any time through either of the following methods:
- Within Aria Dental: navigate to Settings, then click "Disconnect Google Calendar"
- Within Google: visit https://myaccount.google.com/permissions, locate Aria Dental in the list of connected applications, and click "Remove Access"
When access is revoked, Aria Dental immediately stops accessing the user's Google Calendar data. Existing calendar events created by Aria Dental are not removed from the calendar — only future access is revoked.
Contact for Google data concerns
If you have questions, concerns, or requests regarding our handling of Google user data, please contact our privacy team at privacy@ariadental.co. We respond to all privacy inquiries within five (5) business days.
4. HIPAA Positioning
Aria Dental processes scheduling data only. We do not store or transmit Protected Health Information (PHI) as defined by HIPAA. Our service is a scheduling tool, not a covered entity or business associate under HIPAA in most typical usage scenarios.
However, if your use of Aria Dental involves PHI, you should consult your compliance advisor. A Business Associate Agreement (BAA) is available upon request. Contact legal@ariadental.co to request a BAA.
5. Third-Party Services
We use the following trusted services to deliver Aria Dental:
- Vapi.ai — AI voice processing and call handling
- Twilio — SMS delivery and phone call routing
- Google Calendar — Appointment scheduling (OAuth, clinic's own account)
- Airtable — Secure data storage (US-based servers)
- Railway — Cloud hosting (US-based servers)
- Resend — Transactional email delivery
- Cloudflare — Security, DDoS protection, and CDN
- Razorpay / Stripe — Payment processing (card data never touches our servers)
- Anthropic Claude — AI content generation (dashboard features)
Each provider has their own privacy policy. We only share data that is necessary for service delivery.
6. Data Storage & Security
- Data stored on secure US-based servers (Railway and Airtable)
- All connections encrypted via HTTPS/TLS
- API credentials stored server-side, never exposed in client-facing code
- Access restricted to authorized personnel and authenticated clinic accounts
- Passwords hashed using industry-standard algorithms — never stored in plain text
- Each clinic's data is logically isolated — no clinic can access another clinic's records
- Regular security reviews and dependency updates
7. Data Retention
- Active accounts: Data retained while subscription is active.
- Cancelled accounts: Data retained for 90 days after cancellation, then permanently deleted.
- Call logs: Retained for 12 months for billing and audit purposes.
- Backup data: Removed within 30 days of primary deletion.
8. Your Rights
You have the right to:
- Access — Request a copy of your data at any time
- Correct — Update inaccurate or incomplete information
- Delete — Request deletion of your data
- Export — Download your data in CSV format from the dashboard
- Restrict — Limit how we process your data
- Object — Opt out of certain types of processing
To exercise these rights, contact legal@ariadental.co. We respond within 30 days.
9. Patient Rights
If you are a patient whose data was collected during a call with an Aria Dental-powered clinic:
- Your scheduling data is held by the dental clinic that serves you.
- Contact your dental clinic directly for data access or deletion requests.
- We will assist clinics in fulfilling patient data requests upon their instruction.
10. California Privacy (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt out of sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
To submit a CCPA request: legal@ariadental.co
11. Cookies
Our website uses minimal cookies:
- Session cookies: Keep you logged in to your dashboard (required for service)
- Analytics cookies: Anonymous usage statistics to improve the product
We do not use advertising cookies or track you across other websites.
12. Children's Privacy
Aria Dental is a B2B service for dental clinics. We do not knowingly collect personal data from children under 13. Patient data of minors is handled by the dental clinic in accordance with applicable laws including COPPA.
13. International Transfers
Our servers are located in the United States. EletvaAi is based in India. If you are located outside the US, your data may be transferred to and processed in the US. By using our service, you consent to this transfer. We take appropriate measures to protect your data during international transfers.
14. Changes to This Policy
We may update this policy periodically. We will notify you by email at least 14 days before material changes take effect. The latest version is always available at ariadental.co/privacy.html.
15. Contact Us
Privacy questions or requests: legal@ariadental.co
Legal matters: legal@ariadental.co
General inquiries: sales@ariadental.co
Website: ariadental.co/contact
Company: EletvaAi, India