EHealthMed.ai
EHealthVoice AIfrom EHealthMed
EHealthVoice AIBack to Home

Privacy Policy

EHealthVoice AI from EHealthMed

Effective Date: 13 March 2026Last Updated: 22 March 2026

EHealthMed Ltd ("EHealthMed", "we", "us", or "our") operates the EHealthVoice AI healthcare voice agent platform and the associated websites at ehealthmed.ai and ehmed.ai (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, what we deliberately do not collect or store, and the rights you have over your data.

We encourage you to read this policy in full. If you have questions, contact us at [email protected] before using the Service.

1. Who This Policy Applies To

This policy applies to:

  • Clinicians and healthcare professionals who use the EHealthVoice AI platform to manage patient communications and scheduling
  • Healthcare practice administrators who manage organisational accounts
  • Visitors to ehealthmed.ai and ehmed.ai

It does not apply to patients whose speech may be processed through the platform. Patients do not create accounts and no patient data is retained by EHealthMed. See Section 4 for details.

2. The Controller

The data controller responsible for your personal information is:

EHealthMed AI

Contact: [email protected]

Support: ehmed.ai/support

3. Information We Collect

3.1 Account Registration Data

When you create an account, we collect:

Data ElementPurposeLegal Basis
Email addressAccount identification, login, and service communicationsContract performance
Password (bcrypt-hashed)AuthenticationContract performance
Account creation timestampAudit trail and securityLegitimate interest
Subscription tier and usage minutesService entitlement managementContract performance

We do not collect your name, date of birth, phone number, or any demographic information unless you voluntarily provide it when contacting support.

3.2 Usage and Audit Logs

For security and compliance purposes, we maintain an audit log that records:

Log EntryWhat Is RecordedRetention
Login eventsTimestamp, account ID, IP address90 days
Voice AI session eventsTimestamp, account ID, agent type, session duration90 days
Account changesTimestamp, account ID, type of change90 days
Auto sign-off eventsTimestamp, account ID90 days

Audit logs do not contain any speech audio, transcribed text, or clinical notes. They record only metadata (when, who, which agent type) — never the content of any medical communication.

3.3 Device and Technical Data

When you use the platform, we may automatically receive:

  • Device type and operating system version (for compatibility and crash reporting)
  • Browser version and app version number
  • General geographic region derived from IP address (country level only, not precise location)

We do not use device fingerprinting or persistent advertising identifiers.

4. What We Deliberately Do Not Collect or Store

This section is central to the design of EHealthVoice AI and is a core commitment to our users.

We do not store, log, or retain any of the following:

  • Voice recordings or audio files from clinician or patient speech (beyond the active call session)
  • Speech-to-text transcripts of spoken medical phrases (beyond the active session)
  • Patient names, identifiers, or any information that could identify a patient
  • Medical record numbers, diagnoses, or clinical notes

All speech audio, transcription output, and AI-generated responses are processed during an active voice session. When the session ends, real-time processing data is discarded. Call recordings and transcripts are stored only when explicitly enabled by the healthcare practice and are encrypted at rest.

This architecture means that EHealthVoice AI is designed to minimise Protected Health Information (PHI) exposure as defined under the HIPAA Privacy Rule (45 CFR §160.103). Where PHI handling is necessary for EHR integration, it is governed by Business Associate Agreements.

5. Third-Party Services

To deliver the voice AI and integration functionality, data may be transmitted to the following third-party processors during active sessions:

ProcessorFunctionData Transmitted
OpenAI (Whisper API)Speech-to-text transcriptionAudio recording (in-session only)
OpenAI (GPT API)AI conversation processingTranscribed text (in-session only)
TwilioTelephony and voice infrastructureCall audio streams (in-session only)
StripePayment processingBilling information
EHR Systems (EPIC, Cerner, eCW, etc.)Clinical data integrationFHIR resources (as authorized)
Google Calendar (Google LLC)Appointment schedulingCalendar event data (see Section 5A)
GoHighLevel (HighLevel Inc.)CRM and appointment schedulingContact and calendar data

We are in the process of executing Business Associate Agreements (BAAs) with all applicable third-party processors as required under HIPAA. Enterprise customers requiring a BAA with EHealthMed Ltd should contact [email protected].

5A. Google Calendar Integration — Data Handling Disclosure

EHealthVoice AI integrates with Google Calendar to enable healthcare practices to manage appointment scheduling directly from the platform. This section describes how we access, use, store, and protect data obtained through Google Calendar APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

5A.1 Scopes Requested

When you connect your Google Calendar account, we request only the minimum OAuth scopes necessary to provide the scheduling functionality:

ScopePermissionPurpose
calendar.readonlyRead-only access to calendar listDisplay your calendars so you can select which one to use for appointment scheduling
calendar.eventsRead and write access to calendar eventsCheck appointment availability, create new appointments, and update existing appointments on your behalf

We do not request access to your contacts, email, drive, or any other Google services. We do not request full calendar management permissions — only the ability to read calendars and manage events.

5A.2 Data We Access and How We Use It

Data AccessedHow We Use ItStored Locally?
Calendar list (names and IDs)Allow you to select which calendar to use for schedulingCalendar name and ID of selected calendar only
Event free/busy timesCheck availability before booking an appointmentNot stored — queried in real time
Newly created event detailsCreate appointment events on your calendarEvent ID stored for reference; event content lives in Google Calendar
Updated event detailsReschedule or modify existing appointmentsNot stored — changes written directly to Google Calendar

We do not read, scan, index, or analyse the content of your existing calendar events. Availability checks use only free/busy time blocks, not event titles, descriptions, attendees, or other event metadata.

