Privacy Policy

Last Updated: February 2, 2026

Privacy Policy Summary

At Kaila Voice, we are committed to protecting your privacy and ensuring compliance with HIPAA and other applicable regulations. Here's a quick summary of our Privacy Policy:

  • What We Collect: We collect Protected Health Information (PHI), practice information, and technical data to provide our services.
  • How We Use It: We use your data to generate clinical notes, improve our platform, and ensure compliance with legal requirements.
  • Your Rights: You have the right to access, amend, and request deletion of your data. State-specific rights may also apply.
  • Data Security: We use industry-standard encryption and security measures to protect your data.
  • No Data Sales: We do not sell, rent, or trade your personal information.

For more details, please read the full Privacy Policy below.

1. INTRODUCTION

Kaila LLC, operating as Kaila Voice (“we,” “us,” or “our”), is committed to protecting the privacy and security of your Protected Health Information (PHI) and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered dental note-taking platform (“Service”).

This Privacy Policy applies to all users of our Service, including dental practices, healthcare providers, administrative staff, and patients whose information may be processed through our platform.

2. INFORMATION WE COLLECT

2.1 Protected Health Information (PHI)

We process PHI as defined under HIPAA, including but not limited to:

  • Patient demographic information (name, address, phone, email, date of birth)
  • Clinical notes and documentation
  • Treatment plans and procedures
  • Dental examination findings
  • Medical and dental history
  • Insurance information
  • Audio recordings of patient-provider interactions
  • Digital images and radiographs when integrated with practice management systems

2.2 Practice Information

  • Healthcare provider credentials and licensing information
  • Practice management system data integration
  • Staff user accounts and access permissions
  • Billing and subscription information
  • Technical support communications

2.3 Technical Information

  • Device information (IP address, browser type, operating system)
  • Usage analytics and platform performance metrics
  • System logs and error reports
  • Authentication and security event logs

2.4 Audio Recordings

  • Real-time audio capture during patient consultations
  • Temporary storage of audio files for transcription processing
  • Voice pattern analysis for improved transcription accuracy (de-identified)

3. HOW WE USE INFORMATION

3.1 Primary Purposes

  • Clinical Documentation: Generate SOAP notes, treatment documentation, and patient communication logs
  • Practice Management Integration: Sync with Open Dental and other practice management systems
  • AI Processing: Transcribe audio recordings and create structured clinical notes
  • Quality Assurance: Improve transcription accuracy and note quality

3.2 Secondary Purposes

  • Platform Improvement: Enhance AI algorithms using de-identified data only
  • Technical Support: Provide customer support and troubleshoot technical issues
  • Compliance Monitoring: Ensure HIPAA compliance and security standards
  • Business Operations: Process billing, manage subscriptions, and communicate service updates

3.3 AI Model Training

Important: We do NOT use PHI for AI model training. We remove 100% of patient identifying information prior to any AI model training. All patient data remains within the Open Dental Practice Management Software and is never used for model improvement without complete de-identification.

4. INFORMATION SHARING AND DISCLOSURE

4.1 No Sale of PHI

We do not sell, rent, or trade PHI or personal information to third parties for marketing or commercial purposes.

4.2 Permitted Disclosures

We may disclose PHI only in the following circumstances:

  • To You: Upon your request for access to your own information
  • For Treatment: To healthcare providers involved in your care
  • For Healthcare Operations: For quality assurance and compliance activities
  • As Required by Law: When legally mandated by court order or regulatory requirement

4.3 Business Associates

We maintain Business Associate Agreements (BAAs) with all third-party vendors who may access PHI, including:

  • Cloud hosting providers (AWS, Microsoft Azure)
  • Security monitoring services
  • Technical support contractors
  • Backup and disaster recovery services

4.4 Data Location

All PHI is processed and stored within HIPAA-compliant infrastructure located in the United States. We do not transfer PHI outside the United States without explicit consent and appropriate safeguards.

