Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains how Edona AI LLC ("Edona AI," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the website at edona-ai.com (the "Site") and the Edona AI receptionist service (the "Service"). By using the Site or the Service, you agree to the practices described in this Policy.

Edona AI provides an artificial-intelligence telephone receptionist used by wellness, aesthetic, weight-management, hormone, peptide, concierge, and similar clinics and practices to answer, route, and document inbound calls. This Policy describes our practices both as the operator of the Site and as a service provider that processes information on behalf of the clinics that use the Service.

1. Our regulatory positioning

Edona AI is a communications and call-handling technology provider. It is designed for clinics and practices that provide wellness, aesthetic, concierge, and other services, and it is not a HIPAA "covered entity" or "business associate." Edona AI does not enter into HIPAA Business Associate Agreements and does not hold itself out as HIPAA-compliant. If a clinic that uses the Service is a regulated healthcare provider, that clinic is solely responsible for ensuring that its use of the Service is consistent with the laws that apply to it, including determining what information it routes through the Service.

This Policy is written in terms of "personal information," "sensitive personal information," and "health-related information" as those concepts are used under applicable U.S. state consumer privacy laws, rather than HIPAA.

2. Who we are and our role

For information collected through the Site (such as demo requests and general inquiries) and for our own business and operational data, Edona AI acts as the "business" (sometimes called a "controller") for that information under applicable U.S. state consumer privacy laws.

For information processed when the Service handles calls on behalf of a clinic, Edona AI acts as a service provider and processor on behalf of that clinic. The clinic is the business and controller of that information and is responsible for providing notices to its callers, for the lawfulness of its use of the Service, and for responding to its callers' privacy requests. Our processing of that information is limited to providing the Service and is governed by our agreement with the clinic and by this Policy.

3. Information we collect

3.1 Information you provide through the Site

When you submit a demo request or contact form, or otherwise communicate with us, we collect the information you choose to provide, which may include your name, email address, telephone number, clinic name, clinic location, approximate call volume, and the contents of your message.

3.2 Clinic account information

When a clinic subscribes to the Service, we collect and maintain account and configuration information, which may include business contact details, login credentials, billing and subscription details, the clinic's call-handling configuration, and the contacts designated to receive call notifications.

3.3 Information collected when the Service handles a call

When the Service answers a call on behalf of a clinic, we may collect and process: audio recordings and transcriptions of the portion of the call handled by the AI receptionist; the caller's stated name, callback number, and reason for calling; the category of caller (for example, existing patient, new inquiry, or solicitor); the date, time, and duration of the call; and related call metadata.

Recording and transcription apply only to the portion of a call handled by the AI receptionist. If a call is transferred to the clinic's own staff or telephone line, the Service does not record or transcribe the call after that transfer.

At the start of each call handled by the Service, the AI receptionist provides a verbal notice that the call may be recorded before collecting any caller information. Callers who do not wish to be recorded may end the call or ask to be connected to the clinic directly.

3.4 Health-related and sensitive information

Because the Service is used by wellness and related clinics, some calls may include information that a caller chooses to share about symptoms, medications, hormone or weight-management treatments, wellness goals, or similar matters. We treat this health-related information as sensitive personal information and apply the safeguards described in Section 7. This information is collected and processed only to provide call-handling on behalf of the clinic. Edona AI does not provide medical advice, diagnosis, or treatment, and call records created by the Service are not a medical record. The Service is not intended for emergency communications; callers experiencing an emergency should contact emergency services (such as 911 in the United States). See also our Terms & Conditions.

3.5 Service usage and technical data

When you use the Site or the Service, we and our infrastructure providers may automatically collect limited technical and usage information, such as IP address, browser and device information, pages viewed, referring pages, logs of access and configuration changes, and similar information, through server logs and similar technologies. We use this for security, troubleshooting, and analytics. The Site does not use advertising trackers.

4. How we use information

We use information for the following purposes:

  • To respond to demo requests, inquiries, and support messages, and to communicate with you about the Service;
  • To provide, operate, maintain, and improve the Service on behalf of clinics, including answering calls, routing callers, capturing messages, and delivering call summaries and notifications to the relevant clinic;
  • To generate transcripts and records of AI-handled calls for the clinic's reference and for the quality, accuracy, and reliability of the Service;
  • To administer clinic accounts, including configuration, billing, and support;
  • To monitor, secure, and troubleshoot the Site and the Service, and to detect and prevent fraud or misuse;
  • To comply with legal obligations and enforce our agreements.

