Always Booked is committed to protecting the privacy of every patient who calls through our AI receptionist service, and every dental clinic that uses our platform. This policy explains what information we collect, why we collect it, where it goes, and what your rights are — in plain language.
Always Booked is a registered business operating in British Columbia, Canada. We provide AI-powered voice receptionist services to dental clinics in the Vancouver area.
Privacy Officer: Abdul Hussain, Founder
Privacy contact: privacy@alwaysbookedai.ca
Phone: 778-802-4624
Our privacy practices are governed by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). If you have any questions about how we handle your information, please contact our Privacy Officer directly.
When a patient calls a dental clinic that uses Always Booked, our AI receptionist may collect the following information during the call:
| Data field | Why it is collected |
|---|---|
| Full name | To identify the patient for booking purposes |
| Phone number | For appointment confirmation and follow-up |
| Email address | To send appointment confirmation (optional — not required to book) |
| Reason for call | To route the call correctly and inform clinic staff |
| Appointment date and time | To complete the booking |
| Symptoms (if described) | To flag urgent or clinical concerns for clinic awareness |
| Unanswered questions | To flag topics requiring clinic staff follow-up |
| Patient name | To identify who the appointment is for when different from the caller (e.g. a parent booking for a child) |
| CDCP coverage status | To flag Canadian Dental Care Plan coverage for clinic preparation — patients are asked directly and may decline to answer |
| Date of birth | For CDCP coverage verification only, with the caller's explicit consent — collected only for CDCP patients who agree to provide it |
| Booking relationship | To document whether the caller is the patient, a parent or guardian, or a third party — determines whether additional consent or clinic follow-up is required |
| Call recording | Primary mechanism for capturing all fields above; retained for quality assurance, dispute resolution, and clinic access on request |
| Appointment booking confirmation | Sent to patient via Cal.com upon successful booking — confirms appointment date, time, and clinic details |
Not all fields are collected on every call. Email collection is optional. Symptoms are only recorded when the caller describes a clinical concern. CDCP coverage, date of birth, and booking relationship are collected only when directly relevant to the call.
When a dental clinic signs up to use Always Booked, we collect the following business information directly from the clinic owner or office manager:
| Data field | Why it is collected |
|---|---|
| Clinic name | Service agreement and account identification |
| Owner/manager name | Primary contact for account management |
| Email address | Account communications and weekly reports |
| Phone number | Account support and urgent contact |
| Business address | Service agreement and records |
| Billing details | Monthly payment processing via Stripe (card details handled exclusively by Stripe — see Section 6) |
Patient call data is collected solely to book dental appointments on behalf of the clinic you called. We do not use patient data for marketing, advertising, AI model training, or any purpose beyond completing and recording your appointment booking. Where a caller is booking on behalf of another person, we collect the relationship type and patient name to ensure the clinic has the correct contact for follow-up and that appropriate consent has been obtained.
Clinic client data is collected to deliver our service, manage the account, send weekly performance reports, and process monthly subscription payments. We do not sell, rent, or share clinic client data with any third party for marketing purposes.
At the start of every call, our AI receptionist provides a verbal disclosure before collecting any information. The disclosure states that: (1) the caller is speaking with an AI-powered receptionist, (2) the call may be recorded for booking purposes, and (3) call data will be processed by our AI provider whose servers are located in the United States.
By continuing the call after this disclosure, the caller provides implied consent to data collection for the purpose of booking their appointment. Email collection is explicitly presented as optional. Callers may end the call at any time.
Minors under 13: Our AI receptionist is not designed to collect personal information from children under 13 years of age. If a caller is identified as being under 13 during the call, the interaction is ended and the caller is directed to have a parent or guardian contact the clinic directly. Appointment bookings for children must be made by a parent or guardian.
Always Booked will notify clinic clients of any material changes to this privacy policy by email with 30 days notice before changes take effect. For non-material updates, continued use of the service after the notice period constitutes acceptance. For material changes that significantly affect how personal data is handled, Always Booked will seek fresh written consent from clinic clients before the changes take effect.
Patient call data is processed by Retell AI Inc., a US-based technology company that provides our AI voice platform. Always Booked has executed a Data Processing Agreement (DPA) with Retell AI confirming their data protection obligations. Under this agreement, Retell AI processes patient data solely on Always Booked's instructions. Retell AI has confirmed directly that call recordings and transcripts are never used for AI model training or product improvement.
AI language understanding during calls is powered by large language model technology provided by OpenAI and/or Anthropic, whose infrastructure processes call transcripts as part of real-time service delivery. Call routing is facilitated by Twilio Inc., which may process call data both as Always Booked's telephony provider and as a technology partner of Retell AI. A current list of all Retell AI technology partners is available at trust.retellai.com/subprocessors.
