Vola
Back to homepage

Privacy Policy

Last updated: May 14, 2026

1. Introduction

Vola AI LLC ("Vola," "we," "us," or "our") provides an AI-powered receptionist platform for dental practices. This Privacy Policy describes how we collect, use, and share information when you use our website and services (the "Services"), and when our customers' patients interact with our Services on their behalf.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, phone number, practice name, and billing details you provide when you sign up.
  • Patient communications: call recordings, transcripts, SMS messages, and metadata generated when our Services handle interactions on behalf of a dental practice.
  • Practice management data: appointment, patient, and scheduling information we receive through integrations you authorize (e.g., NexHealth).
  • Usage data: log files, device identifiers, IP addresses, and pages visited, collected automatically when you use our website or dashboard.
  • Communications with us: messages you send to support, sales inquiries, and demo bookings.

3. SMS and Messaging

Mobile phone numbers and consent records are used exclusively to deliver SMS communications between dental practices and their patients, as authorized by the patient's contact with the practice.

  • No sharing of mobile numbers: We do not sell, rent, or share mobile phone numbers or SMS opt-in data with third parties or affiliates for their marketing or promotional purposes. This information is shared only with subprocessors strictly necessary to deliver the messaging service (e.g., Twilio).
  • Message frequency: Message frequency varies depending on the recipient's interactions with the practice. A single conversation may involve multiple messages exchanged over a short period, and additional messages may be sent for appointment confirmations, reminders, or follow-up. Recipients will not receive messages unrelated to their interactions with the practice.
  • Message and data rates: Message and data rates may apply. Carrier charges are the responsibility of the recipient.
  • Opt-out: Recipients can opt out at any time by replying STOP. For help, reply HELP. Opting out will stop further messages from the specific campaign or sender.
  • Opt-in: Patients consent to receive SMS messages from a participating dental practice by initiating contact with that practice via phone call. When a patient's call to a practice is unanswered, the practice's Vola-managed phone number may send an SMS in response to the patient's inquiry. Patients may also opt in directly by providing their phone number to the practice through other channels the practice offers (e.g., paper forms, web forms, or verbally).

SMS communications are sent in compliance with the Telephone Consumer Protection Act (TCPA) and CTIA messaging principles. Each dental practice is responsible for obtaining the consent required by applicable law from its patients.

4. How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the Services.
  • Handle phone calls and SMS messages on behalf of our customers.
  • Authenticate users, prevent fraud, and enforce our Terms of Service.
  • Communicate with you about your account, billing, and product updates.
  • Comply with legal obligations and respond to lawful requests.
  • Analyze usage to improve features and performance.

5. How We Share Information

We share information only as needed to provide the Services or as required by law:

  • Service providers (subprocessors): We use third-party service providers to operate the Services, including cloud hosting and infrastructure, database storage, authentication, telephony and SMS delivery, AI voice and conversation processing, practice management system integrations, and payment processing. These providers process information only on our instructions, and we maintain Business Associate Agreements with subprocessors that handle Protected Health Information. A current list of subprocessors is available to dental practice customers upon request as part of their service agreement.
  • The dental practice: communications and patient data are made available to the dental practice that authorized them.
  • Legal compliance: we may disclose information to comply with applicable law, legal process, or government requests, or to protect our rights and the safety of others.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, information may be transferred to the successor entity, subject to the same protections.

We do not sell personal information, and we do not share mobile phone numbers or SMS opt-in data with third parties or affiliates for marketing.

6. HIPAA and Protected Health Information

When we process Protected Health Information (PHI) on behalf of a dental practice, we operate as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enter into Business Associate Agreements (BAAs) with each Covered Entity practice that uses our Services to handle PHI, and we maintain administrative, technical, and physical safeguards designed to protect PHI consistent with HIPAA requirements. The dental practice (Covered Entity) is responsible for its own notice of privacy practices to patients.

7. Data Retention

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Call recordings, transcripts, and SMS messages are retained on behalf of the dental practice and deleted in accordance with their retention preferences and our standard retention schedule.

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit, role-based access controls, and row-level security in our database. No system is perfectly secure, however, and we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information, or to object to or restrict certain processing. To exercise these rights, contact us at the email below. If you are a patient of a dental practice that uses Vola, please contact that practice directly, as they control your record.

10. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children. When a dental practice uses our Services to communicate about a pediatric patient, the practice is responsible for ensuring it has obtained appropriate parental or guardian consent. If you believe we have collected information directly from a child without parental consent, please contact us.

11. International Users

We operate in the United States, and information we collect is processed and stored in the U.S. If you access the Services from outside the U.S., you consent to the transfer of your information to the U.S.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Services. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions about this Privacy Policy or our data practices? Contact us at george@getvola.ai.

View our Terms of Service →