5. DATA SECURITY MEASURES

5.1 Technical Safeguards

  • Encryption: AES-256 encryption for all PHI in transit and at rest
  • Access Controls: Multi-factor authentication and role-based access permissions
  • Audit Logs: Comprehensive logging of all PHI access and modifications
  • Network Security: Firewalls, intrusion detection, and secure communication protocols
  • Data Backup: Encrypted, geographically distributed backup systems

5.2 Administrative Safeguards

  • HIPAA Training: Regular training for all personnel with PHI access
  • Risk Assessments: Annual security risk analyses and vulnerability testing
  • Incident Response: Formal breach notification and response procedures
  • Vendor Management: Due diligence and ongoing monitoring of business associates

5.3 Physical Safeguards

  • Data Centers: SOC 2 certified facilities with 24/7 security monitoring
  • Device Security: Encrypted workstations and secure disposal of hardware
  • Facility Access: Restricted access to areas containing PHI

6. DATA RETENTION AND DELETION

6.1 Retention Periods

  • Transcripts and Summaries: Retained on AWS servers for the period of time specified by each client.
  • Audio Recordings: Stored on client workstations only. Kaila never keeps any audio recordings on the platform.
  • System Logs: Retained for 7 years for security and compliance purposes
  • Billing Records: Retained for 7 years as required by tax regulations

6.2 Data Deletion

  • Customers receive complete data export upon request only.
  • Upon service termination, customer PHI is securely deleted according to client specifications
  • Written certification of data destruction provided upon request
  • De-identified data may be retained for research and platform improvement

7. YOUR PRIVACY RIGHTS

7.1 HIPAA Rights

You have the right to:

  • Access: Request copies of your PHI (transcripts and summaries only)
  • Amendment: Request corrections to inaccurate PHI
  • Restriction: Request limitations on PHI use and disclosure
  • Accounting: Receive a list of PHI disclosures
  • Confidential Communications: Request PHI be communicated through alternative means
  • Complaint: File complaints regarding privacy practices

7.2 Exercise of Rights

To exercise these rights, contact us at support@hellokaila.com or through your healthcare provider. We will respond within 30 days of receiving your request.

7.3 State Privacy Rights

Residents of certain states may have additional privacy rights under state laws (e.g., California CCPA, Virginia CDPA). Contact us for information about state-specific rights.

8. COOKIES AND TRACKING TECHNOLOGIES

We use necessary cookies for user authentication, session management, security monitoring, and platform functionality. We use de-identified analytics to improve platform performance. No PHI is included in analytics data.

9. CHILDREN'S PRIVACY

Our Service is designed for healthcare providers and is not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent, except as permitted for healthcare treatment purposes.

10. INTERNATIONAL DATA TRANSFERS

We do not transfer PHI outside the United States. All data processing occurs within HIPAA-compliant infrastructure in the United States.

11. BREACH NOTIFICATION

In the event of a data breach involving PHI:

  • We will notify affected individuals within 60 days
  • We will notify the Department of Health and Human Services within 60 days
  • We will notify covered entities (dental practices) without unreasonable delay
  • We will provide information about the breach, its impact, and remediation steps

12. PRIVACY POLICY UPDATES

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through email notification to registered users, prominent notice on our website, and direct communication to covered entities. Updated policies become effective 30 days after notification.

13. CONTACT INFORMATION

For privacy-related questions, concerns, or requests:
Email: support@hellokaila.com
Subject Line: Privacy Inquiry

You may also file complaints with the U.S. Department of Health and Human Services, Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201.

14. BUSINESS ASSOCIATE AGREEMENT

This Privacy Policy supplements but does not replace the Business Associate Agreement (BAA) executed between Kaila LLC and covered entities. In case of conflict between this Privacy Policy and the BAA, the BAA terms shall prevail.

15. COMPLIANCE CERTIFICATIONS

  • HIPAA Security, Privacy, and Breach Notification Rules
  • Florida state healthcare privacy regulations
  • Industry-standard security frameworks

We are working toward SOC 2 Type II certification and will update this policy upon completion of the certification process.

Acknowledgment: By using Kaila Voice services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data handling practices.