Privacy Policy
Last updated: May 17, 2026
Flora Advisors ("Company," "we," "us," or "our") operates the Ora AI receptionist platform. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our services. We are committed to protecting patient privacy and complying with applicable healthcare privacy laws including HIPAA.
1. Information We Collect
Account Information: When you create an account, we collect your name, email address, phone number, practice name, and billing information.
Patient Information: Through the operation of our Services, we may process patient names, dates of birth, phone numbers, appointment details, insurance information, and other information patients provide during calls. This information is processed on behalf of your practice as a Business Associate under HIPAA.
Call Data: We process call recordings, transcripts, and metadata (duration, time, outcome) to provide and improve our Services. PII redaction is applied to recordings and transcripts as configured.
Usage Data: We automatically collect information about how you interact with our Services, including log data, device information, and analytics.
2. How We Use Information
We use the information we collect to:
- Provide, maintain, and improve our Services
- Process appointments and manage patient interactions on behalf of your practice
- Communicate with you about your account, updates, and support requests
- Ensure the security and integrity of our platform
- Comply with legal obligations
- Analyze usage patterns to improve our AI and service quality
3. HIPAA and Protected Health Information
We recognize that certain information processed through our Services constitutes Protected Health Information ("PHI") under HIPAA. As a Business Associate, we:
- Enter into Business Associate Agreements (BAAs) with covered entity customers
- Implement administrative, physical, and technical safeguards to protect PHI
- Use encryption in transit and at rest for all PHI
- Limit access to PHI to authorized personnel only
- Conduct regular security assessments and audits
- Maintain breach notification procedures as required by HIPAA
- Apply PII redaction to call recordings and transcripts
4. Information Sharing
We do not sell your personal information or patient data. We may share information with:
- Service Providers: Third-party vendors who assist in providing our Services (e.g., cloud hosting, voice processing), bound by confidentiality agreements and BAAs where applicable
- PMS Integration: Your practice management system, as authorized by you, to read and write appointment and patient data
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections
5. Data Security
We implement industry-standard security measures to protect your data, including:
- End-to-end encryption for data in transit (TLS 1.2+)
- Encryption at rest for stored data (AES-256)
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Secure cloud infrastructure with BAA coverage (AWS)
- Employee security training and background checks
6. Data Retention
We retain your data for as long as your account is active or as needed to provide you Services. Call recordings and transcripts are retained according to your practice's configuration and applicable legal requirements. Upon account termination, we will delete or de-identify your data within 90 days, unless retention is required by law.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information
- Object to or restrict certain processing activities
- Data portability
- Withdraw consent where processing is based on consent
To exercise these rights, please contact us at hello@ora.ai.
8. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. Patient information for minors is collected and processed on behalf of the dental practice as part of standard healthcare operations.
9. Third-Party Services
Our Services integrate with third-party platforms including practice management systems, voice processing services, and cloud infrastructure providers. Each third-party service has its own privacy practices. We encourage you to review their privacy policies. Our key sub-processors maintain HIPAA compliance and have executed BAAs with us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Flora Advisors
Email: hello@ora.ai
Phone: (210) 898-9349