Sparkora AI is committed to protecting your privacy and safeguarding the Personal Information and Protected Health Information ("PHI") entrusted to us. This Privacy Policy explains how Sparkora AI collects, stores, uses, discloses, and protects Personal Information in connection with your interactions with us, the Service, the Website, and the Mobile App.
This Privacy Policy contains sections for Clients (including authorized users), Users (patients of Clients), and Visitors. Section 1 applies to everyone.
This Policy incorporates and aligns with HIPAA, applicable state privacy laws, our Business Associate Agreements, and all applicable Agreements.
1. General Information (Applies to Clients, Users, and Visitors)
a. Who We Are
Sparkora AI Communications, Inc., including its subsidiaries and affiliates ("Sparkora AI," "we," "our," or "us"), provides AI-driven practice-management and communication services including an AI interactive receptionist and chatbot used by dental and orthodontic practices. Our platform supports scheduling, messaging, automation, and operational functions for our clients. More information is available at orthia.io.
b. Definitions
- Client: A person or entity that enters into an Order or Agreement with Sparkora AI to use the Service, including its authorized users.
- User: A Client's patient, customer, or other individual with whom the Client communicates through the Service.
- Visitor: Any person who visits our Website or interacts with us outside the Service.
- Service: The Sparkora AI platform and all tools, features, integrations, and software referenced in our Terms of Service.
- Mobile App: Any Sparkora AI mobile application.
- Personal Information: Any information that identifies or could identify an individual. This does not include de-identified or aggregated information.
- Protected Health Information (PHI): Individually identifiable health information covered under HIPAA when handled on behalf of a Covered Entity.
- Agreements: Collectively, the Terms of Service, Business Associate Addendum (BAA), this Privacy Policy, and any Order or other contract with Sparkora AI.
- Order: Any service agreement or quotation issued by Sparkora AI for purchase of the Service.
By accessing or using the Website, Service, or Mobile App, or by interacting with Sparkora AI, you acknowledge and consent to the practices described in this Privacy Policy.
2. Privacy for Clients
(This section applies to Clients; not Users or Visitors.)
We collect and process Client information for the purpose of providing, maintaining, and improving the Service in accordance with HIPAA, our BAA, and applicable law.
Information We Collect
a. Information You Provide to Us
- Personal and business information
- Payment information
- Authorized user information (including but not limited to name, email, phone, address, credentials)
- User and patient information entered into the Service (e.g., name, contact details, scheduling information, treatment-related data, payment and insurance details)
- Content transmitted through the Service (SMS, email, chat, calls, voicemails)
- Payment transactions initiated through the Service
- Customer support interactions and technical troubleshooting data
b. Information Collected Automatically
- Dates/times of access
- Features used, interactions, activity logs
- Device information (hardware, OS, browser, language, identifiers)
- IP-based and GPS-based location (where permission is granted)
- Mobile device network and system data
c. Information from Users
We may receive information from Users when they interact with a Client through the Service.
d. Information from Third Parties
We may receive information from third-party platforms integrated into the Service (Google, Facebook, PMS systems, etc.) or from public databases and marketing partners.
How We Use Client Information
- Operating, providing, maintaining, and improving the Service
- Providing Client-requested integrations
- Sending service communications, support messages, and account notices
- Performing analytics and trend monitoring
- Enhancing security and fraud prevention
- Enforcing Agreements
- Complying with HIPAA and other legal obligations
- Billing and fee collection
We do not use PHI for Sparkora AI's own marketing and do not sell PHI or Personal Information.
How We Share Client Information
We share Personal Information only as necessary to provide the Service or as required by law. Sharing may occur with:
- Subcontractors and service providers bound by BAAs
- Third-party integrations selected by the Client
- Client-authorized partners
- Legal and regulatory authorities when required
We do not share information with third parties for marketing. Text messaging opt-in data is never shared with third parties.
3. Privacy for Users (Patients)
(We act as a HIPAA Business Associate and data processor for this section.)
Sparkora AI processes User data solely on behalf of Clients and in accordance with HIPAA, our BAA, and Client instructions.
Information You Provide
- Appointment details
- Health screening information
- Contact information
- Payment information (processed via PCI-compliant third-party payment processors)
- SMS, email, chat, call, and voicemail content
Information We Collect Automatically
- Interaction timestamps
- Device and browser information
- Contact channel identifiers (phone, email, IP)
- Email engagement metrics
Payment card information is handled through a fully PCI-DSS-compliant third-party processor and encrypted using industry-standard protocols.
How We Use User Information
- To provide the Service to the Client
- As authorized by the Client
- As permitted by HIPAA and our BAA
We do not use PHI for Sparkora AI's own purposes.
How We Share User Information
- The Client
- Client-authorized recipients
- HIPAA-compliant service providers
- As legally required
We do not share User information for marketing and do not sell PHI.
4. HIPAA Compliance
As a Business Associate under HIPAA, Sparkora AI complies with:
- HIPAA Privacy Rule
- HIPAA Security Rule
- HIPAA Breach Notification Rule
- HITECH Act requirements
Safeguards include:
- Encryption of PHI at rest and in transit
- Access controls, audit logging, role-based permissions
- Secure AWS infrastructure with KMS and hardened environments
- Workforce HIPAA training
- Incident response procedures
- Subcontractor BAAs
- Minimum Necessary access principles
5. Breach Notification
If a breach of unsecured PHI occurs, Sparkora AI will:
- Investigate promptly
- Mitigate harm
- Notify the Client without unreasonable delay
- Provide all information required for the Client's HIPAA-compliant notifications
- Document the breach and corrective actions
6. Data Retention & Destruction
Sparkora AI retains PHI only for as long as necessary to provide the Service or as required by law. Upon termination or Client request, Sparkora AI will:
- Return PHI to the Client
- Or securely destroy it
- Or de-identify it in accordance with HIPAA standards
7. Visitor Privacy
Visitors may provide contact information or browsing data through the Website. We may use this information for:
- Analytics
- Website improvement
- Responding to inquiries
- Providing marketing communications (unless opted out)
This data is handled separately from PHI.
8. Children's Privacy
Sparkora AI does not knowingly collect Personal Information from minors except as provided by a Client for legitimate healthcare operations.
9. Changes to the Policy
We may update this Privacy Policy periodically. Significant changes will be communicated through the Website or directly to Clients.
10. Contact Information
For privacy questions, access requests, or HIPAA-related inquiries, contact:
123 Medical Drive, Boerne, TX 78006
team@getsparkora.com
(956) 777-8678