Receptra AI provides AI-powered voice receptionist services for medical clinics in the UAE. Our service, Sara, handles inbound patient calls, books appointments, and transfers enquiries to clinical staff.
Receptra AI operates as a data processor on behalf of clinic clients (who are the primary data controllers for patient health records). In relation to enquiries from prospective clients and website visitors, Receptra AI acts as a data controller in its own right.
When Sara handles an inbound patient call, the following data may be collected:
Health information disclosed voluntarily during a call (symptoms, conditions, medical history) is special category data under UAE PDPL Article 2 and is handled with additional safeguards — see Section 7.
Standard web server logs may record your IP address, browser type, and pages visited. This data is anonymised and used only for security and performance monitoring. No personal profiling is carried out.
If you contact us via the website or email, we may collect your name, email address, phone number, company name, and the content of your enquiry.
We process personal data only for specified, explicit, and legitimate purposes under UAE PDPL Article 4.
| Processing activity | Purpose | Lawful basis |
|---|---|---|
| Call recording & transcription | Quality assurance; service delivery record | Consent — verbal notice at call start |
| Appointment booking | Fulfil patient's request to book with the clinic | Performance of contract; consent also obtained |
| Call transfer to clinical staff | Connect patient with human staff when needed | Legitimate interests — patient requested human assistance |
| Booking confirmation to clinic | Inform clinic of confirmed appointment | Legitimate interests — operational necessity |
| Service enquiry handling | Respond to prospective clients and partners | Legitimate interests — business communications |
| Compliance and audit records | Meet PDPL obligations; defend legal claims | Legal obligation; legitimate interests |
We do not use your personal data for marketing or advertising without your explicit consent. We do not sell personal data to any third party.
At the start of every call, Sara delivers this notice before any personal data is collected:
By continuing the call after this notice, the patient provides affirmative consent to the call being recorded. Patients who do not wish to consent may end the call at any time before providing personal information.
You may withdraw consent at any time by emailing maaz@receptra.co with the subject line "Consent Withdrawal Request". Upon receiving your request we will:
Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
All processors are bound by Data Processing Agreements requiring them to process data only on our instructions and to maintain appropriate security standards.
| Processor | Location | Purpose | Safeguards |
|---|---|---|---|
| Retell AI | USA | AI voice engine; call processing; recording storage | DPA in place; SOC 2 Type 2 certified; UAE PDPL Transfer Addendum submitted |
| Make.com | EU | Workflow automation; routes booking data | DPA accepted; EU-based (adequate protection) |
| Google Workspace | USA/Global | Calendar, Gmail, Sheets | Google DPA to be accepted upon migration to Workspace |
| ElevenLabs | USA | Voice synthesis only | No patient data transmitted |
| Netlify | USA | Website hosting | Visitor data anonymised |
| Clinic clients | UAE | Receive appointment confirmations | Bound by Receptra client DPA; independent data controllers for patient health records |
We do not share personal data with any other third parties except where required by UAE law or a valid legal order from a competent authority.
Some processors are located outside the UAE. When personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with PDPL Articles 22–24.
For transfers to Retell AI (USA), a Transfer Impact Assessment is on file and a UAE PDPL Data Transfer Addendum has been submitted for signature, applying EU Standard Contractual Clauses by analogy. Retell AI holds SOC 2 Type 2 certification.
We have confirmed that Federal Law No. 2 of 2019 on ICT in Health applies to licensed health authorities and providers, not to technology vendors such as Receptra AI. A formal inquiry has been submitted to the Dubai Health Authority for confirmation.
Health information voluntarily disclosed during a call is special category data under PDPL Article 2. We handle it with additional safeguards:
| Data type | Retention period |
|---|---|
| Call recordings and transcripts | 90 days, then permanently deleted |
| Appointment booking data | Per clinic's retention policy; Receptra retains confirmation reference for 90 days |
| Booking confirmation emails | Per clinic's email retention policy |
| Service enquiry correspondence | 2 years from last contact |
| Compliance and audit records (anonymised) | 5 years |
| Website visitor logs | 90 days (anonymised) |
Under the UAE PDPL you have the following rights. Send all requests to maaz@receptra.co. We respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the UAE Data Office at uaedataoffice.ae.
receptra.co is a static website. We do not use tracking cookies, advertising cookies, or third-party analytics that collect personal data. Standard server-side logs are retained for 90 days for security purposes and anonymised before that period expires.
Sara is not designed to collect personal data from individuals under 18. Where Sara identifies that a caller may be a minor, the call is transferred to a human receptionist. If a parent or guardian believes a child's data has been collected in error, please contact maaz@receptra.co for immediate deletion.
We may update this Privacy Policy from time to time. The current version is always published at receptra.co/privacy with the effective date clearly stated. For material changes that affect how we process your data, we will provide notice on our website at least 14 days before the change takes effect.
For questions about this policy, to exercise your rights, or to make a complaint: