How well does the AI understand different languages?

The AI assistant is optimized for multilingual medical communication, supporting Hungarian, English, German, Romanian, Slovak, Russian, and Ukrainian. It handles medical terminology, natural conversational patterns, and formal address forms in each supported language.

What happens if the AI doesn't understand the patient?

The AI will first ask for clarification and try again. If it fails to understand twice, it automatically transfers the call to a live staff member (warm transfer), passing along the information it has already gathered.

How does it handle data privacy (GDPR)?

Full GDPR compliance from day one: AI disclosure at the start of every call, data minimization, AES-256 encryption, EU data center (Hetzner), support for deletion and export rights, and a Data Processing Agreement (DPA) with every service provider.

Does it work with my existing calendar system?

Yes! The system synchronizes bidirectionally with Google Calendar through Cal.com. Every booking, cancellation, and modification appears instantly in the doctors' calendars, and vice versa.

Can I use it with multiple locations?

Yes, the system supports multiple locations within a single account. Each location can have its own phone number, opening hours, and calendar. The AI automatically recognizes which practice is being called.

How long does setup take?

The self-service onboarding can be completed in minutes. Register, set up your practice (locations, doctors, treatments), connect Google Calendar — and your AI phone assistant is ready to go.

Back to home

Privacy Policy

Last updated: May 23, 2026

1. Data Controller

Name: Tóth Gergő EV
Address: 1163 Budapest, Máté u. 2., Hungary
Email: info@medivox.hu
Website: https://getmedivox.com

2. Purpose and Scope

This Privacy Policy informs data subjects about the data processing activities carried out within the MediVox service (getmedivox.com website and app.medivox.hu application) in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.

3. Categories of Personal Data

3.1 Website Visitors

IP address, browser type, operating system
Visit timestamp, pages viewed
Cookie-related data (see Cookie Policy)

3.2 Demo Requesters

Data provided during a demo request:

Phone number
Name
Email address
Clinic name

3.3 Application Users (Doctors, Clinics)

Registration data (name, email, phone)
Clinic data (name, address, opening hours, treatments)
Calendar data (via Google Calendar sync)
Billing data

3.4 Patients (AI Call Handling)

Phone number
Name (if provided)
Appointment booking data (requested time, treatment type)
Call recording (transient processing only)

4. AI-Based Call Handling and Transparency

MediVox operates an AI-based phone assistant that automatically answers and handles incoming calls. Pursuant to Article 13(2)(f) and Article 22 of the GDPR, we inform data subjects:

Every AI-handled call begins with a clear disclosure that the caller is speaking to an automated system.
The AI is used exclusively for appointment booking and information purposes; it does not provide medical advice.
The caller may request a transfer to a human agent at any time.
The AI's decision-making (appointment suggestion) is not solely automated under Article 22, because the final confirmation is performed by the user (clinic).

5. Legal Basis for Processing

Purpose	Legal basis (GDPR Article 6)
Website operation, cookies	Consent (a); Legitimate interest (f) — necessary cookies
Demo request processing	Consent (a)
Service provision (app)	Performance of contract (b)
AI call handling, appointment booking	Performance of contract (b); Legitimate interest (f)
Invoicing	Legal obligation (c)

6. Health Data

The MediVox system applies the special category data rules of GDPR Article 9. The AI assistant processes only appointment booking data (treatment type, requested time) and does not request, store or process medical diagnoses, lab results or medical history.

Naming a treatment type (e.g. "dental check-up") does not in itself constitute health data under Article 9 GDPR if no direct inference about the data subject's health status can be drawn from it. Nevertheless, the system follows the data minimisation principle.

7. Data Processors

Processor	Purpose	Location / Data storage
Hetzner Online GmbH	Server hosting	EU (Germany, Finland)
OpenAI, L.L.C.	LLM for AI call handling (GPT family) and speech-to-text (`gpt-4o-transcribe`)	USA — under SCCs; OpenAI Zero Data Retention; API data not used for model training
Anthropic, PBC	LLM for AI call handling (Claude family)	USA — under SCCs; API data not used for model training
Deepgram, Inc.	Speech-to-text	USA — under SCCs
ElevenLabs Inc.	Text-to-speech	USA — under SCCs
Cal.com Inc.	Appointment booking, calendar sync	USA — under SCCs
Vercel Inc.	Website and form-handler hosting (Frankfurt region)	USA — under SCCs; processing in EU
Google Ireland Ltd. (Google Workspace)	Demo request confirmation and notification emails (`hello@medivox.hu`)	EU (Ireland) / global
Cloudflare, Inc.	Bot and spam protection (Turnstile) on forms	USA — under SCCs

Demo lead CRM storage runs on a self-hosted system (Twenty CRM) operated within the EU — this is part of the Controller's own infrastructure, not a third-party processor.

