Privacy Policy

Agentlyx AI LLC

Effective date: February 2025

Last updated: February 2025

Agentlyx AI LLC ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your information when you use our services, including AI-powered booking assistants, automated scheduling, and customer interaction tools.

1. Information We Collect

We may collect the following categories of information:

a) Personal Information

  • Name
  • Email address
  • Phone number
  • Appointment / booking details

b) Business Information

  • Business name
  • Location
  • Service offerings
  • Schedules and availability

c) Usage and Operational Data

  • Interaction logs
  • Chatbot and/or voice assistant transcripts
  • Device/browser metadata
  • Platform usage events and technical logs

2. How We Use Your Information

We use your information to:

  • Provide, operate, and improve our AI-powered services
  • Process appointments and manage business calendars
  • Send service-related communications and updates
  • Analyze usage patterns to improve our platform
  • Ensure security and prevent fraud/abuse
  • Comply with legal and regulatory obligations

3. Our Roles in Data Processing (Controller / Processor)

Agentlyx AI LLC may act in different roles depending on the context in which personal data is processed:

  • As a Data Controller (or equivalent role under applicable law), for data necessary to operate our business and platform, such as commercial account administration, billing, support, security, and compliance.
  • As a Data Processor (or equivalent role under applicable law), when we process personal data on behalf of our business customers (for example, clinics, dental practices, or other businesses) in connection with automated customer interactions, scheduling, messaging, and related services.

When we act as a Data Processor, we process personal data in accordance with our customer's instructions and the applicable contract, including a Data Processing Agreement (DPA), where applicable.

4. Information Sharing

We may share your information in limited circumstances:

  • With your explicit consent
  • To comply with legal obligations, regulatory requests, or court orders
  • With trusted service providers that support our operations (for example, infrastructure, messaging, communications, and support services), subject to contractual safeguards and appropriate security measures
  • In connection with a merger, acquisition, reorganization, or transfer of business, with notice when legally required or reasonably possible

5. Data Security

We implement reasonable technical and organizational security measures consistent with industry practices, which may include:

  • Encryption in transit and, where applicable, at rest
  • Access controls and authentication mechanisms
  • Security monitoring and audits
  • Secure data storage, backups, and recovery measures
  • Internal security and confidentiality policies

No system is completely secure. While we use reasonable safeguards, we cannot guarantee absolute security.

6. Your Rights

Depending on applicable law, you may have the right to:

  • Access your personal information
  • Request correction or updates
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Request data portability
  • Opt out of marketing communications
  • File a complaint with a relevant data protection authority

If your data was collected or processed through one of our business customers (for example, a clinic or dental practice), we may need to coordinate your request with that customer, who may act as the data controller.

7. Data Retention

We retain information for as long as reasonably necessary to:

  • Provide the Services
  • Comply with legal, accounting, or regulatory obligations
  • Resolve disputes
  • Enforce agreements
  • Protect the security and integrity of our platform

8. Contact Us

For privacy-related questions or requests, contact us at:

Email: info@agentlyx.ai

Response Time: We respond to privacy requests within a reasonable time and generally within 30 days, subject to identity verification and the nature of the request.

9. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or through our platform when appropriate. Continued use of our services after the effective date of an updated policy constitutes acceptance of the revised policy.

10. Annex — Argentina-specific Provisions

The following provisions apply to users and customers located in the Argentine Republic, complementing the global policy above. They reflect the registration of our databases with the National Registry of Personal Databases (RNBD) under the Agency for Access to Public Information (AAIP).

10.1 Responsible Party in Argentina

For users and customers located in Argentina, the local Responsible Party (Responsable del Tratamiento) for data processing is:

  • Gonzalo Javier Mattar (natural person)
  • CUIT: 20-31251106-2
  • Domicile: Olazábal 3650, Floor 12, Belgrano, Ciudad Autónoma de Buenos Aires (Comuna 13), Argentina
  • Phone: +54 11 4534-4565
  • Email: info@agentlyx.ai

10.2 Sensitive Health Data

When the Services are provided to clinics, we may process sensitive health data including allergies, clinical history, dental odontogram, digital prescriptions, and diagnoses (Article 7, Law No. 25.326). These data are subject to reinforced security measures and to a minimum retention period of 10 years counted from the last clinical interaction (Article 18, Law No. 26.529).

