Voice Breeze logo


SiriusMed AI — Privacy Policy

Effective date: Janurary 1, 2025

Who we are

VoiceBreeze LLC (“VoiceBreeze”, “we”, “our”), doing business as SiriusMed AI, provides voice‑first clinical software, patient engagement tools, and related services (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect information, including Protected Health Information (“PHI”) when applicable.

Contact

Email: info@voicebreeze.io
Address: VoiceBreeze LLC, 2121 6th Ave Seattle WA, 98121

1) Scope

This Policy applies to our websites (e.g., siriusmed.io), apps, APIs, WhatsApp/telephony agents, and any other channels that link to it. If a health‑care provider uses SiriusMed AI with a Business Associate Agreement (BAA), we act as the provider’s Business Associate for PHI and process PHI on their behalf. For direct‑to‑consumer use, we act as the data controller.

We do not knowingly collect data from children under 13, nor knowingly allow such users to register.

2) Information we collect

  • Account & contact data. Name, email, phone, organization, role, specialty.
  • Patient/clinical data (may include PHI). Demographics, clinical notes, transcripts, audio/video, images, orders, vitals, medications, adherence and engagement history, EMR identifiers.
  • Communications. Call/WhatsApp/chat content and metadata, voicemail, tickets, surveys.
  • Device & usage. IP address, identifiers, event logs, crash data, cookies or similar.
  • Payment & billing. Company name, tax ID, subscription tier, invoices (processed by PCI‑compliant providers; we do not store full card numbers).
  • Integrations. Data we ingest or exchange from EMRs, telephony, cloud storage, or analytics services based on your configuration.
  • Sensitive data. PHI is processed only as instructed by the Covered Entity under a BAA or by you if you are an individual user. We do not use PHI for advertising.

3) How we use information

  • Provide, secure, and maintain the Services (including speech recognition, LLM inference, and analytics).
  • Configure agents, execute workflows, and deliver messages (SMS/voice/WhatsApp).
  • Comply with legal/contractual obligations (HIPAA where applicable).
  • Improve models and features (using non‑PHI or de‑identified/aggregated data unless you have expressly authorized otherwise).
  • Billing, account management, and customer support.
  • Detect, prevent, and investigate abuse or security incidents.

Legal bases (GDPR). Performance of a contract; legitimate interests (product security, service improvement with minimal privacy impact); consent where required (e.g., certain messaging or marketing); compliance with legal obligations.

4) Sharing and disclosure

We share data:

  • With your organization and authorized users (role‑based access).
  • With processors/sub‑processors that host, transmit, or process data for us (e.g., cloud providers, telephony carriers, model‑serving infrastructure, WhatsApp Business Platform providers). We require security, confidentiality, and DPAs/BAAs as applicable.
  • With integrated third parties you enable (EMRs, CRMs, analytics).
  • For legal reasons (court order, to protect rights/safety, or to enforce terms).
  • In corporate transactions (merger, financing, acquisition) subject to continued protections.

We do not sell personal information, including under the CCPA definition of “sale”. We do not share PHI for cross‑context behavioral advertising.

5) Retention

We retain information for as long as necessary to provide the Services, meet legal/contractual obligations, resolve disputes, and maintain security. PHI retention follows the BAA and applicable law. You may request earlier deletion where permissible (see Data Deletion below).

6) Your rights

Depending on your location, you may request: access, correction, deletion, portability, restriction/objection to processing, and to opt‑out of non‑essential cookies or marketing.

How: email info@voicebreeze.io or use in‑product controls. Where we act as a Business Associate/processor, we will forward requests to the Covered Entity/controller and assist as required.

7) Security

We implement administrative, technical, and physical safeguards appropriate to the data sensitivity, including encryption in transit and at rest, access controls, audit logging, least‑privilege design, and vendor risk management. No method of transmission or storage is 100% secure.

8) International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., SCCs) for cross‑border transfers.

9) Cookies & similar tech

We use necessary cookies for authentication and security and, with consent where required, analytics to improve the Services. Manage preferences in the product or your browser.

10) Changes

We may update this Policy. The “Effective date” will indicate the latest version. Material changes will be communicated via product notice or email.

SiriusMed AI — Data Deletion Instructions

How users can request deletion of their data

You can request deletion of your personal data (and, where applicable, PHI) in any of the following ways:

  • In‑product request (preferred). From the Account or Organization settings, choose Privacy → Delete my data (or Close account).
  • Email. Send a request to privacy@voicebreeze.io with the subject “Data Deletion Request” from the email associated with your account.
  • WhatsApp/Voice agents. Message the phrase DELETE MY DATA to our verified WhatsApp line or state the same to our voice agent. We will reply with a confirmation link to verify your identity.
  • API (admins). Call DELETE /v1/users/{user_id} or DELETE /v1/organizations/{org_id}/records with a valid admin token.

Verification

For your protection, we verify identity and ownership (e.g., email challenge, one‑time code, or admin approval for organization‑managed accounts). For PHI under a provider’s account, we act at the direction of the provider; we will forward your request to the provider if they control the data.

What will be deleted

We will delete or irreversibly de‑identify personal data and content stored in your account, including messages, transcripts, and files, except as noted below.

What we may retain

We may retain limited records as required by law, for fraud prevention, accounting, or security logs, and backups that are automatically purged on a rolling schedule. PHI retained to comply with health‑care record requirements will be handled under the applicable BAA or law.

Timing

We aim to complete deletions within 30 days of verification (or the shorter period required by local law). Complex, large, or archived datasets may take up to 60 days due to backup cycles.

Confirmation

We will send a confirmation when deletion is complete or explain why we cannot delete specific items (e.g., legal hold).

Contact

Questions about deletion: privacy@voicebreeze.io

11) Contact

Questions or requests: privacy@voicebreeze.io
Security reports: security@voicebreeze.io