Privacy Policy

Effective date: 10 February 2026

Who we are: Vite Clinic ("we", "us", "our") provides an AI-powered virtual receptionist for healthcare providers.

Scope. This policy explains how we handle personal data when:

  • visitors browse our website and contact us; and
  • Swiss clinics use our service to handle patient calls, including automated call handling, transcripts, and analytics.

Under the Swiss Federal Act on Data Protection (FADP), we act as:

  • Controller for website and business-contact data; and
  • Processor for patient call data we process on behalf of a clinic (the Controller).

1) Who to contact

Controller (website & sales): Vite Clinic (Swiss legal entity pending incorporation; placeholder to be finalized before go-live) Registered office in Switzerland (placeholder to be finalized before go-live) Email: privacy@viteclinic.com

Processor (service to clinics): Vite Clinic processes patient data on documented instructions from each clinic (the Controller). Clinics remain responsible for their own patient communications and notices to callers.

Data protection contact: privacy@viteclinic.com

Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC).

2) What we collect

A) Website & sales

  • Contact details you submit (name, email, phone), meeting notes.
  • Technical usage data (device and browser metadata, page activity, security logs).
  • Communications you send to us.

B) Service data (clinic customers)

  • Call metadata: caller number, time, duration, routing outcome.
  • Audio & transcripts: recordings and automated transcripts where the clinic enables recording/transcription.
  • Scheduling & CRM data: appointment details and fields the clinic sends or retrieves.
  • Performance analytics: intent/topics, conversion/appointment rates, after-hours stats.

Sensitive data. Health-related information disclosed during calls can be particularly sensitive personal data under Swiss law. We process such data only to deliver the service under the clinic’s instructions and safeguards.

3) Why we process data

Website & sales: respond to enquiries, provide demos, improve our site, detect abuse/security incidents, maintain legal records.

Service to clinics: answer and route patient calls, create transcripts (if enabled), book appointments, provide audit trails, deliver analytics to improve access and quality of service, ensure security and continuity, and comply with law.

Legal bases (FADP concepts): performance of contract, overriding private interests (balanced against data subject interests), consent where required (see Cookies & recording), and legal obligations.

4) Cookies & tracking

Switzerland generally uses an inform and opt-out approach for cookies and similar technologies. We explain what we use and how to refuse cookies (for example through browser settings). Explicit consent is required for high-risk profiling or other processing where consent is legally required.

We use:

  • Essential cookies (security, load balancing, session).
  • Performance and reliability diagnostics (aggregated insights, abuse prevention). You can manage cookies via your browser settings. If we add tools that require opt-in consent, we will provide appropriate controls.

5) Call recording & transcripts

Important: In Switzerland, participants must generally be informed in advance if a call will be recorded. Clinics using recording/transcription features are responsible for providing lawful notice and obtaining consent or another legal basis where required.

We provide configurable disclosure text in the service flow. Each clinic remains responsible for validating its final wording, legal basis, and workflow.

6) Where we process data

We host service data primarily in Switzerland and/or the EEA (European Economic Area), depending on infrastructure and service configuration. If data is transferred outside Switzerland/EEA (for example to vetted infrastructure, telephony, or AI providers), we use legally recognized safeguards such as:

  • adequacy decisions under Swiss law (Annex 1 to the Data Protection Ordinance),
  • the Swiss–U.S. Data Privacy Framework where a U.S. provider is certified, and/or
  • standard contractual clauses with a Swiss addendum where needed.

Transfer safeguards are documented in our DPA and supporting materials, available on request.

7) Sub-processors (core providers)

We rely on specialized vendors to deliver telephony, cloud, and AI capabilities. Typical categories include:

  • Telephony carriers for inbound/outbound calls and SMS;
  • Cloud infrastructure (compute, storage, databases) in CH/EEA regions;
  • Speech-to-text / LLM providers used to transcribe and understand natural language;
  • Analytics & monitoring (product telemetry, security logs).

Current sub-processor details (provider, purpose, region, and transfer mechanism) are available on request at privacy@viteclinic.com and in customer DPA materials.

8) Retention

Contract-driven retention. We retain personal data for no longer than necessary for the purposes described in this policy, taking into account contractual obligations, documented clinic instructions, legal requirements, and security needs.

  • Website/contact data: retained for active commercial follow-up and legal/accounting obligations, then deleted or anonymized when no longer needed.
  • Service data: retained according to the clinic contract, clinic instructions, and DPA terms. Export and deletion requests are handled under those terms. Backups, legal holds, and security logs may require limited additional retention.

9) Security

We apply industry-standard technical and organizational measures, including encryption in transit and at rest, strict access controls (least privilege, MFA), network isolation, monitoring, audit logging, regular backups, and vendor DPAs with security commitments. Security documentation is available on request.

Breach notification. We assess incidents promptly and notify impacted clinics and, where risk thresholds are met, the FDPIC as soon as possible, consistent with the FADP. Clinics must notify affected individuals where required.

10) Automated processing & fairness

Our system uses automated processing to understand caller intent and route calls. We do not intend for the service to make decisions that produce legal effects or similarly significant effects on individuals without appropriate human involvement.

If a clinic configures automations that could significantly affect callers, the clinic remains responsible for providing required notice and safeguards. We support this through contract and product documentation.

No medical advice. The service provides logistical assistance (for example booking, reminders). It does not provide diagnosis, treatment decisions, or emergency triage.

11) Your rights (Swiss residents)

You may request: access to your data, information about processing, correction, deletion, and data transfer (portability, where applicable). To exercise rights about a call with your clinic, contact the clinic (Controller). For website/sales data, contact privacy@viteclinic.com.

12) Marketing

We only send electronic marketing with your consent or where permitted with existing customers, and you can opt-out at any time.

13) Emergencies

Do not use Vite Clinic in an emergency. In Switzerland call 144 for medical emergencies, or 112 (EU emergency).

14) Changes

We’ll post updates here and change the “Effective date.” Material changes will be communicated to customers.