Privacy policy

When your practice uses nextOrigin, our agents handle phone calls and messages on your behalf. To do that we process the contact details a caller provides (name, phone number, and the appointment they ask for) and the content of the call or message itself.

We also store the booking data needed to read and write to your calendar: appointment times, status, and confirmations. We do not collect clinical or medical records.

Calls may be transcribed so the agent can understand and act on them, and so your team can review what was said. Where local law requires it, callers are told the call is handled by an automated assistant.

Transcripts and recordings are retained only as long as needed to provide the service and meet your record-keeping obligations, then deleted.

We use the data to answer calls, book and reschedule appointments, send confirmations, and sync results to your system. We use aggregated, de-identified metrics to improve agent performance.

We do not sell your data, and we do not use patient or caller data to train models for other customers.

Data is encrypted in transit and at rest. Access is limited to the staff who operate the service, and your calendar stays in your own system: the agents only read and write the fields required to book and confirm.

We host within the EU and process personal data in line with the GDPR.

You and your patients can request access, correction, or deletion of personal data we hold. Practices are the data controller; nextOrigin acts as the processor under a data-processing agreement.

For any privacy request, email privacy@nextorigin.ai and we'll respond within 30 days.