Privacy Policy

1. Who We Are

Recallify is a Canadian automated patient communication service built for dental and medical clinics. Our registered business email is hello@getrecallify.com and our service is accessible at getrecallify.com. References to "Recallify," "we," "us," or "our" in this policy refer to the Recallify service and its operators.

2. Information We Collect

We collect the following categories of information to provide and improve our service:

• Clinic information: Clinic name, owner name, email address, phone number, and Twilio phone number used for SMS delivery.
• Patient phone numbers: Inbound calling numbers captured at the time of a missed call event. These are used solely to deliver the automated SMS response and are not retained longer than operationally necessary.
• Appointment data (Complete plan): For clinics on the Complete plan, appointment date, time, and patient name may be entered into a Google Sheets tracker by the clinic. This data remains under the clinic's Google account.
• SMS interaction logs: Records of SMS messages sent and received (content and timestamps), retained for up to 90 days for troubleshooting and quality assurance.
• Website usage data: Standard server logs, browser type, IP address, and analytics data collected via privacy-compliant analytics tools.

3. What We Do NOT Collect

Recallify is designed with a privacy-first architecture. We explicitly do not collect:

• Patient health records, diagnoses, treatment notes, or any Protected Health Information (PHI) as defined under HIPAA.
• Patient full names (unless voluntarily entered by the clinic into the appointment tracker).
• Credit card or payment information (billing is handled by a PCI-compliant third-party processor).
• Social insurance numbers, government IDs, or sensitive personal identifiers.

4. SMS Consent and Patient Communication

Recallify sends SMS messages to phone numbers that have called your clinic's registered phone number. By calling a clinic that uses Recallify, patients implicitly consent to receive a single automated response acknowledging their call.

• Every SMS includes opt-out instructions (e.g., "Reply STOP to unsubscribe").
• Opt-out requests are honored immediately and the number is added to a suppression list.
• SMS messages do not contain diagnosis information, treatment details, or any PHI.
• Clinics are responsible for ensuring their use of Recallify complies with applicable provincial and federal telecommunications laws, including CASL.

5. How We Use Your Information

We use collected information exclusively to:

• Deliver the automated SMS and email services you have subscribed to.
• Send you account-related communications (setup instructions, billing notices, service updates).
• Troubleshoot technical issues and maintain service reliability.
• Comply with legal obligations as required by Canadian law.

We do not use your information for targeted advertising, profiling, or sale to third parties.

6. Third-Party Service Providers

We use the following third-party services to operate Recallify. Each is subject to their own privacy policies:

• Twilio Inc. — SMS delivery infrastructure. Twilio processes outbound and inbound SMS message data on our behalf.
• Google Workspace — Gmail is used for daily summary emails. Google Sheets (Complete plan) for appointment tracking under the clinic's own account.
• n8n Cloud — Workflow automation platform that orchestrates SMS and email logic.
• Vercel Inc. — Website hosting provider for getrecallify.com.

7. HIPAA-Friendly Design

While Recallify is a Canadian service and is not a US-covered entity under HIPAA, we have voluntarily adopted HIPAA-aligned design principles as a best-practice standard for handling health-adjacent data:

• No PHI is transmitted in SMS messages.
• SMS content is limited to appointment logistics (date, time, confirmation).
• Access to clinic data is role-restricted and logged.
• We support Business Associate Agreements (BAAs) for Canadian clinics upon request.

8. Data Retention

• SMS logs: retained for 90 days, then permanently deleted.
• Clinic account data: retained for the duration of the active subscription plus 30 days after cancellation.
• Appointment tracker data: controlled by the clinic under their Google account.
• Contact form inquiries: retained for up to 2 years.

9. Your Rights

As a clinic owner or patient, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to legal requirements.
• Withdraw SMS consent at any time by replying STOP.
• Lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, email us at hello@getrecallify.com. We respond within 30 days.

10. Security

We implement industry-standard security measures including TLS encryption in transit, access controls, and regular security reviews. Report any suspected security incidents to hello@getrecallify.com immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clinic subscribers of material changes by email at least 14 days in advance.

12. Contact Us