Privacy Policy
1. Introduction
This Privacy Policy (“Policy”) explains how CallHero Technologies Inc. (“CallHero,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards personal information and personal health information (PHI) when you use our websites (mycallhero.com, app.mycallhero.com) and our services (“Services”).
We are committed to protecting privacy in accordance with the strictest applicable data protection and health privacy laws in the jurisdictions where we operate, including for example:
HIPAA (United States)
PIPEDA and provincial health privacy laws (Canada)
GDPR / UK GDPR (European Union, United Kingdom)
Privacy Act 1988 & Australian Privacy Principles (Australia)
Where privacy requirements differ, CallHero applies the highest practicable standard unless local law requires otherwise. This Policy applies globally to all users and clients.
2. Roles and Responsibilities
Clinics and Practices act as custodians, controllers, or covered entities under applicable laws. They are solely responsible for obtaining valid consents, notices, and authorizations from patients or callers before using CallHero’s Services.
CallHero acts as a service provider, processor, affiliate, or business associate, processing information only on behalf of and under the lawful instructions of the clinic or practice.
3. Information We Collect
We collect:
From callers: phone number, caller ID, call content (recordings or transcripts if enabled), and call metadata.
From clinics/users: account details, contact info, billing data (processed via secure payment providers), and training/consultation information.
From EMR integrations (where enabled by the client): patient name, phone number, appointment details (such as date, time, provider, and service type), and related scheduling information necessary to deliver call management, reminders, and analytics.
Automatically: device/browser data, IP addresses, cookies, usage analytics, and service interaction data.
From support interactions: emails, chat logs, and service tickets.
We limit collection to the minimum necessary to provide and improve Services.
4. How We Use Information
CallHero is in the business of providing call performance tracking software and call handling training program. Our application offers features such as call logging, call recording, call routing, and conversational analysis. We also offer expert consultations, online training classes and webinars to guide our customers on improving call performance (“Services”)
We use information to:
Provide call management, transcription, analytics, and virtual assistant services.
Deliver alerts, missed-call notifications, and scheduling support.
Improve service quality, security, and compliance.
Support product development using aggregated or de-identified data that cannot reasonably identify individuals.
Fulfill legal and contractual obligations.
We do not use PHI for advertising or unrelated marketing purposes.
5. Data Storage and International Transfers
Hosting & Storage: CallHero stores personal information and PHI in the country where the client is located, using secure, encrypted cloud data centers (e.g., Canadian data hosted in Canada, U.S. data hosted in the U.S., EU data hosted in the EU).
Overseas Access: If you engage CallHero’s Virtual Assistant (VA) services, authorized personnel (e.g., in the Philippines) may access PHI from outside the client’s country strictly for service delivery, under confidentiality and security safeguards.
Cross-Border Transfers: Where information must be accessed internationally, we apply legal, contractual, and technical safeguards, including:
EU Standard Contractual Clauses (SCCs)
UK International Data Transfer Agreements (IDTAs)
HIPAA Business Associate Agreements (BAAs)
Encryption and role-based access controls
Clinics are responsible for notifying patients if their PHI may be accessed outside their home country, as required by law.
6. Safeguards
We maintain safeguards aligned with internationally recognized standards such as SOC 2 and ISO/IEC 27001. These include:
Technical: Encryption at rest (AES-256), TLS encryption in transit, multi-factor authentication (MFA), role-based access, continuous logging, and monitoring.
Administrative: Confidentiality agreements, annual staff training, access reviews, and internal audits.
Physical: Secure hosting environments with restricted, monitored access.
7. Retention and Disposal
Default retention: Call recordings and PHI are retained for 12 months unless a shorter or longer retention period is configured by the client.
Client/account data: Retained while you remain a client, then securely deleted upon termination (subject to legal/tax retention requirements).
Secure disposal: Data is erased using industry-standard secure deletion methods.
8. Subcontractors and Third Parties
We may engage trusted subcontractors and service providers for hosting, messaging, analytics, and technical support.
All subcontractors:
Must contractually maintain equivalent privacy and security protections.
Are subject to confidentiality obligations and, where applicable, audit or oversight rights.
A list of key providers is available upon request.
9. Disclosures
We do not sell personal information or PHI. We may disclose information only:
With client consent.
To fulfill the purpose for which it was collected.
To payment processors and technical service providers.
To comply with legal obligations or regulatory requests.
As part of business transactions (e.g., merger, acquisition, sale of assets).
To trusted vendors bound by contract.
We do not share PHI with third parties for their independent business purposes without consent.
10. Breach Response
In the event of a privacy or security incident:
CallHero will notify the affected client without undue delay and, where applicable (e.g., GDPR), within 72 hours.
We will cooperate fully to support clinics in meeting breach notification obligations under HIPAA, PIPEDA, GDPR, UK GDPR, or APPs.
11. Access and Correction Rights
Individuals may request access to or correction of their personal information or PHI.
Requests received directly by CallHero will be referred to the responsible clinic/practice.
CallHero supports clients in fulfilling such requests, including right of access, correction, erasure, or data portability (where required by law).
12. Marketing and Communications
We comply with applicable anti-spam and marketing laws, including:
CASL (Canada)
CAN-SPAM (United States)
Spam Act 2003 (Australia)
GDPR / UK GDPR (Europe/UK)
Users may withdraw consent or opt out of communications at any time. We do not use PHI for marketing without explicit written consent.
13. Children’s Privacy
Our Services are not intended for children under the minimum age defined by local law (e.g., 13 in the U.S., 16 in the EU).
If we learn that PHI of a minor has been collected without appropriate consent, we will delete it promptly.
14. Changes to This Policy
We may update this Policy periodically to reflect changes to our practices, technologies, or legal requirements. The latest version will always be available at [mycallhero.com/privacy].
Clients are responsible for reviewing the current version of this Policy. Continued use of the Services after any changes constitutes acceptance of the updated Policy.
For material changes that significantly affect client rights or obligations, CallHero may, at its discretion, provide additional notice (such as email or in-app notification).
15. Contact Us
For questions, requests, or complaints, please contact our Privacy Officer:
CallHero Privacy Officer
[email protected]
+1-866-789-HERO
CallHero Technologies Inc., 1816-4500 Kingsway, Burnaby, BC V5H 2A9
Additional regional contact details may be provided where required by law.
