Privacy Policy — DeskPilot

DeskPilotOS ("we," "us," or "our") operates the DeskPilot service at deskspilot.net. This Privacy Policy explains what data we collect, how we use it, and your rights with respect to that data. By using our service you agree to the practices described here.

1. Data We Collect

We collect data you provide directly and data generated as you use the service:

Account information — your name, business name, email address, and phone number when you sign up.
Booking data — appointment details, customer contact information, and scheduling preferences entered into or generated by DeskPilot on your behalf.
Call recordings — audio recordings of calls handled by your AI front desk agent. These are used to improve accuracy, resolve disputes, and provide service history.
Usage data — pages visited, features used, session timestamps, and interaction logs with the DeskPilot dashboard.
Technical data — IP address, browser type, device type, and referral source, collected automatically when you visit our site.
Cookies — small files stored on your browser to maintain session state and remember preferences (see Section 7).

2. How We Use Your Data

We use your data exclusively to operate and improve the DeskPilot service:

Providing, maintaining, and personalizing the AI front desk service
Sending appointment reminders and follow-up messages to your customers on your behalf
Processing subscription payments via Stripe
Diagnosing issues and improving service performance
Sending service-related communications (billing notices, product updates, security alerts)
Aggregated, anonymized analytics to understand how the service is used

We do not use your data for advertising. We do not sell or share your data with third parties for their own marketing purposes.

3. Data Security

We implement industry-standard safeguards to protect your data:

In transit: All data transmitted between your browser, our servers, and third-party integrations is encrypted using TLS/SSL (HTTPS).
At rest: Data stored in our databases is encrypted using AES-256 encryption.
Access controls: Access to production systems is restricted to authorized personnel only.

No system is completely immune to breaches. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

4. Call Recording Retention

90-day auto-delete. Call recordings are automatically and permanently deleted 90 days after the call date. We do not retain recordings beyond this period unless required by law or requested by you for a specific dispute resolution.

You may request early deletion of specific recordings by contacting us (see Section 9). Note that early deletion may affect your ability to dispute a call's outcome.

5. Third-Party Services

DeskPilot integrates with a limited set of third-party providers to deliver the service. These providers process data strictly on our behalf under binding data processing agreements:

Stripe — payment processing. Stripe stores payment card data; we do not.
Vapi — voice AI infrastructure for call handling.
Neon / PostgreSQL — database hosting for your account and booking data.
Render — cloud hosting platform where our servers run.

We do not sell, rent, or share your personal data with any other third parties. We do not share data with advertising networks, data brokers, or analytics resellers.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription:

Account data is retained for 30 days to allow reactivation.
After 30 days, account data is permanently deleted.
Call recordings are deleted on their standard 90-day schedule regardless of cancellation.
Billing records may be retained for up to 7 years as required by financial regulations.

7. Cookies and Analytics

We use cookies and similar technologies for the following purposes:

Session cookies — keep you logged in during your session. Required for the service to function.
Preference cookies — remember your settings and customizations.
Analytics — we use a privacy-first analytics beacon to count page visits and understand feature usage. This data is aggregated and does not identify individual visitors.

We do not use third-party advertising cookies. You can disable cookies in your browser settings, though this may impair service functionality.

8. Your Rights

You have the following rights with respect to your personal data:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate or incomplete data.
Deletion — request that we delete your personal data. We will process deletion requests within 30 days, subject to any retention obligations.
Portability — request your data in a machine-readable format.
Objection — object to specific uses of your data.

To exercise any of these rights, contact us using the information in Section 9. We will respond within 30 days.

9. Contact

For privacy questions, data deletion requests, or to exercise your rights, contact us at:

DeskPilotOS
Email: privacy@deskspilot.net

9a. Protected Health Information (PHI) — Healthcare Users

HIPAA-compliant handling for healthcare practices. If you use DeskPilot as a healthcare provider (dental office, medical practice, or VA facility) under an executed Business Associate Agreement, this section governs our handling of any Protected Health Information processed through the service.

For healthcare customers who have signed the DeskPilot Business Associate Agreement:

Minimum necessary standard — DeskPilot's AI scripts are configured to collect only the minimum information necessary to schedule appointments. The system does not request detailed diagnoses, treatment histories, or clinical information.
PHI in call logs — Call transcripts may contain PHI (patient names, appointment reasons, brief health context). These records are protected under the same audit logging and access control framework as all DeskPilot data.
Audit logging — All access to call records and transcripts by authenticated users is logged in an append-only audit log with 6-year retention, per 45 CFR §164.312(b).
Breach notification — In the event of a security incident that constitutes a breach of PHI, DeskPilot will notify affected customers within 60 days as required by 45 CFR §164.404. For breaches affecting 500 or more individuals, DeskPilot will also notify HHS and, where required, provide media notice.
Subcontractor agreements — DeskPilot's infrastructure providers (Render for hosting, Neon for database, Vapi for voice AI) have been evaluated for HIPAA suitability. Data processing is conducted under binding service agreements. Vapi processes call audio and transcripts — their BAA status should be confirmed for your specific compliance requirements.
Individual rights — Patients whose information has been processed by DeskPilot may exercise rights under HIPAA (access, amendment, accounting of disclosures) by contacting us at privacy@deskspilot.net. We will coordinate with your practice to fulfill these requests.

Non-healthcare use of DeskPilot does not involve PHI handling. This section applies only to customers with an executed BAA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or via an in-app notice. Continued use of the service after changes take effect constitutes acceptance of the updated policy.