Account and business information
- Names, email addresses, phone numbers, clinic or business name, role, billing details, communication preferences, service settings, operating hours, locations, and workflow rules.
1. Introduction
Xonark Technologies Inc. ("Xona", "we", "us", or "our") is committed to protecting privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when clinics, teams, patients, callers, or website visitors use Xona and related Xonark services. It is written for Canadian and United States customers and is designed to support privacy reviews under applicable laws such as PIPEDA and healthcare privacy requirements where they apply.
2. Information we collect
Call data and AI-generated content
- Call recordings and audio data where recording is enabled.
- Call transcripts, summaries, caller-provided names and phone numbers, call metadata, requested appointment details, call outcomes, staff handoff notes, and AI-generated conversation logs.
Technical and usage data
- IP address, browser and device data, log data, pages viewed, errors encountered, feature usage, attribution parameters, cookies, and similar technologies used for security, analytics, and service delivery.
Integration data
- When a customer connects a dental software, calendar, phone, payment, email, or other third-party integration, we process the data needed to provide the approved workflow, such as schedule context, patient or caller context, recall preview data, or configured appointment actions.
3. How we use information
- Service delivery: provide, maintain, secure, and improve Xona workflows.
- Call processing: answer calls, capture intent, schedule where approved, prepare staff handoffs, and support follow-up.
- Clinic control: apply approved rules, escalation paths, suppression lists, and review settings.
- Analytics: measure platform performance, usage, errors, and workflow outcomes.
- Communication: send service, support, billing, and operational notices.
- Billing: process payments and manage subscriptions or prepaid balances.
- Legal and security: comply with law, enforce terms, prevent abuse, investigate security issues, and protect rights.
4. AI and third-party integration limits
Data accessed through Google APIs, dental software, or other third-party integrations is used only to provide the requested service functionality. We do not use third-party integration data for advertising, profiling, transfer to third-party AI tools for their own training, or unrelated analytics. AI improvements rely on platform-generated and anonymized interaction data where permitted by customer settings, contract terms, and applicable law.
5. Legal basis and consent
We process personal information based on consent, performance of a service agreement, legitimate interests such as security and service improvement, and legal obligations. Call recording, marketing communications, and use cases that require express consent are handled through customer-approved policies and notices. Implied consent may apply to ordinary call handling, message taking, appointment scheduling requested by the caller, and responding to inquiries.
6. Sharing and disclosure
We do not sell personal information. We may share information with service providers that help us operate Xona, such as cloud hosting, communications, payment, analytics, AI infrastructure, support, and security vendors. We may also disclose information for legal requirements, business transfers, protection of rights, or with customer direction. Service providers are expected to protect data and use it only for the purpose we specify.
7. Call recording and notice
Where call recording is enabled, callers should be notified according to the clinic’s policy and applicable law. Customers are responsible for configuring appropriate notices and escalation policies for their jurisdiction and workflow. Xona can support consent wording and recording controls during onboarding.
8. Retention
We retain personal information only as long as necessary to provide the service, meet legal requirements, resolve disputes, enforce agreements, and support security. Call recordings and transcripts are retained according to the customer’s plan and configured retention settings. Account and billing records may be retained longer where required for legal, tax, compliance, or audit purposes.
9. Security
We use technical and organizational safeguards designed to protect personal information, including encryption in transit and at rest, access controls, authentication, logging, secure infrastructure, employee training, and security review practices. No method of transmission or storage is perfectly secure, but we work to reduce risk and respond promptly to suspected incidents.
10. Privacy rights
Canada
- Canadian residents may request access to personal information we hold, correction of inaccurate information, withdrawal of consent where applicable, information about our privacy practices, or the ability to challenge our compliance with privacy law.
United States healthcare workflows
- For healthcare providers that require HIPAA-related commitments, Xonark can review business associate or data-processing terms as part of onboarding. Covered entities remain responsible for determining their legal obligations and configuring appropriate workflows.
Exercising rights
To exercise privacy rights, contact [email protected]. We may need to verify identity and authority before processing a request. We aim to respond within 30 days or as required by applicable law.
11. Cookies and tracking
We use cookies and similar technologies to maintain sessions, remember preferences, improve the website and service, measure campaigns, and support security. Browser settings may allow you to control cookies, though some features may not work correctly if cookies are disabled.
12. International transfers
Information may be transferred to and processed in countries other than where you live. We use contractual, organizational, and technical safeguards intended to protect information during cross-border processing.
13. Children’s privacy
Xona is intended for business and clinic use, not for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can review and delete it where appropriate.
14. Third-party links
Our website and service may link to third-party websites or services. We are not responsible for those third parties’ privacy practices. Review their policies before providing information.
15. Changes and contact
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Questions or requests can be sent to Xonark Technologies Inc. at [email protected], Vancouver, BC, Canada.