Data Protection
How ConversionSignal protects your network's data
ConversionSignal is built for franchise networks that operate in health, wellness, and service industries. We understand that data protection isn't optional in these verticals. Here's exactly how we handle your data.
No PHI or PII in the Intelligence Layer
ConversionSignal processes pre-appointment customer conversations, commercial marketing interactions that occur before any clinical relationship is established. Medical records, treatment data, lab results, and clinical notes are never accessed or processed. The AI interface is hard-coded to return only aggregated, anonymized insights.
Complete Data Isolation
Each franchise system's data lives in its own isolated environment. Your data is never commingled with another client's data. No cross-client data access exists at any layer of the platform.
AI Output Guardrails
The ConversionSignal AI interface applies output filtering at the API layer. Individual contact information, names, phone numbers, and email addresses are never returned regardless of how queries are framed. Only aggregated network intelligence is surfaced.
What We Process vs. What We Never Process
What We Process
- ✓ Pre-appointment customer conversations
- ✓ Ad performance metrics
- ✓ Appointment booking data
- ✓ Conversation quality scores (derived, anonymized)
What We Never Process
- × Medical records
- × Diagnoses or treatment plans
- × Lab or test results
- × Prescription data
- × SSNs or government IDs
- × Payment card data
Data Processing Agreement
ConversionSignal provides a Data Processing Agreement (DPA) to all enterprise clients. The DPA covers:
- ✓ Scope and purpose of data processing
- ✓ Security measures and subprocessors
- ✓ Client rights and data deletion
- ✓ Breach notification procedures (72-hour window)
- ✓ Data retention policy
Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Vercel | Platform hosting | USA |
| Upstash | Data cache layer | USA |
| Anthropic | AI language model | USA |
| Deepgram | Call transcript processing | USA |
| Meta Platforms | Ad account data access | USA |
| Ad account data access | USA |
This page provides an overview of ConversionSignal's data protection practices. It does not constitute legal advice. Clients with specific compliance requirements should consult qualified counsel.