Overview
SuproCare ("we," "us") builds AI voice agents that healthcare practices use to answer patient calls, schedule appointments, and run intake. This Privacy Policy describes the information we collect on our marketing website (suprocare.com), how we use it, and the choices you have.
Information that flows through the SuproCare voice agent during a patient call is governed by separate Business Associate Agreements (BAAs) with each clinic that licenses the product. See Patient PHI & HIPAA below.
Data we collect
We collect three categories of information on this website:
- Information you give us directly — name, work email, clinic name, role, number of providers and locations, and any free-text you enter into our demo-request form on the Contact page.
- Information collected automatically — your IP address, browser type, device type, referring URL, pages visited, and approximate location (city/country) from server access logs.
- Cookies and similar technologies — see Cookies & tracking below.
How we use it
- To respond to your demo request and contact you about SuproCare.
- To improve the website (which pages help, which don't, what people search).
- To detect abuse, defend against fraud, and meet legal obligations.
- To send occasional product or industry updates by email, if you opt in. We never sell your information.
Third-party processors
We use a small set of vendors to operate the website and deliver the product. Each is bound by their own privacy practices, and (for the voice agent) by signed BAAs with the clinics we serve:
- Cloud hosting — to run this website and the SuproCare product.
- Telephony and voice infrastructure — to receive and place calls and to stream audio in real time.
- AI language-model provider — the conversational reasoning engine.
- Text-to-speech provider — to generate the agent's voice.
- Speech-to-text provider — to transcribe what the caller says (where applicable).
- Email and CRM — to route demo requests to our sales team.
A current list of named subprocessors and their roles is available on request — contact privacy@suprocare.com.
Patient PHI & HIPAA
SuproCare operates as a HIPAA Business Associate to the clinics that license our voice agent. Every clinic customer signs a Business Associate Agreement with SuproCare, and we hold corresponding BAAs with every subprocessor in the call path (telephony, language model, text-to-speech, speech-to-text, and our cloud host).
Patient PHI is processed strictly for the purposes a clinic directs — scheduling, refills, intake, and care coordination. Identity verification is required before any PHI is read out or written; every turn is timestamped in an append-only audit log retained per HIPAA's requirements.
If you are a patient with a question about your information, please contact your clinic directly — they are the covered entity under HIPAA and the authoritative record of your interactions with the SuproCare agent.
Retention
Demo-request form submissions are retained for as long as we have an active sales relationship with you, and for up to 24 months after the last contact unless you ask us to delete them sooner. Server access logs are retained for 90 days. PHI retention is governed by the BAA with each clinic and applicable law.
Your rights
Depending on where you live, you may have the right to access, correct, port, or delete the personal information we hold about you, and to object to or restrict its processing. To make a request, email privacy@suprocare.com. We will respond within 30 days.
If you are in the EU/UK, our lawful bases are typically your consent (for marketing emails and analytics cookies) and legitimate interests (for operating the website and responding to your demo request).
Security
We use industry-standard safeguards — TLS in transit, encryption at rest, access controls and SSO on internal systems, an append-only audit trail for every action taken inside the voice agent. No system is perfectly secure; if you discover a vulnerability, please email security@suprocare.com so we can investigate.
Children
SuproCare's website and product are not directed to children under 13, and we do not knowingly collect personal information from children on this site. The voice agent may handle pediatric scheduling on behalf of a clinic — that information is processed under the clinic's BAA, not this Privacy Policy.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with a refreshed "Last updated" date. Continued use of the website after a change constitutes acceptance of the revised policy.
Contact
Questions about this Privacy Policy? Email privacy@suprocare.com or write to SuproCare, Cumming, Georgia, United States.