Xentara Privacy Policy
This Privacy Policy explains how Xentara (“we,” “our,” or “us”) collects, uses, stores, and protects personal information when users (“Clients”) access our platform, Virtual Assistant services, and any integrated tools, including third-party APIs such as Google services.
By using Xentara, you agree to the practices described in this Privacy Policy.
1. Information We Collect
We may collect the following categories of information:
1.1 Information provided by the Client
Name, email address, phone number, and business details
Clinic or healthcare practice data (hours, pricing, services, location)
Information added to customize the Virtual Assistant
Billing information
1.2 Information related to patient inquiries
Xentara processes:
Patient names
Phone numbers or communication IDs
Messages exchanged with the Virtual Assistant
Appointment requests
General inquiries
Important:
We do not request, collect, or store medical diagnoses, medical records, or sensitive health data unless strictly necessary for appointment scheduling (e.g., reason for visit communicated voluntarily by the user).
1.3 Information collected automatically
Usage data and interaction logs
Device type, browser, IP address
System analytics and performance metrics
1.4 Google User Data (for verification and API access)
If the Client connects their Google account (e.g., Google Calendar API), Xentara may access:
Calendar event details necessary for appointment scheduling
Calendar availability
Basic profile information (Google ID, email)
We do not access Gmail content, Drive files, contacts, documents, or any unrelated Google data.
2. How We Use the Information
We use personal data solely to provide and improve our services:
Automating patient communication through the Virtual Assistant
Scheduling appointments via integrated calendars
Syncing availability with the Client’s scheduling system
Delivering messages, notifications, and reminders
Personalizing the Client’s Virtual Assistant
Improving system performance and support
Processing payments and subscription management
We do not use personal data for advertising purposes.
3. How We Use Google User Data (Required for Google Verification)
When a Client integrates Google services, Xentara uses Google data strictly within Google’s Limited Use Policy.
3.1 Google Calendar API
We access calendar information exclusively to:
Read availability
Create or update appointments requested by patients
Prevent double-booking
We do not:
Store Google Calendar event content beyond what is necessary
Share Google data with third parties
Use Google data for marketing, profiling, or advertising
Sell or export Google data outside the platform
3.2 Google Limited Use Compliance
Xentara complies with:
Google API Services User Data Policy
Limited Use Requirements
OAuth verification standards
Restrictions on handling sensitive scopes
Google data is not used to serve ads, nor is it combined with third-party data.
4. Legal Basis for Processing
We process personal data based on:
The Client’s explicit consent
Contractual necessity (providing the service)
Legitimate interest (platform security, improvements)
Compliance with applicable law
5. Data Storage and Security
We implement industry-standard security measures, including:
Encrypted data transmission (HTTPS/TLS)
Encrypted storage where applicable
Access controls and authentication
Monitoring for unauthorized access
We store data only as long as necessary to provide the service or as required by law.
6. Data Sharing
We do not sell personal data.
We only share information with:
Service providers essential for platform operations (e.g., hosting, database systems)
Third-party APIs explicitly authorized by the Client (e.g., Google Calendar)
Legal authorities when required by applicable law
All providers adhere to confidentiality and security obligations.
7. Patient Data
When interacting with the Virtual Assistant, patients may provide basic personal information.
Xentara processes this data solely on behalf of the Client.
The Client is responsible for:
Obtaining consent from patients
Providing any required healthcare disclosures
Ensuring compliance with local data protection laws
Xentara does not contact patients independently nor use patient data for any purpose beyond the functioning of the Assistant.
8. Data Retention and Deletion
Data is retained only as long as necessary to provide the service.
Clients may request:
Export of their data
Deletion of their account
Removal of patient conversations and logs
Upon deletion:
All Client data is removed from active systems
Backups are purged following standard retention cycles
Google Calendar tokens and permissions are revoked
9. User Rights
Depending on the client’s location, rights may include:
Access to personal data
Correction of inaccurate data
Deletion request (“right to be forgotten”)
Objection to certain processing
Data portability
Withdrawal of consent
Requests may be sent to our support email.
10. Children’s Privacy
Xentara is not intended for children under 18, and we do not knowingly collect data from minors.
Clients must ensure that no child data is entered into the system without parental consent, where required.
11. International Data Transfers
Data may be processed in countries where our servers or providers operate.
We ensure adequate protection through:
Standard contractual clauses (SCCs)
Secure hosting environments
Compliance with regional privacy laws (GDPR, LATAM regulations, etc.)