SuproCareSuproCareBook a Demo

Legal

Privacy Policy

Last updated: May 27, 2026

Overview

SuproCare ("we," "us") builds AI voice agents that healthcare practices use to answer patient calls, schedule appointments, and run intake. This Privacy Policy describes the information we collect on our marketing website (suprocare.com), how we use it, and the choices you have.

Information that flows through the SuproCare voice agent during a patient call is governed by separate Business Associate Agreements (BAAs) with each clinic that licenses the product. See Patient PHI & HIPAA below.

Template note: this Privacy Policy is a sensible starting point for a B2B healthcare SaaS, but it is not legal advice. Have your counsel review before going live, especially the HIPAA, GDPR/UK GDPR, and state-law (e.g. CCPA, VCDPA) sections that apply to your operation.

Data we collect

We collect three categories of information on this website:

  • Information you give us directly — name, work email, clinic name, role, number of providers and locations, and any free-text you enter into our demo-request form on the Contact page.
  • Information collected automatically — your IP address, browser type, device type, referring URL, pages visited, and approximate location (city/country) from server access logs.
  • Cookies and similar technologies — see Cookies & tracking below.

How we use it

  • To respond to your demo request and contact you about SuproCare.
  • To improve the website (which pages help, which don't, what people search).
  • To detect abuse, defend against fraud, and meet legal obligations.
  • To send occasional product or industry updates by email, if you opt in. We never sell your information.

Cookies & tracking

We use a small number of cookies and similar technologies:

  • Strictly necessary — to remember whether you have accepted or declined this cookie banner (suprocare:cookie-consent in your browser's localStorage). This is always active.
  • Analytics — if you accept, we may load a privacy-respecting analytics script (e.g. Plausible, Fathom) that records page views without using cross-site tracking cookies.
  • None for advertising — we do not run advertising trackers, retargeting pixels, or social-network tracking pixels on this site.

You can change your choice at any time by clearing suprocare:cookie-consent in your browser storage; the banner will then reappear on your next visit.

Third-party processors

We use a small set of vendors to operate the website and deliver the product. Each is bound by their own privacy practices, and (for the voice agent) by signed BAAs with the clinics we serve:

  • Cloud hosting — to run this website and the SuproCare product.
  • Telephony and voice infrastructure — to receive and place calls and to stream audio in real time.
  • AI language-model provider — the conversational reasoning engine.
  • Text-to-speech provider — to generate the agent's voice.
  • Speech-to-text provider — to transcribe what the caller says (where applicable).
  • Email and CRM — to route demo requests to our sales team.

A current list of named subprocessors and their roles is available on request — contact privacy@suprocare.com.

Patient PHI & HIPAA

SuproCare operates as a HIPAA Business Associate to the clinics that license our voice agent. Every clinic customer signs a Business Associate Agreement with SuproCare, and we hold corresponding BAAs with every subprocessor in the call path (telephony, language model, text-to-speech, speech-to-text, and our cloud host).

Patient PHI is processed strictly for the purposes a clinic directs — scheduling, refills, intake, and care coordination. Identity verification is required before any PHI is read out or written; every turn is timestamped in an append-only audit log retained per HIPAA's requirements.

If you are a patient with a question about your information, please contact your clinic directly — they are the covered entity under HIPAA and the authoritative record of your interactions with the SuproCare agent.

Retention

Demo-request form submissions are retained for as long as we have an active sales relationship with you, and for up to 24 months after the last contact unless you ask us to delete them sooner. Server access logs are retained for 90 days. PHI retention is governed by the BAA with each clinic and applicable law.

Your rights

Depending on where you live, you may have the right to access, correct, port, or delete the personal information we hold about you, and to object to or restrict its processing. To make a request, email privacy@suprocare.com. We will respond within 30 days.

If you are in the EU/UK, our lawful bases are typically your consent (for marketing emails and analytics cookies) and legitimate interests (for operating the website and responding to your demo request).

Security

We use industry-standard safeguards — TLS in transit, encryption at rest, access controls and SSO on internal systems, an append-only audit trail for every action taken inside the voice agent. No system is perfectly secure; if you discover a vulnerability, please email security@suprocare.com so we can investigate.

Children

SuproCare's website and product are not directed to children under 13, and we do not knowingly collect personal information from children on this site. The voice agent may handle pediatric scheduling on behalf of a clinic — that information is processed under the clinic's BAA, not this Privacy Policy.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with a refreshed "Last updated" date. Continued use of the website after a change constitutes acceptance of the revised policy.

Contact

Questions about this Privacy Policy? Email privacy@suprocare.com or write to SuproCare, Cumming, Georgia, United States.