Legal
Privacy Policy
Last updated July 2, 2026
This Privacy Policy explains how BoschPilot (“BoschPilot,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our Kohi AI voice receptionist and related services (the “Service”). BoschPilot provides business-to-business software to dental clinics; our direct customers are clinics, and this policy applies to the data we process on their behalf.
1. Information We Collect
- Clinic account information — the details you provide when you sign up and configure the Service, such as clinic name, contact person, email address, phone number, business address, service offerings, hours, and booking rules.
- Call data — information generated when Kohi handles calls for your clinic, including call recordings and transcripts, caller phone numbers, appointment details, and messages or requests captured during a call. Call data may include personal information of your patients and, for US clients, may constitute Protected Health Information (PHI).
- Usage analytics — technical and product-usage data such as log data, device and browser information, IP address, feature usage, and performance metrics, used to operate and improve the Service.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service;
- Answer calls, book and reschedule appointments, and complete the tasks you configure Kohi to perform;
- Generate reports, analytics, and insights for your clinic’s account;
- Improve call handling quality and the reliability of the Service;
- Communicate with you about your account, billing, and support; and
- Meet our legal, security, and compliance obligations.
We do not sell your data or your patients’ data, we do not use call data for advertising, and we do not use your patients’ call data (including recordings and transcripts) to train, fine-tune, or improve AI models.
3. HIPAA & Protected Health Information
We are HIPAA-conscious in how we design and operate the Service. Where a US clinic’s use of the Service involves PHI, we handle that PHI under appropriate safeguards, and any PHI processed through our voice infrastructure is covered by a signed Business Associate Agreement (BAA) with our voice infrastructure provider. Clinics that require a BAA with BoschPilot for their own use of the Service can request one by contacting us at support@boschpilot.com.
4. Third-Party Sub-Processors
We rely on a small set of trusted third-party providers to run the Service. Each processes data only as needed to provide their function, under their own security and privacy commitments:
- Supabase — database and authentication (stores clinic account data and application records).
- Vercel — application hosting and content delivery.
- Paddle — payment processing and Merchant of Record for subscriptions (handles billing information and transactions).
- Resend — transactional email delivery (account, billing, and notification emails).
- Our AI voice infrastructure provider— powers Kohi’s real-time voice calls and processes call audio and transcripts. Any PHI handled by this provider is covered by a signed Business Associate Agreement (BAA). Where our voice infrastructure provider relies on its own subcontractors to process PHI, those subcontractors are required to be bound by equivalent HIPAA obligations under that provider’s agreements.
We review our sub-processors for appropriate security and data-protection practices and update this list as our providers change.
5. Data Retention
We retain clinic account information for as long as your account is active and as needed to provide the Service. Call recordings, transcripts, and related data are retained for the period required to deliver reporting and support, and then deleted or anonymized in accordance with our internal retention schedule and any BAA or contractual requirements. When your account is terminated, we delete or anonymize associated data within a commercially reasonable period, unless we are legally required to retain it.
6. Your Rights
Depending on your jurisdiction, you and, where applicable, the individuals whose data we process may have rights to access, correct, update, export, or delete personal information, and to object to or restrict certain processing. Because clinics control the patient data they collect, patient requests are generally directed to the clinic; we assist our clinic customers in fulfilling such requests. To exercise a right or make an inquiry, contact us at support@boschpilot.com.
7. Compliance
BoschPilot is committed to handling personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules. For US clients, we support compliance with the Health Insurance Portability and Accountability Act (HIPAA) with respect to Protected Health Information, as described above. Depending on where a clinic and its patients are located, additional US state privacy laws (such as the California Consumer Privacy Act, as amended) and state-specific call-recording consent laws may also apply. Because some US states require all-party consent to record calls, clinics are responsible for ensuring Kohi’s call-recording consent settings are configured appropriately for the states in which they operate, and Kohi provides recording-consent notice at the start of calls.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you.
9. Contact
For any privacy questions or requests, email us at support@boschpilot.com.