Privacy Policy

1. Information We Collect

We collect information in several ways depending on how you interact with our website and services. We are committed to collecting only the information necessary to provide and improve our services.

Information You Provide Directly

• Contact form submissions: Full name, email address, company name, area of interest, and any details you provide in your message. This data is processed through our form provider, Formspree.
• AI chatbot interactions: Text and voice messages you send to our website chatbot, which is powered by Google Gemini and ElevenLabs text-to-speech technology.
• Business communications: Information exchanged via email, phone, or video meetings related to service inquiries, proposals, or ongoing engagements.
• Client onboarding data: Business name, point of contact, brand assets, social media credentials, and content strategy materials provided in the course of delivering our services (video production, podcast coordination, social media management, SEO, website management, or digital marketing campaigns).

Information Collected Automatically

• Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: Pages visited, time spent on pages, referring URL, click patterns, and navigation paths.
• Cookies and similar technologies: Session cookies, persistent cookies, and web beacons used to improve site functionality and understand usage patterns. See Section 5 for details.

2. How We Use Your Information

We use the information we collect for the following business purposes:

• Service delivery: To respond to inquiries, prepare proposals, and deliver contracted services including video storytelling, podcasting, surgeon spotlights, trade show media, executive branding, physician visibility programs, SEO/AIEO, reputation management, social media management, website management, and digital marketing campaigns.
• Communication: To send you service-related communications, respond to your questions, and follow up on inquiries submitted through our contact form or chatbot.
• Website improvement: To analyze usage patterns, optimize user experience, diagnose technical issues, and improve our content and services.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Business operations: To manage our internal operations, maintain business records, and protect against fraud or unauthorized activity.

3. AI-Powered Chatbot Disclosure

Our website features an AI-powered chatbot designed to help visitors learn about our services and capabilities. Please be aware of the following:

• AI disclosure: The chatbot is powered by artificial intelligence (Google Gemini 2.0 Flash). You are interacting with an automated system, not a human representative.
• Voice functionality: Our chatbot includes text-to-speech capabilities powered by ElevenLabs. Voice responses are generated synthetically and do not represent a real person speaking.
• Data handling: Chatbot conversations are processed through our secure serverless infrastructure. Conversation data is used to generate responses in real time and is not stored permanently or used to build user profiles.
• Limitations: The chatbot provides general information about MedTech Voice services. It does not provide medical advice, diagnose conditions, or make treatment recommendations. It should not be relied upon for clinical, legal, or regulatory decisions.
• Sensitive information: Please do not share Protected Health Information (PHI), Social Security numbers, financial account details, or other sensitive personal data through the chatbot.

4. Third-Party Services and Data Sharing

We work with trusted third-party service providers to operate our website and deliver our services. We share information with these parties only as necessary to fulfill their functions and under contractual obligations to protect your data:

• Formspree (contact form processing): Receives and processes data submitted through our website contact form. Formspree Privacy Policy
• Google (Gemini API) (AI chatbot): Processes chatbot conversation text to generate responses. Google Privacy Policy
• ElevenLabs (text-to-speech): Converts text responses into synthesized voice audio. ElevenLabs Privacy Policy
• YouTube / Google (embedded video content): Videos embedded on our site may set cookies and collect usage data. See Section 6 for details.
• Vercel (website hosting and serverless functions): Hosts our website and processes API requests through serverless functions. Vercel Privacy Policy
• Google Fonts (typography): Loads web fonts from Google servers, which may collect IP address and browser data. Google Privacy Policy

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience:

• Essential cookies: Required for basic site functionality, navigation, and security. These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site, which pages are most popular, and how users navigate between pages. This data is aggregated and anonymized.
• Embedded content cookies: Third-party services (such as YouTube) may set their own cookies when you interact with embedded content on our site.

Most web browsers allow you to control cookie behavior through their settings. You can configure your browser to block or delete cookies. Please note that disabling cookies may affect the functionality of certain features on our website.

6. Embedded Content and YouTube

Our website embeds video content from YouTube (a Google service). When you visit a page containing embedded YouTube videos, YouTube may collect data about your visit, including your IP address, browser information, and viewing behavior.

