1. Introduction
The Nanobot (“we”, “us”, or “our”) operates the website thenanoboat.com and provides AI voice receptionist and front desk automation services for dental clinics, med spas, and aesthetic practices. This Privacy Policy describes how we collect, use, share, and protect information about visitors to our website and clients who use our services.
By accessing our website or using our services, you agree to this Privacy Policy. If you do not agree, please do not use our website or services.
2. Information We Collect
Information You Provide Directly
When you book a strategy call, submit a contact form, or communicate with us, we collect:
- Name, email address, phone number, and job title
- Business name, type, and location
- Any information you share during calls or in written communications
Usage and Analytics Data
We automatically collect certain information when you visit our website, including pages visited and time spent, browser type, operating system and device type, IP address and general geographic location, and referring URL and search terms used to find our site.
Client Service Data
When we provide AI front desk services on behalf of clients, we may process data about their patients or customers (including appointment records, call logs, and communication history) as a data processor acting under the client’s instructions. Clients retain ownership and control of this data and are responsible for ensuring they have a lawful basis to share it with us.
3. How We Use Your Information
- To respond to enquiries and schedule strategy calls
- To set up, deliver, and maintain our AI front desk services
- To send service updates, billing communications, and support responses
- To improve our website and services based on usage patterns
- To comply with applicable legal obligations
- To protect against fraud, security threats, and abuse
We do not use personal information for automated decision-making that produces legal or similarly significant effects on individuals.
4. Cookies & Analytics
We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 collects anonymised behavioural data including pages viewed, session duration, and device type. This data is processed by Google under their own Privacy Policy.
We use two categories of cookies:
- Essential cookies: Required for the website to function correctly (session management, security)
- Analytics cookies: Google Analytics cookies that track aggregated, anonymised usage patterns
You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on, or by adjusting your browser’s cookie settings. We do not use advertising or tracking cookies from third-party ad networks.
5. Data Sharing & Third Parties
We share information only in the following circumstances:
- Service providers: We use trusted third-party tools including Google Analytics, Calendly, and cloud infrastructure providers. These providers are contractually required to protect your data and may only use it to provide services to us.
- Legal requirements: We may disclose information if required by applicable law, court order, or governmental authority, or to protect the rights, safety, or property of The Nanobot or others.
- Business transfers: In the event of a merger, acquisition, or sale of assets, information may be transferred to the acquiring entity, which will be bound by equivalent privacy obligations.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
6. Data Security
We implement industry-standard security measures to protect your information, including encryption in transit (TLS/HTTPS), access controls limited to authorised personnel, and regular security reviews of our systems and processes.
No method of transmission over the internet or electronic storage is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security and encourage you to exercise care when sharing sensitive information online.
7. HIPAA & Healthcare Data
For US-based healthcare clients who qualify as Covered Entities or Business Associates under the Health Insurance Portability and Accountability Act (HIPAA), we are prepared to enter into a Business Associate Agreement (BAA). The BAA governs our handling of Protected Health Information (PHI) and sets out each party’s obligations under HIPAA.
When processing PHI on behalf of clients, we apply HIPAA-compliant administrative, physical, and technical safeguards. Clients are responsible for ensuring their own HIPAA compliance and for verifying that their use of our services is consistent with applicable healthcare privacy regulations.
For UK clients, data processed in the course of providing services may be subject to the UK GDPR and the Data Protection Act 2018. For Australian clients, the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply. Please contact us to discuss jurisdiction-specific compliance requirements.
8. Your Rights
EEA, UK, and Swiss Residents (GDPR / UK GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to: access a copy of the personal data we hold about you; request correction of inaccurate or incomplete data; request deletion of your personal data in certain circumstances; receive your data in a structured, machine-readable format (portability); request that we restrict how we process your data; and object to processing based on legitimate interests or for direct marketing.
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information. As stated above, we do not sell personal information.
Exercising Your Rights
To exercise any of these rights, contact us using the details in Section 13. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection authority.
9. Data Retention
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When information is no longer required for these purposes, we securely delete or anonymise it.
Client service data (call logs, appointment records, and patient communication history processed on your behalf) is retained in accordance with your service agreement and deleted promptly upon your written request or within 30 days of contract termination.
10. International Data Transfers
The Nanobot serves clients in the United States, United Kingdom, and Australia. Your information may be transferred to and processed in countries other than your own. Where we transfer personal data from the UK or EEA to countries that have not been deemed to provide an equivalent level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority.
11. Children’s Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 16, please contact us immediately and we will take prompt steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please reach out: