KarunaAI
Book a demo
Back to home

Legal

Privacy Policy

How we collect, use, and protect information when veterinary clinics use KarunaAI to handle pet owner calls.

Last updated · May 7, 2026

Plain-English summary. We process call audio, transcripts, and basic appointment details on behalf of your clinic so KarunaAI can answer the phone. We host data in Australia, encrypt everything in transit and at rest, never sell information, and delete recordings on the schedule you choose.

1. Who this policy covers

This policy applies to KarunaAI (“we”, “us”) and the website at www.karunaai.com, plus the voice AI receptionist service we provide to veterinary clinics (“clinics”).

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where other jurisdictions' privacy laws apply to your data (for example the EU GDPR), we honour those rights as required.

2. Two roles, two responsibilities

  • Website visitors. When you browse www.karunaai.com or email us, we are the data controller.
  • Clinic operations. When a clinic uses KarunaAI to answer their phone, the clinic is the data controller of their pet owners’ information; we are the data processor acting on the clinic’s instructions under our Master Services Agreement and Data Processing Addendum.

3. What information we collect

From website visitors

  • Information you submit (name, email, clinic name, message).
  • Standard server logs (IP, user agent, referrer, timestamps) for security and abuse prevention.
  • Privacy-friendly analytics (page views, country, device type) without third-party advertising trackers.

From clinic phone calls processed by KarunaAI

  • Call audio — the recording of the conversation between the caller and the AI agent.
  • Transcript — a text version of the call, generated by speech-to-text.
  • Appointment metadata — preferred time, service, callback number, and notes the AI captured to book the visit.
  • Caller phone number — passed by the telephony provider so the clinic can return calls or send confirmations.
  • Clinical context the caller volunteers — e.g. the pet’s name, species, symptoms, urgency.

We do not knowingly collect payment card numbers or government identifiers over the phone, and the AI is configured to refuse them.

4. How we use information

  • To answer calls, book appointments, and send confirmations.
  • To sync appointments and notes back to the clinic’s practice management system (PMS) such as ezyVet, RxWorks, or Provet Cloud, or to Google / Outlook calendars.
  • To provide the clinic with transcripts, summaries, and dashboards.
  • To improve quality, accuracy, and safety of our service. We do not use clinic call data to train third-party foundation models.
  • To detect, investigate, and respond to fraud, abuse, or security incidents.
  • To comply with legal obligations.

5. Legal bases (where applicable)

  • Contract. Processing necessary to deliver the service to clinics under our agreement.
  • Legitimate interests. Security, fraud prevention, and product improvement, balanced against your rights.
  • Consent. Optional marketing emails — you can unsubscribe at any time.
  • Legal obligation. Tax, accounting, and lawful requests from authorities.

6. Sub-processors we rely on

We use a small set of vetted vendors to deliver the service. Each is bound by a written data-processing agreement.

  • Vapi — voice AI orchestration (US/EU).
  • Twilio — telephony & SMS (US/AU).
  • Supabase — managed Postgres and storage, hosted in ap-southeast-2 (Sydney).
  • OpenAI — large language model inference under a zero-retention API agreement.
  • Resend — transactional email.
  • Vercel — static website hosting in syd1 (Sydney).
  • Google / Microsoft — calendar APIs only when the clinic explicitly connects them.

A current sub-processor list is available on request to info@karunaai.com.

7. International transfers

Primary hosting and storage are in Sydney, Australia. Some sub-processors (LLM inference, telephony) may process data in the US or EU. When data leaves Australia, it is protected by Standard Contractual Clauses or equivalent safeguards.

8. Retention

  • Call recordings — default 90 days, configurable by the clinic from 7 days to 2 years.
  • Transcripts & appointment data — retained for the life of the clinic’s account, or until the clinic deletes them.
  • Account & billing records — up to 7 years to meet Australian tax and accounting law.
  • Server logs — up to 90 days for security.

9. Your rights

Subject to applicable law, you can request to access, correct, delete, export, restrict, or object to processing of your information. Pet owners with questions about a specific call should contact their veterinary clinic first — the clinic is the controller of that information. If they direct you to us, email info@karunaai.com.

We respond within 30 days. You also have the right to complain to the Office of the Australian Information Commissioner (OAIC).

10. Security

TLS 1.3 in transit. AES-256 at rest. Least-privilege access. Audit logging. Regular vulnerability scanning. Full details on our Security page.

11. Children

KarunaAI is sold to veterinary businesses and is not directed at children under 16. We do not knowingly collect personal information from children.

12. Changes to this policy

We will update this page when our practices change and post the new “Last updated” date at the top. Material changes will be emailed to clinic admin contacts at least 30 days in advance.

13. Contact

KarunaAI — Privacy queries
info@karunaai.com