A Data Processing Agreement (DPA) compliant with GDPR Article 28 is in place with each processor.

8. Google Calendar Integration and Google User Data

The MediVox application offers an optional integration with Google Calendar to two-way synchronise the clinic's Google calendar with MediVox-managed appointments. Google user data handling complies with the Google API Services User Data Policy, including its Limited Use requirements.

8.1 Google User Data Accessed

When the clinic admin connects their Google account, MediVox requests the following OAuth scopes:

https://www.googleapis.com/auth/calendar — read/write access to the connected Google account's calendar events.
https://www.googleapis.com/auth/userinfo.email — the connected Google account's email address.
openid — the Google account's stable identifier (added automatically by Google).

8.2 How Google User Data Is Used

Calendar scope (auth/calendar): creating, updating, reading and deleting appointment events in the clinic's selected Google calendar, corresponding to MediVox bookings, modifications and cancellations. Sync is bidirectional: changes made directly in Google Calendar are synced back into MediVox via Google's push-notification webhook.
Email scope and OpenID: displaying which Google account is connected in the MediVox UI, and associating the integration with the correct MediVox tenant (clinic).

Google user data is not used for:

serving advertisements,
training, fine-tuning or evaluating AI/ML models (including third-party LLM, speech-to-text or text-to-speech providers),
any purpose other than the calendar sync described above.

8.3 Sharing and Onward Transfer

Google user data is not sold, rented or traded. Onward transfer to third parties occurs only:

To infrastructure processors strictly necessary to operate the service — specifically Hetzner Online GmbH (EU-based server hosting). Google user data is stored encrypted at rest. This processor is listed in section 7 above.
To meet legal obligations (lawful request from a court or authority), or to protect the rights, property or safety of MediVox, its users or the public.

Google user data is not shared with MediVox's AI subprocessors (speech-to-text, text-to-speech and LLM providers). Those providers receive only the patient's spoken audio during a call and the structured appointment metadata produced by our application logic; they never access Google Calendar event contents, the connected Google email address or the OpenID identifier.

8.4 Retention and Deletion

Google user data is retained only while the clinic maintains the Google integration. The clinic admin may disconnect at any time from Settings → Integrations in the MediVox application; MediVox's access can also be revoked directly at https://myaccount.google.com/permissions. On disconnect, the stored OAuth refresh token is deleted from our database; MediVox will make no further Google API calls on behalf of the clinic. Previously synced appointment records are kept as part of the clinic's operational records for the period stated in section 10.

8.5 Contact for Google User Data Questions

For questions or deletion requests regarding Google user data, contact us at hello@medivox.hu.

9. International Transfers

Primary data storage takes place on servers within the EU (Hetzner, Germany/Finland). For processors based in the USA, transfers are made under the European Commission's approved Standard Contractual Clauses (SCCs).

10. Retention Periods

Data type	Retention
Call recordings	Deleted automatically after processing (max. 30 days)
Demo request data	6 months, or until the data subject requests deletion
User account data	Term of contract + 5 years (accounting obligation)
Appointment booking data	1 year, or as configured by the clinic
Cookies	See Cookie Policy

11. Data Subject Rights

Under the GDPR you have the following rights:

Right of access (Article 15)
Right to rectification (Article 16)
Right to erasure (Article 17)
Right to restriction of processing (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)
Withdrawal of consent — for consent-based processing, you may withdraw consent at any time

To exercise your rights, contact us at info@medivox.hu. We will respond within 30 days at the latest.

12. Security

To protect personal data we apply the following technical and organisational measures:

AES-256 encryption at rest
TLS 1.3 encryption in transit
Access management and logging
Regular security reviews

13. Supervisory Authority

If you believe processing infringes the GDPR, you may lodge a complaint with the Hungarian Data Protection Authority (NAIH):

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9–11., Hungary
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu

14. Changes to This Policy

The Controller reserves the right to amend this Privacy Policy. We will inform data subjects of changes via the website. The current version is always available at getmedivox.com/privacy-policy.