We collect and use personal information only to the extent reasonably necessary to achieve the purposes described in this Policy and our agreements with clinics. We do not use identifiable call content — including call recordings or transcripts — to train generalized or third-party artificial-intelligence models, and we have configured our service providers so that call content processed through the Service is not used to train their artificial-intelligence models. We may use de-identified or aggregated information, which does not identify any individual, to analyze and improve the performance, accuracy, and reliability of the Service. If our practices regarding the use of identifiable call content for model training change in the future, we will update this Policy and, where required by law, obtain appropriate consent before doing so.

5. How information is shared

We share information only as described below:

  • With the clinic. Information collected when the Service handles a call is made available to the clinic on whose behalf the call was answered, including call records, transcripts, caller details, and notifications.
  • With service providers. We rely on a limited set of third-party providers to operate the Service and the Site. These include telephony providers (such as Twilio) that connect and route calls; AI voice technology providers (such as ElevenLabs) that power the conversational receptionist; and cloud hosting, database, and storage providers (such as Supabase and Cloudflare) that host our application and securely store call records, transcripts, and recordings. We may also use providers for email delivery, error monitoring, and operational support. These providers are permitted to process information only to provide their services to us, and we have configured our providers, where such settings are available, so that call content is not used to train their models. They are not authorized by us to use the information for their own model training, marketing, profiling, or other unrelated purposes. We maintain a current set of core infrastructure providers, and the specific providers we use may change as we improve the Service.
  • For legal and safety reasons. We may disclose information where required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, or safety of Edona AI, our clinics, callers, or others.
  • In a business transfer. If Edona AI is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or similar targeted advertising.

6. Data retention

We retain call recordings, transcripts, and related records for as long as needed to provide the Service to the relevant clinic, to meet the retention periods set out in our agreement with that clinic, and to comply with our legal obligations, after which the information is deleted or de-identified. Clinic account information is retained for the duration of the clinic's subscription and as needed for our legitimate business and legal purposes. Information you submit through the Site is retained for as long as needed to respond to your inquiry and for our business records.

7. Data security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and loss. These include encryption of recordings and transcripts in transit and at rest, role-based access controls with restricted and logged internal access to stored call data, and reliance on established cloud and telephony providers that operate audited, secure data-center practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data incidents and breach notification

In the event of a security incident affecting personal information, we will investigate and take reasonable steps to contain and mitigate the incident. Where required by applicable law, we will notify affected clinics or individuals, and any applicable regulators, of breaches involving personal information, including health-related information, within the timeframes the law requires.

9. Your privacy rights

Depending on where you live, you may have rights, as applicable under state consumer privacy laws, regarding your personal information, which may include the right to access, correct, or delete personal information we hold about you; the right to know how we use and disclose it; the right to opt out of any sale or sharing for cross-context behavioral advertising; and the right to limit the use of sensitive personal information. We honor these rights as required by applicable law and will not discriminate against you for exercising them.

To make a request relating to information we hold as a business or controller — such as information submitted through the Site or clinic account data — contact us at legal@edona-ai.com. We may need to verify your identity before responding. For information processed on behalf of a clinic through the Service, requests should be directed to the relevant clinic, which controls that information; we will support the clinic in responding as required by our agreement.

10. Children's privacy

The Site and the Service are not directed to children, and we do not knowingly collect personal information from children through the Site. The Service may handle calls on behalf of clinics whose patients include minors; in those cases the clinic is responsible for any consent and handling required for minors' information.

11. U.S.-based processing

Edona AI operates in the United States, and the information we process is stored and processed in the United States. If you access the Site or the Service from outside the United States, you understand that your information will be processed in the United States.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be reflected on this page, and your continued use of the Site or the Service after an update constitutes acceptance of the revised Policy.

13. Contact us

Questions or requests regarding this Policy or our privacy practices can be sent to legal@edona-ai.com, or by mail to Edona AI LLC.