Privacy Policy

Last updated: 3 June 2026

This policy explains how we handle personal data for (1) this website and (2) the AI receptionist service we provide to dental practices. Where you are a patient of a practice that uses our service, that practice is the data controller and this notice describes the role we play on its behalf.

1. Who we are (data controller)

This website is operated by MYG Media SRL, a Romanian limited liability company (registration / fiscal code RO50059004), Bulevardul George Enescu, Nr. 23, Bloc G45, Scara B, Ap. 6, 720246 Suceava, Romania.

For privacy questions or to exercise your rights, contact our data protection contact at max@myg-media.com (general enquiries: contact@myg-media.com).

2. The data we process

When you visit this website

Server logs. Our hosting provider records technical data (IP address, browser type, time of request) to deliver the site securely and prevent abuse.
Local storage. We store a single setting in your browser's local storage to remember your light/dark theme preference. This is set only when you toggle the theme, it is not used to track you, and it never leaves your device.
No tracking. This website uses no advertising or analytics cookies, no tracking pixels, and no third-party fonts. Fonts are served from our own server.

When you contact us

If you email us or message us on WhatsApp, we process the contact details and message content you choose to send (for example your name, practice, phone number, and enquiry) to respond and to scope a possible engagement.

When we run the AI receptionist for a practice

On behalf of the practice (the controller), the service may process caller and patient data such as name, contact details, appointment details, and the content of calls and chats. This can include health data (a special category under Article 9 GDPR), for example the reason for a visit.

3. Purposes and legal bases

Operating and securing the website - our legitimate interests (Art. 6(1)(f)).
Remembering your theme preference - strictly necessary for a function you request; no consent banner is required.
Responding to your enquiry - steps prior to entering a contract and our legitimate interests (Art. 6(1)(b), (f)).
Providing the AI receptionist service - we act as a processor under Article 28 GDPR on the documented instructions of the practice, which determines the purposes and legal bases (typically the patient's care relationship and, for health data, Art. 9(2)(h) or explicit consent).

4. Health and other special-category data

Where the service processes health data, we apply additional safeguards: data minimisation, EU data residency, access controls, encryption in transit and at rest, and a documented retention period agreed with the practice. We process such data only on the practice's instructions and under a signed Data Processing Agreement.

5. AI transparency

The voice and chat assistant is an AI system. In line with the EU AI Act, it identifies itself as a virtual assistant at the start of a call or chat, and it hands off to a member of the practice's team when a conversation needs a person.

6. Recipients and processors

We share data only with service providers acting on our or the practice's instructions, including:

Website hosting: Vercel Inc. (hosting and content delivery).
AI model providers used to operate the assistant: OpenAI, Anthropic, and Google.
Voice and chat platform used to run calls and messages [name your telephony / speech vendor, e.g. the voice platform you deploy on].
The practice's own booking / practice-management system, where the assistant writes appointments.

We do not sell personal data.

7. International transfers

We aim to keep data within the EU/EEA. Where a provider processes data outside the EEA, we rely on an adequacy decision or the European Commission's Standard Contractual Clauses (Art. 46 GDPR) with appropriate supplementary measures. Our AI model providers (OpenAI, Anthropic, Google) may process data in the United States under these clauses.

8. How long we keep data

We keep website server logs only as long as needed for security. Enquiry correspondence is kept for as long as needed to deal with your request and a reasonable period afterwards. Data processed under the service is kept for the period agreed with each practice and then deleted or returned. [State concrete retention periods.]

9. Your rights

Subject to the conditions in the GDPR, you have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent at any time. To exercise these rights for service data, contact the practice (the controller); we will support them. For website or enquiry data, contact us directly.

You also have the right to lodge a complaint with a supervisory authority - in Cyprus, the Office of the Commissioner for Personal Data Protection; in Romania (our lead authority), the National Supervisory Authority for Personal Data Processing (ANSPDCP).

10. Security

We use appropriate technical and organisational measures, including encryption in transit (HTTPS), access controls, and EU-based storage, to protect personal data against unauthorised access, loss, or disclosure.

11. Changes

We may update this policy from time to time. The date at the top shows when it was last revised.

12. Contact

MYG Media SRL - contact@myg-media.com - myg-media.com