YouTube's data collection is governed by Google's Privacy Policy and YouTube's Terms of Service. If you are logged into your Google account while viewing embedded videos, YouTube may associate your viewing activity with your Google profile.

You can manage your Google privacy settings and ad personalization preferences at myaccount.google.com/privacy.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• HTTPS/TLS encryption for all data transmitted between your browser and our website.
• Secure serverless infrastructure (Vercel) with encrypted API endpoints for chatbot and form processing.
• Environment-variable-based secrets management (API keys are never exposed in client-side code).
• Regular review of third-party service provider security practices.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry-standard protections.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: Retained for up to 24 months from the date of submission, unless an ongoing business relationship exists.
• Client engagement data: Retained for the duration of the business relationship and up to 36 months following its conclusion, unless longer retention is required for legal or contractual obligations.
• Chatbot conversations: Processed in real time for response generation. Conversations are not permanently stored or associated with identified individuals.
• Website analytics data: Retained in aggregated, anonymized form for up to 26 months.

9. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information:

• Right to access: Request a copy of the personal data we hold about you.
• Right to correction: Request that we correct inaccurate or incomplete personal data.
• Right to deletion: Request that we delete your personal data, subject to legal retention requirements.
• Right to opt-out: Opt out of certain data processing activities, including the sale or sharing of personal information (though we do not sell personal data).
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, please contact us using the information in Section 16 below. We will respond to verified requests within 45 days.

10. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, company name.
• Commercial information: Records of services requested or considered.
• Internet or electronic network activity: Browsing history on our website, search queries, and interactions with our chatbot.
• Professional information: Job title, company, and industry information.

Your CCPA/CPRA Rights

• Right to know what personal information we collect and how it is used.
• Right to delete personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to opt-out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
• Right to limit the use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.

Automated Decision-Making

Our AI chatbot uses automated processing to generate responses to your queries. This automated processing does not produce decisions that have legal or similarly significant effects on you. It is used solely to provide informational responses about our services.

To exercise your rights, contact us at privacy@medtechvoice.com. You may also designate an authorized agent to submit requests on your behalf.

11. HIPAA and Healthcare Data Disclaimer

Our services are focused on business-to-business media production, content strategy, brand development, and digital marketing for medical device companies, healthcare organizations, and physicians. Specifically, we provide:

• Video storytelling and production
• Podcast production (including "Sultans of Sales" and interview series)
• Surgeon spotlight and KOL interview content
• Trade show and live event media
• Go-to-market alignment and executive branding
• Physician visibility programs (digital strategy, SEO/AIEO, reputation management, social media management, website management, and digital marketing)

We do not handle patient records, clinical data, treatment information, insurance claims, or any form of individually identifiable health information in the course of delivering our services. If you are a healthcare entity seeking to engage our services, and the engagement involves potential exposure to PHI, we will work with you to establish appropriate contractual safeguards, including a Business Associate Agreement (BAA) if required.

Please do not submit any PHI through our website contact form, chatbot, or any other communication channel. If PHI is inadvertently received, it will be securely deleted and you will be notified.

12. International Visitors (GDPR)

If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to access, rectify, or erase your personal data.
• Right to restrict or object to processing.
• Right to data portability.
• Right to withdraw consent at any time.
• Right to lodge a complaint with your local data protection authority.

Our legal basis for processing your personal data varies depending on the specific processing activity, including: (a) your consent, (b) our legitimate business interests, (c) the performance of a contract, or (d) compliance with legal obligations.

For GDPR-related inquiries, please contact us at privacy@medtechvoice.com.

13. Children's Privacy

Our website and services are directed to businesses and professionals in the medical device and healthcare industries. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

14. Links to Third-Party Websites

Our website may contain links to third-party websites and platforms, including but not limited to LinkedIn, YouTube, Instagram, and client or partner websites. We are not responsible for the privacy practices, content, or data collection policies of these external sites. We encourage you to review the privacy policies of any third-party website you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website following the posting of changes constitutes your acknowledgment and acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is handled, please contact us:

• Email: privacy@medtechvoice.com
• Website: medtechvoice.com/contact
• Company: MedTech Voice, LLC

We will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days, as required by applicable law.