1 Introduction
Hemingway AI, Inc. dba Newton ("Newton," "we," "us") provides practice‑management, communications, and AI‑powered analytics tools for healthcare providers (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:
use the Service (including Newton’s web app, desktop app, mobile app, or voice services),
visit https://joinnewton.com or any sub‑domain (the "Website"), or
otherwise interact with us (for example, by phone or email).
Newton often provides the Service on behalf of dental or other healthcare practices (each, a "Practice Partner"). When we process patient information for a Practice Partner we do so as a “service provider,” “processor,” or “business associate,” and the Practice Partner’s own privacy notice controls. If you are a patient, please direct privacy requests to your practice first.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
2 Information We Collect
The information we collect depends on how you interact with Newton. We group it into the categories required by U.S. state privacy laws (CPRA), Canada’s PIPEDA, and the EU GDPR.
2.1 Personal Identifiers
Name, postal address, email address, telephone number, mobile number.
Account credentials (usernames, hashed passwords).
2.2 Patient / Messaging Data
Appointment dates and times, treatment or procedure details, insurance status.
Text‑message opt‑in/opt‑out status and preferences.
2.3 Voice & Communication Data
Call audio recordings, voice transcripts, caller‑ID metadata, and voicemail files.
AI‑generated summaries, sentiment scores, intent tags, or insurance verification results derived from the audio.
2.4 Device & Automatic Usage Data
Device type, operating‑system version, browser type, IP address, referring URLs.
Log files, clickstream, feature usage, message‑delivery / read receipts.
Cookies, pixels, SDK events, and similar technologies on the Website.
2.5 Inference Data (CPRA Category K)
Propensity‑to‑book scores, missed‑call urgency ranking, caller frustration level, and other profiles or predictions generated by our machine‑learning models.
2.6 Additional Sources
Support interactions, survey responses, conference sign‑ups.
Third‑party integrations you connect (e.g., Google Calendar, Facebook, Stripe).
We do not knowingly collect information from children under 18.
3 How We Use Information
We use the information described above to:
Send appointment reminders, confirmations, follow‑ups, and practice announcements on behalf of Practice Partners.
Route, record, transcribe, and analyze phone calls to improve scheduling, triage urgent calls, and reduce wait times.
Provide dashboards, analytics, and AI‑generated suggested replies to authorized practice staff.
Manage messaging preferences (opt‑in / opt‑out) and honor “STOP” or equivalent requests within 10 calendar days in accordance with the FCC’s April 2025 one‑touch opt‑out rule.
Bill and collect fees from Subscribers (practices) and provide customer support.
Detect, investigate, and prevent fraud, spam, or security incidents.
Comply with legal obligations, including HIPAA, CPRA, TCPA, CASL, and PIPEDA.
AI Processing. When enabled by a Practice Partner, Newton applies machine‑learning models to call audio, chat, or other data in order to generate transcripts, extract sentiment or intent, and draft suggested replies. AI output is automatically generated and may contain errors. Practices decide whether to rely on, share, or store such output.
We do not use patient data for advertising, cross‑context behavioral marketing, or algorithmic profiling unrelated to the Service.
4 Legal Bases for Processing (GDPR / UK GDPR)
Where the GDPR applies, our lawful bases are (a) performance of a contract with the Practice Partner, (b) legitimate interests in providing and improving the Service, (c) compliance with legal obligations, and (d) consent (for example, where a patient opts in to SMS reminders).
5 Sharing & Disclosure of Information
We share Personal Information only as follows:
Practice Partners. If you receive communications from a specific practice, relevant data (e.g., call recordings, transcripts, SMS replies) is shared with that Practice Partner.
Service Providers & Sub‑Processors. Hosting, telephony, payment, analytics, and support vendors bound by confidentiality and data‑processing agreements.
Call Recording & Consent. When a Practice Partner enables recording or monitoring, the Partner—not Newton—is responsible for providing required notice and obtaining consent from all participants. Any IVR prompts or sample scripts we supply are offered as a convenience only.
Legal or Regulatory Authorities. As required to comply with law, court orders, or lawful requests by public authorities (including to meet national‑security or law‑enforcement requirements).
Corporate Transactions. In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
SMS OPT‑IN PROTECTION. We do not sell or rent text‑message opt‑in data. We share SMS consent status only with carriers, messaging‑platform providers, or the relevant Practice Partner to ensure lawful delivery.
6 Data Retention & Deletion
We retain Personal Information only as long as necessary to: (a) fulfill the purposes listed in Section 3, (b) comply with legal or contractual obligations, or (c) resolve disputes. Call audio is retained for the period specified in the Practice Partner’s settings (default: 18 months) and deleted or anonymized thereafter, unless a longer period is required by law or the Partner’s instructions.
7 Security
We employ administrative, physical, and technical safeguards designed to protect data, including:
Encryption in transit (TLS 1.2 +) and at rest (AES‑256).
Role‑based access controls and multi‑factor authentication.
HIPAA‑aligned policies, regular security training, and annual risk assessments.
If we discover a breach of unencrypted Personal Information, we will notify the affected Practice Partner without undue delay and, in any case, within 60 days of discovery, unless a shorter period is required by law.
8 Your Rights & Choices
Depending on your jurisdiction, you may have rights to:
Access, correct, or delete Personal Information.
Receive a portable copy of data (data portability).
Restrict or object to certain processing.
Opt out of “sale” or “sharing” of Personal Information (CPRA).
Withdraw consent at any time (where processing is based on consent).
How to exercise. If you are a patient, please contact your Practice Partner first. We honor valid requests we receive directly at support@joinnewton.com
9 HIPAA Compliance
When Newton operates as a Business Associate:
We sign Business Associate Agreements with Practice Partners.
We implement safeguards required by the HIPAA Security Rule.
We use or disclose Protected Health Information only as permitted by the Agreement and HIPAA.
10 Biometric Information (Illinois BIPA & Similar Laws)
If a Practice Partner enables voice‑print recognition or sentiment scoring, Newton retains biometric identifiers only as necessary to provide the feature and deletes or irreversibly anonymizes them within 30 days after the Partner disables the feature or at contract termination, whichever comes first. Newton will not sell, lease, or trade biometric data.
11 International Transfers & Export Controls
Newton may transfer Personal Information to the United States and other countries that may have different data‑protection laws than your jurisdiction. We rely on standard contractual clauses or equivalent safeguards where required. Subscriber practices are responsible for ensuring that their use of the Service complies with U.S. export‑control and economic‑sanctions laws.
12 Children’s Privacy
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, contact us and we will delete it.
13 Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be announced by:
email to the primary contact on file and/or
a prominent notice on our Website or in‑Service banner.
