Privacy Policy

1. Who we are

Aimée ("we", "our", "us") operates an AI-powered voice assistant platform that helps medical clinics, dental practices, and beauty salons manage phone calls and appointment bookings automatically. Our platform is accessible at https://tryaimee.com.

For questions about this policy, contact us at dankorapb@gmail.com.

2. What data we collect

2.1 Clinic account data

When a clinic registers, we collect: business name, contact email address, billing address, and payment information (processed by Stripe — we never store card details directly).

2.2 Call data

Our AI agent handles inbound phone calls on behalf of clinics. During each call we process:

• Voice audio (processed in real time by speech recognition — not stored permanently)
• Call transcript (text version of the conversation)
• Caller phone number
• Appointment details (name, requested service, date and time)
• Call duration and outcome

2.3 Google Calendar data

If a clinic connects Google Calendar, we access their calendar only to check availability and create, modify, or cancel appointment events on their behalf. We request the following OAuth scopes:

• calendar.readonly — read free/busy slots
• calendar.events — create and manage appointment events
• calendar — create a dedicated Aimée calendar if needed

We do not read, store, or share the content of existing calendar events beyond free/busy status. OAuth tokens are stored encrypted in our database and used solely to perform actions explicitly requested by the clinic.

2.4 Usage data

We collect technical usage data (page views, API request counts, error logs) for service improvement. This data is not linked to individual patient identities.

3. How we use the data

• To operate the AI voice agent and book appointments on behalf of the clinic
• To display call history and analytics to authorised clinic staff
• To process subscription payments via Stripe
• To send transactional emails (invitations, password resets)
• To improve the accuracy and reliability of our AI models

We do not sell personal data to third parties. We do not use call or patient data for advertising purposes.

4. Data retention and deletion

Call transcripts and patient contact details (phone numbers, names) are automatically anonymised after the retention period set by each clinic (default: 30 days). Clinics can adjust this period in their Settings or request immediate deletion by contacting us.

When a clinic account is deleted, all associated data is permanently removed within 30 days.

5. Data sharing

We share data only with the following sub-processors, as necessary to provide the service:

6. Security

All data is transmitted over HTTPS. Sensitive credentials (OAuth tokens, API keys) are encrypted at rest. Access to production data is restricted to authorised personnel only. We perform regular security reviews of our codebase and infrastructure.

7. Your rights (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your personal data
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at dankorapb@gmail.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication and security (session tokens, CSRF protection). We do not use advertising or tracking cookies.

9. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify clinic administrators by email and update the "Last updated" date at the top of this page.

10. Contact

For any privacy-related questions or requests, please contact us at dankorapb@gmail.com.