Appointment bookings confirmed during calls are processed through Cal.com Inc., a US-based scheduling platform. Patient name, phone number, email address (if provided), appointment date, time, and type pass through Cal.com. Cal.com sends booking confirmation emails directly to patients on Always Booked's behalf. Always Booked has executed a Data Processing Agreement with Cal.com Inc. (signed May 7, 2026).
Always Booked generates operational reports and performance summaries for clinic staff and owners covering call activity. These reports are produced using an automated workflow powered by n8n, a US-based workflow automation platform. Patient call data from Retell AI passes through n8n transiently — it is retrieved, formatted into a structured report, delivered by email to designated clinic contacts via reports@alwaysbookedai.ca, and immediately discarded.
Always Booked does not store patient call data at any point during this process. No patient data is written to any Always Booked device, cloud storage, or file. Reports delivered to clinics contain only the information necessary for clinic operations. Retell AI's dashboard remains the authoritative source of truth for all underlying call data within the 90-day retention window.
Patient call recordings, transcripts, and captured data fields are stored on Retell AI servers located in the United States. Always Booked does not store patient call data on any Always Booked device, cloud account, or file at any point. Patient data passes through Always Booked's reporting workflow transiently and is not retained after report delivery.
Appointment booking data passes through Cal.com's servers in the United States for the purpose of scheduling and sending confirmation emails. Cal.com's retention of booking data is governed by their privacy policy and the executed DPA.
Your call information is processed on our behalf by Retell AI Inc., a US-based technology provider. As a result, your personal information may be stored and processed in the United States. Data stored in the United States may be subject to access by US courts, law enforcement, or government authorities under applicable US laws, including the Clarifying Lawful Overseas Use of Data Act (CLOUD Act).
Always Booked has executed a Data Processing Agreement with Retell AI Inc. to ensure your data is protected to a standard consistent with Canadian privacy law.
Always Booked's target retention period for patient call data is 90 days from the date of the call. After 90 days, call recordings and transcripts are deleted from Retell AI's systems unless a legal hold or active access request requires extended retention.
Booking confirmation details passed to the dental clinic (name, appointment date and time) are retained in the clinic's own systems. That copy is under the clinic's own privacy obligations and outside Always Booked's control.
Always Booked: Abdul Hussain (Founder) only, via the Retell AI dashboard using secure credentials protected by mandatory SMS-based two-factor authentication required on all Retell accounts.
The dental clinic: Clinic staff receive operational reports summarizing call activity, generated via automated workflow and delivered by email. Clinics may request access to a specific call recording where required for clinical or dispute purposes.
Retell AI: Retell AI personnel may access data only for four documented purposes: resolving support requests, debugging or incident response, data recovery operations, and compliance or privacy workflows. All access is authenticated, encrypted, and tracked in auditable logs.
Cal.com: Cal.com processes appointment booking data solely to facilitate scheduling and deliver confirmation emails on Always Booked's behalf, under the executed DPA.
n8n: Patient call data passes through n8n transiently during report generation only. No data is stored in n8n at any point.
No one else: Patient data is never sold, shared with marketers, disclosed to other clinics, or used for advertising or AI model training purposes.
Clinic client contact information is stored in a password-protected CRM maintained by Always Booked. This file is stored on an encrypted device accessible only to Abdul Hussain. No clinic client data is shared with third parties except as described below.
All payment processing is handled by Stripe Inc., a US-based payment processor certified to PCI-DSS Level 1 — the highest security standard in the payment industry. Always Booked never receives, stores, or transmits full credit card numbers, CVV codes, or banking details. Stripe returns to Always Booked only tokenized payment references: the last 4 digits of the card, card type, and expiry date.
Stripe's privacy practices are governed by their Privacy Policy at stripe.com/en-ca/privacy, which explicitly references PIPEDA and BC PIPA. Stripe may collect device, browser, and behavioral data for fraud detection purposes in accordance with their privacy policy.
Clinic client contact and account data is retained for the duration of the service relationship and deleted upon written request or within 30 days of contract termination, whichever comes first.
Payment records are retained by Stripe for the period required by applicable financial, tax, and accounting law — typically 7 years under CRA requirements. This legally mandated retention is outside Always Booked's control.
Always Booked uses the following third-party service providers to deliver its service. Each is bound by a Data Processing Agreement or equivalent contractual commitment:
Processes patient call recordings, transcripts, and captured data fields on Always Booked's behalf. US-based. DPA executed April 28, 2026. Retell AI has confirmed directly that call recordings and transcripts are never used for AI model training or product improvement. Mandatory SMS-based two-factor authentication required on all accounts.
