Privacy Policy

We collect information you provide directly (account details, billing information, practice configuration), information generated through your use of the service (conversations, appointments, analytics events), and limited technical information from your devices (IP address, browser, OS).

• Account & billing: name, email, phone, organization, payment method.
• Operational data: messages, calls, appointments, reviews, and campaign content.
• Patient data: information you or your patients enter into ThePlexa to enable scheduling and communication.
• Usage & device data: log files, cookies, and device identifiers for security and analytics.

We use information to deliver, secure, personalize and improve ThePlexa, to communicate with you about your account, and to comply with legal obligations. We do not sell personal information.

• Provide and operate the platform you and your patients interact with.
• Train and tune AI models that power your tenant — using your data, only for your tenant, unless you opt in to anonymous improvements.
• Detect, prevent and respond to fraud, abuse, security and integrity issues.
• Send service notifications and (with consent) product updates.

Where the GDPR or comparable laws apply, we process personal data based on contract performance, legitimate interests (security, product improvement), consent (marketing, optional analytics), and legal obligation.

We share data with carefully selected sub-processors (cloud hosting, telephony, email delivery, analytics, payments). A current list is available on request. All sub-processors are bound by data protection agreements.

We may disclose data when required by law or to protect the rights, property or safety of ThePlexa, our customers or the public.

ThePlexa operates from multiple regions. Where data is transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses and regional hosting options for healthcare customers.

We retain personal data only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Patient data is retained for the duration of your subscription and deleted within 30 days of termination unless a longer retention period is required by law.

Depending on your jurisdiction, you may have rights to access, correct, delete or port your personal data, and to object to or restrict certain processing. You can exercise these rights at privacy@theplexa.com.

We implement administrative, technical and physical safeguards designed to protect personal data. These include encryption in transit and at rest, role-based access controls, audit logging, and regular third-party security assessments.

ThePlexa is not directed to children under 16. If a practice uses ThePlexa for paediatric workflows, parental or guardian consent is required for any communication with minors.

We may update this Privacy Policy from time to time. Material changes will be highlighted in-product and communicated by email at least 14 days before they take effect.