Privacy Policy

Last updated: May 18, 2026

Catch.ai ("we," "us," or "our") operates the Catch.ai platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

Account Information: When you create an account, we collect your name, email address, phone number, date of birth, gender, and clinic name.
Payment Information: When you subscribe to a paid plan, payment is processed through PayPal. We do not store your credit card or bank details. We retain a transaction reference ID for billing records.
Clinic Configuration: Business details you provide during onboarding, such as clinic hours, specialties, and preferred settings.

1.2 Information Collected Automatically

Call Data: When our Service intercepts a missed call, we log the caller's phone number, call timestamp, call status, and associated user account.
WhatsApp Conversations: Messages exchanged between our AI assistant and your callers via WhatsApp are logged for the purpose of booking appointments and improving service quality.
Usage Data: We collect analytics on how you interact with the dashboard (pages viewed, features used, session duration).
Device & Browser Data: IP address, browser type, operating system, and screen resolution for security and performance optimization.

1.3 Information from Third Parties & Integrations

Communication Partners: Twilio (telephony & SMS), Vapi (voice AI), and OpenAI (conversational AI processing).
Infrastructure: Supabase (database & authentication) and GeoJS (location approximation for pricing).
Calendar Integrations (Google & Microsoft): If you connect your calendar via OAuth, we access it to check availability and book appointments. We only read free/busy times and write appointment blocks generated by the AI. We do not read unrelated personal events.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Detect missed calls and send automated WhatsApp follow-ups on your behalf
Book appointments for your callers using AI-powered conversations
Process payments and manage subscriptions
Send you account-related notifications (e.g., trial expiry, subscription renewals)
Improve, personalize, and expand our Service
Detect and prevent fraud, abuse, or security incidents
Comply with legal obligations

3. Data Sharing & Disclosure

We do not sell your personal data. We may share your information with:

Service Providers: Twilio (calls & messaging), OpenAI (AI responses), Supabase (database & auth), PayPal (payments), and Vapi (voice AI). Each provider processes data only as necessary to deliver their service and is subject to their own privacy policies.
Google API Limited Use Disclosure: Catch.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Legal Compliance: If required by law, regulation, legal process, or governmental request.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

4. Data Retention

Account Data: Retained as long as your account is active. You may request deletion at any time.
Call Logs & Conversations: Retained for 90 days after creation, then automatically purged.
Payment Records: Retained for 7 years for tax and legal compliance.

5. Data Security

We implement industry-standard security measures including:

HTTPS/TLS encryption for all data in transit
Supabase Row-Level Security (RLS) for database access control
Hashed and salted passwords (managed by Supabase Auth)
Rate limiting on all API endpoints
Twilio webhook signature validation
JWT token verification for authenticated requests

However, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate data.
Deletion: Request that we delete your personal data.
Portability: Request a machine-readable export of your data.
Objection: Object to processing of your data for certain purposes.
Restriction: Request that we limit how we process your data.

To exercise any of these rights, contact us at privacy@catch-ai.com.

7. International Data Transfers

Your data may be processed in countries other than your own, including the United States. Our service providers (Twilio, OpenAI, Supabase) maintain data processing agreements that include Standard Contractual Clauses where required.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us to request deletion.

9. Cookies & Tracking

We use minimal cookies:

Essential Cookies: Supabase authentication session tokens (required for the Service to function).
No Advertising Cookies: We do not use tracking pixels, advertising cookies, or third-party analytics that track you across websites.

10. Health Privacy & HIPAA Compliance (US Clinics)

Catch.ai provides tools for clinics but is not inherently a HIPAA-compliant platform out-of-the-box. If you are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), you agree not to transmit Protected Health Information (PHI) through the Service unless a Business Associate Agreement (BAA) is formally executed between you and Catch.ai. Our standard plans do not include a BAA.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@catch-ai.com
Website: https://catchai.live