Privacy Policy

Effective date: 2026-05-07

Contents

Who we are
What information we collect
Why we collect it
Patient data and HIPAA
Who we share information with
How we protect your information
How long we keep information
Your rights
Cookies and analytics
Children
Changes to this policy
How to contact us

1. Who we are

CallChair is a product of Lodestar Ventures LLC, a Virginia limited liability company (collectively "CallChair," "we," "us," or "our"). We provide an AI voice receptionist service for dental practices in the United States. Our mailing address is on file with the Virginia State Corporation Commission and available on request.

2. What information we collect

We collect three categories of information:

2.1 Information you give us directly

Account information when you sign up: practice name, owner name, email address, phone number, mailing address.
Practice configuration during onboarding: business hours, services offered, insurance plans accepted, voice and tone preferences, after-hours protocols.
Payment information collected and processed by our payment processor (Stripe) on our behalf. We do not store your full card number.
Support communications when you email or message us.

2.2 Information collected automatically when callers reach your CallChair line

Caller phone number, date and time of call, duration.
Call audio used to transcribe the conversation in real time.
The text transcript of the conversation, including any information the caller chose to share (such as their name, callback number, reason for calling, insurance carrier, or stated symptoms).
Booking details captured by Riley during the call.

2.3 Information collected by our website

Standard server logs (IP address, browser type, pages visited).
Cookies as described in section 9.

3. Why we collect it

We use the information we collect to:

Provide the CallChair service: answer your phone calls, transcribe conversations, deliver booking summaries to you.
Configure and tune your specific Riley assistant so she sounds and behaves correctly for your practice.
Process payments and manage your subscription.
Communicate with you about service updates, billing, and support.
Improve our service quality, including reviewing aggregated call patterns to refine our prompts. We do not train third-party AI models on your practice's call data.
Comply with legal obligations.

4. Patient data and HIPAA

When patients call your CallChair line, the conversations may contain Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We treat all such information accordingly.

4.1 Business Associate relationship

If your practice is a HIPAA-covered entity, we operate as a Business Associate. A signed Business Associate Agreement (BAA) is required between Lodestar Ventures LLC and your practice before any PHI is processed by CallChair on your behalf. The BAA governs how we handle PHI in addition to this Privacy Policy. Where the BAA and this Privacy Policy conflict, the BAA controls with respect to PHI.

4.2 Subprocessors

We process PHI through subprocessors who have signed BAAs with us:

Vapi.ai — voice AI orchestration. PHI passes through Vapi's call infrastructure but is not stored at rest by Vapi when HIPAA mode is enabled.
Twilio — telephony provider. Carries the audio of inbound calls.
Cloudflare — infrastructure for our application, storage, and DNS. Encrypts data at rest and in transit.
Anthropic, OpenAI, ElevenLabs, Deepgram, Cartesia (as applicable) — AI model providers covered by Vapi's BAAs.

We will provide our current subprocessor list to your practice on request and notify you in advance of material changes.

4.3 Limits on use of PHI

We use PHI only as necessary to provide the CallChair service to your practice and as required or permitted under your BAA and applicable law. We do not sell PHI. We do not use PHI for marketing. We do not train third-party AI models on PHI.

We share information only as follows:

With you, the practice owner: all transcripts, booking details, and call summaries from your CallChair line.
With our subprocessors as described in section 4.2, only as necessary to provide the service.
For payment processing: Stripe, Inc. processes your payment information under Stripe's privacy policy.
If required by law: in response to a valid subpoena, court order, or legal request, or to protect the safety of any person.
In a business transfer: if Lodestar Ventures LLC merges, is acquired, or sells assets, your information may be transferred as part of that transaction subject to this Privacy Policy and any applicable BAA.

We do not sell your information.

6. How we protect your information

Data is encrypted in transit using industry-standard TLS.
Data is encrypted at rest in our cloud storage provider (Cloudflare).
Access to production systems is restricted to authorized personnel with multi-factor authentication.
We log administrative access for audit purposes.
We do not store full payment card numbers; tokenization is handled by Stripe.

No system is perfectly secure. We commit to notifying you and (where required) regulators of any security incident affecting your information promptly and as required by law and your BAA.

7. How long we keep information

Account and billing information: kept for as long as you are an active customer plus the period required by tax and accounting law.
Call audio and transcripts: retained for the period specified in your BAA. By default, we retain transcripts for 12 months and audio for 90 days, unless you instruct us otherwise.
Practice configuration data: kept for as long as the account is active; deleted within 30 days of cancellation unless retention is required by law.

You may request deletion of your data at any time. Some records may be retained longer where required by law or to resolve disputes.

8. Your rights

Depending on where you are located and the nature of your relationship with us, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Request deletion of your information, subject to retention obligations.
Object to or restrict certain processing.
Receive a copy of your information in a portable format.

To exercise these rights, email us at [email protected]. We will respond within 30 days. If you are a patient calling a practice that uses CallChair, please direct privacy requests to the practice; we act on their instructions under our BAA.

9. Cookies and analytics

Our website uses a small number of essential cookies for session management and security. We do not use third-party advertising cookies, behavioral tracking, or fingerprinting. We may use privacy-respecting analytics (such as server-side request logs) to understand site traffic in aggregate.

10. Children

CallChair is a service for dental practices. We do not knowingly collect information directly from children under 13. If a parent or guardian becomes aware that their child has provided us information, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The most current version will always be posted on this page with an updated effective date. For material changes, we will notify our active practice customers by email at least 14 days before the change takes effect.

12. How to contact us

For privacy questions, BAA requests, or any of the rights described above, contact us at:

Email: [email protected]
Mail: Lodestar Ventures LLC, attn: Privacy, Smithfield, Virginia. (Full mailing address available on request.)