How boia.ai collects, uses, and protects data.

We may collect account and authentication information such as name, email address, profile image, social login provider details, and records required to keep access secure.

We also process operational data generated inside the product, including conversations, contacts, leads, customers, interaction history, appointments, services, professionals, locations, uploaded files, channel settings, and agent settings.

We may also collect basic technical information such as IP address, browser, device, timestamps, usage logs, and security events to keep the platform stable and auditable.

We use information to operate boia.ai, authenticate users, enable conversations, CRM, scheduling, automations, AI agents, auditing, operational support, abuse prevention, and product improvement.

When a user uses AI features, submitted content may be processed by model providers to generate responses, extractions, classifications, or summaries needed to operate the service.

If you interact with a clinic, company, or team that uses boia.ai, that organization generally acts as the controller of your service, lead, contact, or appointment data. In those cases, boia.ai acts as a processor or infrastructure provider.

For requests related to end-customer data, we recommend contacting the organization you interacted with first. See also the user data deletion instructions.

We may share information with providers that support operation of the product, such as hosting, authentication, email delivery, AI providers, analytics, messaging, and infrastructure required to run the service.

We may also share information when needed to comply with legal obligations, protect the service, investigate abuse, or carry out lawful instructions from the customer organization.

We retain information for as long as needed to operate an account, provide contracted services, maintain security records, and comply with legal or contractual requirements. Retention may vary depending on the type of data and the organization’s configuration.

Depending on your location and relationship with the service, you may request access, correction, export, restriction, or deletion of data. Users of customer organizations should generally begin such requests with that organization.

For practical guidance, see the user data deletion page.