Effective Date: November 21, 2025
Last Updated: November 21, 2025
Sparkora AI is committed to protecting your privacy and safeguarding the Personal Information and Protected Health Information (“PHI”) entrusted to us. This Privacy Policy explains how Sparkora AI collects, stores, uses, discloses, and protects Personal Information in connection with your interactions with us, the Service, the Website, and the Mobile App.
This Privacy Policy contains sections for Clients (including authorized users), Users (patients of Clients), and Visitors. Section 1 applies to everyone.
This Policy incorporates and aligns with HIPAA, applicable state privacy laws, our Business Associate Agreements, and all applicable Agreements.
1. General Information (Applies to Clients, Users, and Visitors)
a. Who We Are:
- Sparkora AI Communications, Inc., including its subsidiaries and affiliates (“Sparkora AI,” “we,” “our,” or “us”), provides AI-driven practice-management and communication services including an AI interactive receptionist and chatbot used by dental and orthodontic practices. Our platform supports scheduling, messaging, automation, and operational functions for our clients. More information is available at orthia.io.
b. Definitions
- i. The following terms have the meaning given in this Policy or under applicable law:
ii. Client: A person or entity that enters into an Order or Agreement with Sparkora AI to use the Service, including its authorized users.
iii. User: A Client’s patient, customer, or other individual with whom the Client communicates through the Service. For example, if you operate a dental practice, your patients are Users.
iv. Visitor: Any person who visits our Website or interacts with us outside the Service.
v. Service: The Sparkora AI platform and all tools, features, integrations, and software referenced in our Terms of Service.
vi. Mobile App: Any Sparkora AI mobile application.
vii. Personal Information: Any information that identifies or could identify an individual. This does not include de-identified or aggregated information.
viii. Protected Health Information (PHI): Individually identifiable health information covered under HIPAA when handled on behalf of a Covered Entity.
ix. Agreements: Collectively, the Terms of Service, Business Associate Addendum (BAA), this Privacy Policy, and any Order or other contract with Sparkora AI.
x. Order: Any service agreement or quotation issued by Sparkora AI for purchase of the Service.
xi. By accessing or using the Website, Service, or Mobile App, or by interacting with Sparkora AI, you acknowledge and consent to the practices described in this Privacy Policy.
2. Privacy for Clients (This section applies to Clients; not Users or Visitors.)
- We collect and process Client information for the purpose of providing, maintaining, and improving the Service in accordance with HIPAA, our BAA, and applicable law.
Information We Collect:
a. Information You Provide to Us
- i. We may collect, receive, and store information you provide directly, including:
ii. Personal and business information
iii. Payment information
iv. Authorized user information (including but not limited to name, email, phone, address, credentials)
v. User and patient information entered into the Service (e.g., name, contact details, scheduling information, treatment-related data, payment and insurance details)
vi. Content transmitted through the Service (SMS, email, chat, calls, voicemails)
vii. Payment transactions initiated through the Service
viii. Customer support interactions and technical troubleshooting data
b. Information Collected Automatically
- i. We collect usage and system data including:
ii. Dates/times of access
iii. Features used, interactions, activity logs
iv. Device information (hardware, OS, browser, language, identifiers)
v. IP-based and GPS-based location (where permission is granted)
vi. Mobile device network and system data
c. Information from Users
- i. We may receive information from Users when they interact with a Client through the Service.
d. Information from Third Parties
- i. We may receive information from third-party platforms integrated into the Service (Google, Facebook, PMS systems, etc.) or from public databases and marketing partners.
How We Use Client Information
a. We use Personal Information only as described in this Policy, our BAA, and applicable law. Uses include:
- i. Operating, providing, maintaining, and improving the Service
ii. Providing Client-requested integrations
iii. Sending service communications, support messages, and account notices
iv. Performing analytics and trend monitoring
v. Enhancing security and fraud prevention
vi. Enforcing Agreements
vii. Complying with HIPAA and other legal obligations
viii. Billing and fee collection
ix. We do not use PHI for Sparkora AI’s own marketing and do not sell PHI or Personal Information.
How We Share Client Information
a. We share Personal Information only as necessary to provide the Service or as required by law. Sharing may occur with:
- i. Subcontractors and service providers bound by BAAs
ii. Third-party integrations selected by the Client
iii. Client-authorized partners
iv. Legal and regulatory authorities when required
v. We do not share information with third parties for marketing.
vi. Text messaging opt-in data is never shared with third parties.
3. Privacy for Users (Patients)
(We act as a HIPAA Business Associate and data processor for this section.) Sparkora AI processes User data solely on behalf of Clients and in accordance with HIPAA, our BAA, and Client instructions.
Information You Provide
a. Users may provide information such as:
- i. Appointment details
ii. Health screening information
iii. Contact information
iv. Payment information (processed via PCI-compliant third-party payment processors)
v. SMS, email, chat, call, and voicemail content Information We Collect Automatically
b. When Users interact with the Service, we collect:
- i. Interaction timestamps
ii. Device and browser information
iii. Contact channel identifiers (phone, email, IP)
iv. Email engagement metrics
v. Payment card information is handled through a fully PCI-DSS-compliant third-party processor and encrypted using industry standard protocols.
How We Use User Information
c. We process User information only:
- i. To provide the Service to the Client
ii. As authorized by the Client
iii. As permitted by HIPAA and our BAA
iv. We do not use PHI for Sparkora AI’s own purposes.
How We Share User Information
d. We share PHI only with:
- i. The Client
ii. Client-authorized recipients
iii. HIPAA-compliant service providers
iv. As legally required
v. We do not share User information for marketing and do not sell PHI.
4. HIPAA Compliance
As a Business Associate under HIPAA, Sparkora AI complies with:
- a. HIPAA Privacy Rule
b. HIPAA Security Rule
c. HIPAA Breach Notification Rule
d. HITECH Act requirements
e. Safeguards include:
i. Encryption of PHI at rest and in transit
ii. Access controls, audit logging, role-based permissions
iii. Secure AWS infrastructure with KMS and hardened environments
iv. Workforce HIPAA training
v. Incident response procedures
vi. Subcontractor BAAs
vii. Minimum Necessary access principles
5. Breach Notification
- a. If a breach of unsecured PHI occurs, Sparkora AI will:
i. Investigate promptly
ii. Mitigate harm
iii. Notify the Client without unreasonable delay
iv. Provide all information required for the Client’s HIPAA-compliant notifications
v. Document the breach and corrective actions
6. Data Retention & Destruction
Sparkora AI retains PHI only for as long as necessary to provide the Service or as required by law. Upon termination or Client request, Sparkora AI will:
- a. Return PHI to the Client
b. Or, securely destroy it
c. Or, de-identify it in accordance with HIPAA standards
7. Visitor Privacy
a. Visitors may provide contact information or browsing data through the Website. We may use this information for:
- i. Analytics
ii. Website improvement
iii. Responding to inquiries
iv. Providing marketing communications (unless opted out)
v. This data is handled separately from PHI.
8. Children’s Privacy
- Sparkora AI does not knowingly collect Personal Information from minors except as provided by a Client for legitimate healthcare operations.
9. Changes to the Policy
- We may update this Privacy Policy periodically. Significant changes will be communicated through the Website or directly to Clients.
10. Contact Information
For privacy questions, access requests, or HIPAA-related inquiries, contact:
123 Medical Drive, Boerne, TX, 78006
team@getsparkora.com
(956)-777-8678