Privacy policy: retellai.com/privacy · Subprocessors: trust.retellai.com/subprocessors
Processes patient booking data when appointments are confirmed via the Always Booked AI agent. Data processed includes patient name, phone number, email address (if provided), appointment date, time, and type. Cal.com sends booking confirmation emails directly to patients on Always Booked's behalf. US-based. DPA executed May 7, 2026.
Privacy policy: cal.com/privacy
Patient call data from Retell AI passes through n8n transiently for the purpose of formatting and delivering clinic operational reports and performance summaries. Data is retrieved, formatted into a report, delivered via reports@alwaysbookedai.ca, and immediately discarded. No patient data is stored in n8n at any point. US-based cloud service. DPA pending — requested from n8n directly.
Privacy policy: n8n.io/privacy
Provides large language model infrastructure used by Retell AI to understand and respond to caller conversations. Call transcripts may pass through OpenAI's systems during service delivery. US-based.
Privacy policy: openai.com/privacy
May provide large language model infrastructure used by Retell AI depending on service configuration. US-based.
Privacy policy: anthropic.com/privacy
Facilitates call routing for the Always Booked phone number and is also a technology partner of Retell AI. Call data may pass through Twilio's infrastructure in both capacities. US-based.
Privacy policy: twilio.com/en-us/legal/privacy
Handles all subscription payment processing for clinic clients. PCI-DSS Level 1 certified. Always Booked never receives full card details. US-based. PIPEDA explicitly acknowledged in Stripe's Canadian privacy provisions.
Privacy policy: stripe.com/en-ca/privacy
All third-party processors listed above are based in the United States. Personal information processed through Always Booked's service may be stored and processed in the United States, where data protection laws differ from those in Canada.
In particular, data stored in the United States may be subject to access by US courts, law enforcement, or government authorities under applicable US laws including the CLOUD Act. Always Booked cannot contractually prevent such access.
Safeguards in place to protect cross-border transfers include:
This cross-border transfer disclosure satisfies Always Booked's transparency obligations under PIPEDA Principle 1 (Accountability), PIPEDA Principle 8 (Openness), and the openness requirements of BC PIPA.
Retell AI protects patient call data using AES-256 encryption at rest and TLS 1.2 encryption in transit. Access is restricted by role-based controls. SOC 2 Type II audit reports are produced annually. Always Booked accesses the Retell dashboard using secure, unique credentials stored in a dedicated password manager.
Clinic client data is stored in a password-protected CRM on an encrypted device. Access is restricted to Abdul Hussain only. No clinic client data is stored in shared or cloud environments without appropriate access controls and encryption.
Payment data is protected by Stripe's PCI-DSS Level 1 certified infrastructure, which includes AES-256 encryption, tokenization of card numbers, and separate encrypted storage of decryption keys. Always Booked never receives or stores full payment card details.
| Data type | Retention period |
|---|---|
| Patient call recordings and transcripts | 90 days from date of call — automatically deleted by Retell AI |
| Patient booking details (name, appointment) | Held by clinic under clinic's own retention policy. Cal.com retains booking data per their privacy policy and executed DPA. |
| Patient data in clinic reports | Not retained — passes through n8n transiently during report generation and is discarded immediately after delivery |
| Clinic client contact and account data | Duration of service relationship + 30 days after termination |
| Payment records (via Stripe) | As required by law — typically 7 years under CRA requirements |
| Signed service agreements | 7 years from date of signing |
When personal information is no longer needed, it is securely deleted. Always Booked does not retain personal information beyond the periods described above except where required by law.
Under PIPEDA and BC PIPA, you have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@alwaysbookedai.ca. We will respond within 30 days.
Ask us what personal information we hold about you, where it came from, how it has been used, and who it has been shared with.
Ask us to correct inaccurate or incomplete personal information we hold about you.
Ask us to delete your personal information where it is no longer required for the purpose it was collected.
Withdraw consent to the collection or use of your personal information at any time, subject to legal or contractual restrictions.
Request a copy of your call recording or a written transcript of your call. Provided at no cost within 30 days.
File a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or the BC OIPC at oipc.bc.ca.
Always Booked will never charge a fee to access your personal information. If we cannot fulfill a request, we will explain why in writing and inform you of any recourse available to you.
If you have any questions about this privacy policy or how we handle your personal information, please contact our Privacy Officer:
Abdul Hussain, Founder
Email: privacy@alwaysbookedai.ca
Phone: 778-802-4624
We will acknowledge your inquiry promptly and respond in full within 30 days. If you are not satisfied with our response, you have the right to complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the BC Office of the Information and Privacy Commissioner (oipc.bc.ca).
This policy will be updated when our data practices change or when we receive additional confirmation from our technology partners. Clinic clients will be notified of any material changes by email with 30 days notice. The version number and date at the top of this page indicate the most current version. Previous versions are available upon request.