10.3 Disclosed Processors and Recipients

We share personal data with the following processors and recipients under contracts that include data protection clauses:

  • Meta Platforms Ireland Ltd. (Ireland) — WhatsApp Business API for operational communications (appointment reminders, digital prescriptions, signing OTP).
  • Amazon Web Services Inc. (United States) — secure storage of clinical files and signed prescription PDFs in S3, plus transactional email delivery via SES.
  • Mercado Pago S.R.L. (Argentina) — processing of payments for clinical services.
  • Validating platform registered with ReNaPDiS (Argentina) — registration and verification of digital prescriptions for dispensing at authorized pharmacies.

10.4 International Transfers

Some processors operate outside Argentina (United States, Ireland). These transfers are protected by contracts with standard data protection clauses pursuant to Article 12, Section 2 of Law No. 25.326.

10.5 Specific Retention Periods (Argentina)

  • Patient data and digital prescriptions: minimum 10 years counted from the last clinical interaction (Article 18, Law No. 26.529).
  • Healthcare professional data: throughout the contractual relationship + 10 years following termination.
  • System user data (administrators, staff): while the account is active + 5 years following deactivation for audit purposes.
  • Commercial / billing data: 10 years pursuant to the applicable accounting regime.

10.6 Argentine Legal Framework

In the Argentine Republic our activities are governed by: Law No. 25.326 (Protection of Personal Data), Law No. 26.529 (Patient Rights), Law No. 25.649 (prescription by generic name / active ingredient), Law No. 27.553 and Decrees No. 98/2023 and No. 345/2024 (electronic and digital prescriptions). The competent supervisory authority is the Agency for Access to Public Information (AAIP).

10.7 Registration with the National Database Registry

Our databases (Patients, Digital Prescriptions, Healthcare Professionals, System Users) are registered, or in the process of registration, with the National Registry of Personal Databases (RNBD). The corresponding registration numbers will be published in this section as soon as the certificates issued by AAIP are received.

10.8 Digital Prescriptions (Receta Digital)

Digital prescriptions are issued in accordance with Law No. 27.553 and Decree No. 345/2024. The healthcare professional's electronic signature is performed via a one-time code (OTP) delivered through WhatsApp. The prescription is registered with a validating platform inscribed in ReNaPDiS to enable dispensing at any authorized pharmacy. Pursuant to Decree No. 345/2024, any pharmacy authorized in the country may access the prescription, irrespective of whether it belongs to the financier's network.

10.9 Exercising ARCO Rights in Argentina

To exercise your rights of access, rectification, cancellation, or opposition (ARCO), you may contact us by email at info@agentlyx.ai, in writing at our domicile, or in person at the clinic that provides you services. Identity verification by DNI is required; if a copy is requested, only the front of the document will be processed, with the procedure number and barcode anonymized. Response times: 10 calendar days for access (Article 14, Law No. 25.326) and 5 business days for rectification, cancellation, or opposition (Article 16). The exercise of these rights is free of charge.

11. Google API Services Disclosure

Agentlyx integrates with Google Calendar to allow professionals to synchronize their appointment bookings with their personal calendar. When a user connects their Google account through OAuth, we request the following scopes:

  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete calendar events corresponding to appointments booked through Agentlyx.
  • https://www.googleapis.com/auth/calendar.readonly — to retrieve the list of the user's available calendars so they can choose which one to sync their professional appointments to. We do not read or store events from any calendar.
  • https://www.googleapis.com/auth/userinfo.email — to identify the connected Google account.

We store the OAuth refresh token encrypted at rest in our database, exclusively to maintain the synchronization between Agentlyx appointments and the user's chosen Google Calendar. We do not use Google user data for advertising, do not sell it, and do not transfer it to third parties except as necessary to provide and improve the Services, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

Limited Use

Agentlyx's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking Access

Users can revoke Agentlyx's access to their Google account at any time by:

  • Clicking "Disconnect Google Calendar" in the professional settings within the Agentlyx admin panel, or
  • Visiting https://myaccount.google.com/permissions and removing Agentlyx from the list of connected apps.

When access is revoked, the corresponding OAuth tokens are deleted from our systems within 30 days.