Privacy Policy

1. Who We Are

Answerly ("we," "us," "our") is an AI voice agent that answers 100% of calls for medical clinics, books appointments, and supports routine patient requests. Answerly is owned and operated by Varyon Global. This Policy explains how we collect, use, disclose, and protect personal information when you use answerlyvoice.com, our voice/telephony services, web app, APIs, and integrations (the "Service").

Depending on the engagement, Varyon Global may act as a data controller (e.g., for our website analytics, billing) and/or a data processor for clinic customers (e.g., call handling, transcripts, booking).

2. Scope & Audience

This Policy applies to:

• Clinic customers & staff (e.g., admins, schedulers, owners),
• Patients/callers who interact with Answerly by phone or other channels, and
• Website visitors and prospective clients.

If your clinic uses Answerly in a healthcare context, some information handled by the Service may be health data/PHI and subject to HIPAA or other medical-privacy laws. Our site explicitly positions the product for clinics and highlights HIPAA compliance.

3. Data We Collect

A) Data you or your clinic provide

• Identity & contact: name, email, phone, role, clinic details, office hours.
• Account/auth: login credentials, role-based permissions.
• Scheduling data: calendars, appointment slots, visit types, provider rosters.
• Support/sales: demo requests, messages, contracts, feedback.

B) Data captured during calls

• Audio & transcripts: recordings of inbound/outbound calls handled by the AI agent; speech-to-text transcripts to complete tasks (e.g., booking, FAQs).
• Call metadata: caller ID (where available), timestamps, duration, outcomes (answered, missed, voicemail), routing results.

C) Patient/health information (clinic use)

Information callers disclose, such as name, reason for visit, symptoms as stated by the caller, appointment details, and instructions from the clinic. When used clinically, this may constitute PHI under HIPAA or "special category" data under GDPR equivalents (handled per Section 6).

D) Automatically collected site/app data

• Technical/usage: IP address, device/browser type, pages viewed, interaction logs, performance and crash data.
• Cookies & similar tech: essential (site operation) and optional (analytics/measurement).

E) From third parties/integrations

• Telephony & hosting (routing, storage/processing).
• Scheduling/EHR/CRM/payment systems you choose to connect.
• Lead/marketing sources (if you opt into marketing or request demos).

4. Why We Process Data (Purposes)

• Provide the Service: answer calls, determine caller intent, check schedules, book/reschedule, send confirmations/reminders, and log outcomes.
• Operate & secure: authentication, fraud/abuse prevention, troubleshooting, QA, audits, incident response.
• Improve quality: measure accuracy, reduce errors, and improve models. We prefer de-identified/aggregated data for quality improvement; any use of identifiable data for model training beyond what's necessary to provide the Service will follow Section 8 (consent/opt-out where required).
• Communications: support tickets, service updates, billing/admin messages; optional marketing with opt-out.
• Legal/compliance: fulfill contractual and regulatory obligations (e.g., HIPAA where applicable), handle disputes, enforce terms.

5. Legal Bases (where applicable)

• Contractual necessity (to deliver the Service to you/your clinic),
• Legitimate interests (security, service improvement, analytics—balanced against your rights),
• Consent (e.g., marketing emails, certain cookies),
• Legal obligation (tax, accounting, regulatory requests).

6. Health Data / HIPAA (U.S. Clinics)

If your clinic is a HIPAA Covered Entity/Business Associate and uses Answerly to handle PHI, we will sign a Business Associate Agreement (BAA) on request and apply appropriate administrative, physical, and technical safeguards.

We limit PHI access to authorized personnel and subprocessors under equivalent obligations; we follow breach-notification rules when applicable.

Our site positions Answerly as HIPAA-Compliant for healthcare, and our security program is aligned with Varyon Global's published privacy/security posture.

7. Cookies & Analytics

We use essential cookies to operate the site and optional analytics to understand usage (e.g., pages, load times). You can control non-essential cookies via browser settings or any on-site controls we provide. Blocking some cookies may affect features.

8. AI/Model Training Transparency

• Primary use: models process audio/transcripts to fulfill caller requests (e.g., booking).
• Quality improvement: we may use aggregated or de-identified interaction data to enhance accuracy/safety.
• Identifiable data for training: not used unless allowed by law and permitted by the clinic (e.g., via DPA/BAA) or explicit consent/opt-in. Clinics may opt-out of this training without affecting core functionality.

9. Sharing & Disclosure

We do not sell personal data. We share only as needed:

• Clinic customer (controller): when we act as processor, call logs/transcripts/booking data are provided to the clinic per its settings/integrations.
• Service providers (subprocessors): cloud hosting, storage/backup, telephony, analytics, error monitoring, email/SMS, support tooling—under confidentiality, data-protection terms, and least-privilege access.
• Corporate affiliates of Varyon Global for support/operations under equivalent safeguards.
• Legal/regulatory: to comply with law, enforce terms, or protect rights/safety.
• Business transfers: in a merger, acquisition, or reorganization, with notice and protections.
• Aggregated/de-identified information for statistics/benchmarks/product insights.

(Clinic customers can request our current subprocessor list.)

10. International Transfers

Varyon Global is a globally distributed company. Where data moves outside your country (e.g., to secure cloud regions), we use appropriate safeguards (e.g., Standard Contractual Clauses under GDPR) and apply contractual/security protections consistent with Varyon's published approach to international transfers.

11. Security

We employ defense-in-depth measures aligned with Varyon Global's ISO-style controls: encryption in transit/at rest, role-based access, endpoint hardening, logging/monitoring, regular testing, and least-privilege. Clinics may request due-diligence summaries.

12. Data Retention & Deletion

• Calls, transcripts, and logs are retained only as long as needed to deliver the Service, follow clinic-configured retention, or satisfy legal requirements; then deleted or anonymized.
• Account, billing, and transactional records are retained per legal and financial rules.
• Clinic customers can request tailored retention schedules in their order form/DPA.

13. Your Rights

Subject to applicable law (e.g., Egypt PDPL and EU/UK GDPR), you may have rights to access, rectify, erase, restrict, object, port your data, and withdraw consent (for consent-based processing).

Marketing opt-out: use the unsubscribe mechanism in messages or email info@varyonglobal.com.

We verify identity before acting and may deny requests where legal exceptions apply.

14. Children

The Service is not intended for children below the age required by local law (typically under 18 for medical booking lines). We do not knowingly collect children's data without proper authorization; if you believe a child provided data improperly, contact us for removal.

15. Third-Party Links & Integrations

If you connect third-party services (e.g., calendars, EHRs, messaging), their use of data is governed by their policies. Our website may link to external sites; we are not responsible for their content or practices.

16. Changes to this Policy

We may update this Policy periodically. Material changes will be posted here and, where appropriate, notified in-product or by email. Continued use after an update signifies acceptance of the revised Policy.

17. How to Contact Us