5A.3 OAuth Tokens and Credentials

When you authorise EHealthVoice AI to access your Google Calendar, Google issues OAuth tokens (an access token and a refresh token). We handle these as follows:

  • OAuth tokens are encrypted at rest using AES-256-GCM before storage in our database
  • Tokens are used exclusively to perform the calendar operations described above on your behalf
  • Access tokens are short-lived and automatically refreshed using the refresh token when they expire
  • Tokens are never shared with third parties, logged in plain text, or transmitted outside our server infrastructure
  • When you disconnect Google Calendar from the platform, all stored tokens are immediately and permanently deleted from our database

5A.4 Limited Use Compliance

Google API Services Limited Use Disclosure

EHealthVoice AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we commit to the following:

  • Limited use: We only use Google Calendar data to provide and improve the appointment scheduling features described in this policy. We do not use this data for advertising, market research, or any purpose unrelated to the core scheduling functionality.
  • No unauthorised transfer: We do not transfer Google Calendar data to third parties except as necessary to provide the scheduling service (e.g., creating an event on your calendar), with your explicit consent, or as required by law.
  • No human reading: We do not allow humans to read your Google Calendar data unless you have given affirmative consent for a specific support request, it is necessary for security purposes (investigating abuse or a security incident), it is required by law, or the data has been aggregated and anonymised for internal operations.
  • No secondary use: We do not use Google Calendar data to build user profiles, serve advertisements, or train machine learning models.

5A.5 Revoking Access

You can disconnect Google Calendar from EHealthVoice AI at any time through two methods:

  • From EHealthVoice AI: Navigate to Integrations in your dashboard and click "Disconnect" next to Google Calendar. This immediately deletes all stored OAuth tokens and calendar configuration from our systems.
  • From Google: Visit myaccount.google.com/permissions and revoke access for EHealthVoice AI. This invalidates all tokens immediately. The next time our system attempts to use the connection, it will detect the revocation and remove the stored credentials.

After disconnection, no Google Calendar data remains in our systems. Previously created calendar events remain in your Google Calendar and are not affected by disconnecting.

6. How We Use Your Information

We use the information we collect for the following purposes:

Service delivery.Your account data is used to authenticate you, manage your subscription entitlement, and enforce usage limits.
Security and fraud prevention.Audit logs are used to detect unauthorised access, investigate security incidents, and enforce our Terms of Service.
Service communications.We may send you transactional emails (account confirmation, password reset, subscription renewal notices). We do not send marketing emails without your explicit consent.
Legal compliance.We may process and retain data as required by applicable law, including healthcare regulations and financial record-keeping obligations.

We do not sell your personal data to third parties. We do not use your data for advertising or behavioural profiling.

7. Data Retention

Data CategoryRetention PeriodBasis
Account registration dataDuration of account + 30 days after deletionContract performance
Subscription and billing records7 yearsLegal obligation
Audit logs90 daysHIPAA audit trail
Speech audio, transcriptsNot retained — zero retentionPrivacy by design
Google Calendar OAuth tokensUntil disconnected by user — then immediately deletedUser consent / contract
Google Calendar event dataNot retained — queried in real time onlyLimited Use policy

8. Data Security

We implement the following technical and organisational measures to protect your data:

Encryption in transit.All communications between the platform, the backend, and third-party APIs use TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enforced.
Encryption at rest.The database infrastructure encrypts data at rest. Sensitive credentials are encrypted using AES-256-GCM.
Password security.Passwords are hashed using bcrypt with a cost factor of 12. Plain-text passwords are never stored or logged.
Access control.Backend API endpoints are protected by JWT authentication. Role-based access control separates admin, staff, and user permissions. Rate limiting is applied to all authentication endpoints.
Inactivity sign-off.The platform automatically signs out users after 30 minutes of inactivity to protect data on unattended devices.
Audit logging.All authentication and session events are logged with timestamps for security review and compliance auditing.

No security system is infallible. In the event of a data breach that affects your personal information, we will notify affected users and relevant regulatory authorities within the timeframes required by applicable law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

RightDescriptionHow to Exercise
AccessRequest a copy of the personal data we hold about you[email protected]
RectificationRequest correction of inaccurate data[email protected]
ErasureRequest deletion of your account and associated data[email protected]
RestrictionRequest that we limit processing of your data[email protected]
PortabilityRequest your data in a structured, machine-readable format[email protected]
ObjectionObject to processing based on legitimate interest[email protected]
Withdraw consentWhere processing is based on consent, withdraw it at any time[email protected]

GDPR (EEA/UK users). If you are located in the European Economic Area or the United Kingdom, you have the rights listed above under the GDPR or UK GDPR. You also have the right to lodge a complaint with your local supervisory authority.

CCPA (California residents). If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.

HIPAA. EHealthVoice AI is designed to minimise PHI handling. Where EHealthMed acts as a Business Associate under HIPAA, your rights with respect to PHI are governed by your covered entity's Notice of Privacy Practices, not this policy.

We will respond to all rights requests within 30 days. We may ask you to verify your identity before fulfilling a request.

10. Children's Privacy

The Service is intended for use by licensed healthcare professionals and is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at [email protected] and we will delete it promptly.

11. International Data Transfers

EHealthMed's backend infrastructure is hosted in the United States. If you access the Service from outside the United States, your account data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for transfers of personal data from the EEA or UK to the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify registered users by email at least 14 days before the change takes effect
  • Where required by law, seek your consent before applying the change

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

13. Contact Us

For privacy-related enquiries, data subject rights requests, or to report a concern:

Privacy Officer — EHealthMed Ltd

Email: [email protected]

General: [email protected]

Phone: (678) 904-7602 | (888) 455-8490

115 E Main Street, St A1B #1017, Buford GA 30518

Support: ehmed.ai/support

We aim to respond to all enquiries within 5 business days.

This Privacy Policy was last reviewed and approved on 22 March 2026.