Privacy Policy

Last updated: February 2026

1. Introduction

Optavius B.V. ("Optavius", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.optavius.com (the "Site") or use our AI voice agent services (the "Services").

By accessing or using our Site or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Site and Services immediately.

2. Information We Collect

2.1 Information You Provide

  • Contact information: name, email address, phone number, and job title when you request a demo, subscribe to our newsletter, or contact us.
  • Company information: practice name, number of locations, EHR system, and specialty.
  • Communications: records of correspondence when you contact us via email, form, or other channels.
  • Account information: credentials and profile data if you create an account to use our Services.

2.2 Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, referring URLs, pages viewed, time spent, and clickstream data.
  • Cookies and similar technologies: we use cookies, pixels, and local storage to operate and improve the Site. See Section 8 for details.
  • Analytics data: aggregated and anonymized usage statistics collected through third-party analytics providers.

2.3 Protected Health Information (PHI)

When our Services process calls on behalf of healthcare practices, we may encounter Protected Health Information as defined by HIPAA. Such data is processed solely under a Business Associate Agreement (BAA) with the covered entity and handled in strict compliance with HIPAA requirements. We do not use PHI for marketing or any purpose unrelated to service delivery.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Site and Services.
  • To respond to your inquiries, demo requests, and support needs.
  • To send you transactional communications related to your use of the Services.
  • To send marketing communications, where you have provided consent (you may opt out at any time).
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To comply with legal obligations and enforce our agreements.
  • To conduct analytics and research to improve our products and user experience.

4. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

  • Contractual necessity: to perform our obligations under a contract with you or your organization.
  • Legitimate interests: to operate, improve, and market our Services, provided your interests and rights do not override ours.
  • Consent: where you have given specific consent, such as for marketing emails.
  • Legal obligation: to comply with applicable laws, regulations, and legal processes.

5. Sharing and Disclosure

We do not sell your personal information. We may share your data with the following categories of recipients:

  • Service providers: trusted third parties that perform services on our behalf (e.g., hosting, analytics, email delivery), bound by contractual obligations to protect your data.
  • Business partners: EHR and practice management system providers, solely to deliver integrations you have authorized.
  • Legal compliance: when required by law, regulation, subpoena, court order, or governmental request.
  • Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred as part of that transaction.
  • With your consent: in any other circumstance where you have given explicit consent.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. When data is no longer needed, we securely delete or anonymize it. Specific retention periods vary by data type:

  • Account data: retained for the duration of the account relationship and a reasonable period thereafter.
  • Marketing data: retained until you unsubscribe or withdraw consent.
  • Call data (PHI): retained as specified in the BAA with the covered entity.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls and role-based permissions.
  • Regular security audits and vulnerability assessments.
  • Employee training on data protection and privacy.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content. The types of cookies we use include:

  • Strictly necessary cookies: required for the Site to function properly.
  • Analytics cookies: help us understand how visitors interact with the Site.
  • Marketing cookies: used to deliver relevant advertisements and measure campaign effectiveness.

You can manage your cookie preferences through your browser settings or our cookie consent tool. For more details, see our Cookie Policy.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data, subject to legal exceptions.
  • Restriction: request that we limit the processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@optavius.com. We will respond within the timeframe required by applicable law.

10. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When we transfer data outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

11. Third-Party Links

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing any personal data.

12. Children's Privacy

Our Site and Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where required by law, by providing additional notice (e.g., via email). Your continued use of the Site or Services after any changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.