Data Protection

Privacy Policy

Learn how we collect, use, and protect your data. We are committed to transparency and HIPAA-aligned data handling for dental practices.

Effective date: April 20, 2026 · Last updated: April 20, 2026

1. Introduction

Salva AI (“Salva,” “we,” “us,” or “our”) operates the website getsalvaai.com and the Salva AI platform (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and authentication credentials when you create an account.
  • Practice information: Practice name, address, phone number, office hours, services offered, accepted insurance plans, and FAQs you provide during setup.
  • Billing information: Payment card details and billing address, processed securely through our payment processor (Stripe). We do not store full card numbers on our servers.
  • Support communications: Messages and attachments you send to our support team.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, interaction counts, and session duration.
  • Device data: Browser type, operating system, IP address, and device identifiers.
  • Conversation data: Transcripts of AI-handled chats and voice calls, including caller information voluntarily provided by patients during those conversations (e.g., name, phone number, appointment preferences).

2.3 Information We Do NOT Collect

Salva AI is designed to never collect or store Protected Health Information (PHI) as defined by HIPAA. The AI does not ask patients for, and is instructed to decline, clinical information such as diagnoses, treatment histories, medical records, or health conditions. Patients are directed to contact the practice directly for any clinical matters.

3. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To personalize your AI agent based on your practice's settings.
  • To process transactions and manage your subscription.
  • To send you service-related notifications (e.g., emergency alerts, booking requests).
  • To analyze usage patterns and improve the Service.
  • To respond to your support inquiries.
  • To comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your conversation data to train general-purpose AI models.

3A. Disclosure of Information

We may disclose your information in the following limited circumstances:

  • Service providers: To trusted third-party vendors who assist us in operating the Service (see Section 4), subject to confidentiality obligations.
  • Legal requirements: When required by law, regulation, subpoena, court order, or other governmental request.
  • Protection of rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
  • Business transfers: In connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets. In such event, you will be notified via email and/or a prominent notice on the Service.
  • With your consent: In any other case, we will disclose your information only with your explicit consent.

4. Third-Party Services

We use the following third-party services to operate the platform:

Each third-party provider maintains its own privacy policy governing their use of data. We encourage you to review them.

5. Data Storage & Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit using TLS 1.2+.
  • Data at rest is encrypted using AES-256 encryption.
  • Access to production systems is restricted and audited.
  • We conduct regular security reviews of our infrastructure.

Data is stored on servers located in the United States. By using the Service, you consent to the transfer and storage of your data in the US.

6. Data Retention

We retain your account and conversation data for as long as your account is active. Upon account deletion:

  • Practice settings and configuration data are deleted within 30 days.
  • Conversation transcripts are deleted within 30 days.
  • Billing records are retained as required by tax and financial regulations (up to 7 years).
  • Aggregated, anonymized analytics data may be retained indefinitely.

7. Cookies & Tracking Technologies

We use essential cookies to operate the Service (e.g., authentication session tokens). We do not use advertising or tracking cookies. Our third-party providers may set their own cookies — please refer to their respective privacy policies for details.

Do Not Track:Some browsers offer a “Do Not Track” (“DNT”) signal. Because there is no accepted standard for how to respond to DNT signals, we do not currently respond to them. However, since we do not use advertising or behavioral tracking cookies, your experience is not affected.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Opt out of non-essential communications.

To exercise any of these rights, contact us at support@getgetsalvaai.com.

9. HIPAA Compliance

Salva AI is designed with HIPAA compliance in mind. Our AI agents are configured to avoid soliciting, collecting, or storing Protected Health Information (PHI). Conversations are limited to general practice inquiries such as scheduling, insurance questions, and office information.

For practices on our Pro or Multi-Practice plans that require a Business Associate Agreement (BAA), we are happy to execute one. Please contact support@getgetsalvaai.com to request a BAA. See our BAA page for more details.

9B. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of personal information we hold about you, subject to certain exceptions.
  • Right to opt out of sale: We do not sell personal information as defined under the CCPA. No opt-out is necessary.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to limit use of sensitive personal information: We only use sensitive personal information for purposes permitted under the CPRA.

To exercise these rights, email support@getgetsalvaai.com with the subject line “CCPA Request.” We will verify your identity before responding and will fulfill verified requests within 45 days.

9C. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users without unreasonable delay, and in no event later than 60 days after discovering the breach, unless a shorter timeline is required by applicable law. The notification will describe the nature of the breach, the types of information affected, the steps we are taking to address the breach, and any steps you can take to protect yourself. We will also notify relevant regulatory authorities as required by law.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notification. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: