Bluepenguin Platform provides AI-powered virtual phone assistant services to businesses across multiple industries. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our services.
By accessing or using our platform, or by placing or receiving a call handled by our AI assistant, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, please discontinue use of our services.
This Policy applies to:
Our Clients may operate in regulated industries including, but not limited to, healthcare, legal services, and financial services. Where applicable, additional industry-specific obligations are described in Section 9.
When a caller interacts with our AI phone assistant, we may collect:
Our Clients may upload or sync customer records to our platform to enable personalized call handling. This may include names, phone numbers, email addresses, account numbers, appointment histories, or other records maintained by the Client.
We automatically collect technical information when Clients or their administrators access our platform, including IP addresses, browser type, device identifiers, pages visited, feature usage logs, and error reports.
Clients and their representatives may provide information directly when registering for our services, contacting support, or completing forms, such as names, business contact details, and billing information.
We may use de-identified or aggregated call data to train, test, and improve our AI models and speech recognition systems. We do not use personally identifiable information for AI training without a lawful basis and, where applicable, appropriate safeguards. Clients may opt out of contributing data to model training; please contact us for details.
We may use Client contact information to send service notices, security alerts, billing communications, and (where consented) marketing materials about new features or offerings.
Call recordings, transcripts, caller contact information, and appointment or order details collected on behalf of a Client are made available to that Client through our platform. Clients are independently responsible for their own privacy practices with respect to caller data they receive.
We engage trusted third-party vendors to support our operations, including cloud hosting providers, telephony infrastructure partners, payment processors, and analytics providers. These vendors are contractually required to process data only as directed by us and to maintain appropriate security standards.
In the event of a merger, acquisition, asset sale, or similar corporate transaction, personal information may be transferred as part of that transaction. We will notify affected parties as required by law.
We may disclose information when we believe in good faith that disclosure is required by law, regulation, subpoena, court order, or governmental authority, or where necessary to protect legal rights or prevent imminent harm.
We do not sell, rent, or trade personal information to third parties for their own independent marketing or commercial purposes.
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to provide services to our Clients, comply with legal obligations, resolve disputes, and enforce our agreements. Our standard retention practices are:
Clients operating in regulated industries (e.g., healthcare, legal, financial services) may be subject to specific statutory retention requirements that supersede our standard schedule.
We implement industry-standard administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:
No method of electronic transmission or storage is 100% secure. While we strive to protect personal information, we cannot guarantee absolute security. We encourage Clients to maintain strong access credentials and promptly report any suspected security incidents to us.
If you are a caller who has interacted with one of our Clients' AI phone assistants, the Client is the data controller with respect to your information. Please contact the Client directly to exercise privacy rights related to your call data. We will cooperate with Clients in responding to verified end-user requests.
Subject to applicable law, you may have the right to:
To exercise any of these rights, contact us using the information in Section 12. We will respond to verified requests within the timeframes required by applicable law.
Callers who do not wish to have their call recorded may request to speak with a live representative, if the Client has made that option available. Our AI assistant will notify callers of recording at the outset of each call.
Clients in the healthcare industry may use our platform in connection with Protected Health Information ("PHI") as defined by the Health Insurance Portability and Accountability Act ("HIPAA"). For such Clients, we operate as a Business Associate and enter into a Business Associate Agreement ("BAA") governing our handling of PHI. Our HIPAA-compliant service tier includes:
Healthcare Clients: A signed Business Associate Agreement is required before processing PHI through our platform. Contact your account representative to obtain a BAA.
Clients in legal, financial advisory, banking, or insurance sectors may be subject to confidentiality, professional privilege, or consumer financial protection requirements (e.g., Gramm-Leach-Bliley Act, state bar rules). We recommend that such Clients:
Residents of certain states may have additional rights under applicable state privacy laws. While our platform is operated in the United States, we recognize that state-level protections may apply, including:
Recording consent requirements vary by state. Some states require all-party consent (e.g., California, Illinois, Florida), while others require only one-party consent. Our platform is configured to announce recording at the start of calls. Clients are responsible for ensuring their call handling practices comply with the laws applicable to their jurisdiction and the jurisdictions of their callers.
Our services are not directed to or intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 13, we will promptly delete it. Parents or guardians who believe a child's information has been collected should contact us using the information in Section 12.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify Clients by email and/or by posting a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of our services after the effective date of the revised Policy constitutes your acceptance of the changes.
We encourage you to review this Policy periodically. The "Last Updated" date at the top of this document indicates when it was most recently revised.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
This document is provided for informational purposes. Bluepenguin Platform recommends that Clients consult with qualified legal counsel to confirm compliance with all laws and regulations applicable to their specific industry, jurisdiction, and business operations.