Data Collection

Arriva collects only the information necessary to operate the AI receptionist service: caller phone numbers, call audio (temporarily processed, not permanently stored), appointment details, and clinic configuration. We do not collect browsing data, location, or any information beyond what is required to handle patient calls.

Data Storage & Retention

Call transcripts and summaries are stored on encrypted servers in Canada. Audio recordings are processed in real-time and deleted within 24 hours. Transcripts and appointment data are retained for the duration of your subscription and deleted within 30 days of account closure, unless you request earlier deletion.

PHIPA Compliance

Arriva is designed with Ontario’s Personal Health Information Protection Act in mind. Patient information is treated as personal health information (PHI) and handled accordingly: access controls, encryption at rest and in transit, audit logging, and minimum-necessary data processing. We do not use patient conversations to train AI models.

Third-Party Services

Arriva uses Twilio for call routing, OpenAI for conversation processing, and Vercel for application hosting. All subprocessors operate under data processing agreements and maintain SOC 2 compliance. No patient data is shared with any party beyond what is required to deliver the service.

Your Rights

You may request access to, correction of, or deletion of your data at any time by contacting privacy@arrivaai.com. We respond to all requests within 30 days as required under PHIPA.

Contact

For privacy questions or data requests: privacy@arrivaai.com