Trust, security & compliance

KwickPhone answers the phone, books appointments, and takes payment for businesses in regulated, appointment-based industries. Here is how we handle HIPAA, TCPA, and ADA — and how healthcare customers get a Business Associate Agreement (BAA).

HIPAA

When KwickPhone handles calls or bookings that involve protected health information (PHI) — for example, a patient confirming an appointment — we act as a Business Associate and operate under a signed Business Associate Agreement (BAA) with your practice. Our platform is designed to meet the requirements of the HIPAA Security and Privacy Rules:

• Encryption in transit and at rest — calls, transcripts, and stored data are encrypted on the wire (TLS) and in our databases and backups.
• Access controls — least-privilege, role-based access to customer data; staff see only what they need.
• Audit logging — access to PHI is logged so we can answer "who saw what, when".
• Minimum necessary — the AI captures only what's needed to route or book, speaks only from your approved information, and hands genuinely sensitive matters to your staff.
• Sub-processor BAAs — where a downstream provider (telephony/SMS, AI) may touch PHI, we maintain a BAA with that provider so protection flows all the way down.
• Breach notification — a defined process to notify you of a breach of unsecured PHI within the timelines HIPAA requires.
• Return or destruction of PHI — on termination, PHI is returned or destroyed per your BAA.

Who this is for: medical and dental offices, physical therapy and chiropractic, med spas, optometry, counseling/therapy, home care, veterinary, and medical billing services.

Read our sample BAA →  ·  Request your BAA ↓

TCPA

The Telephone Consumer Protection Act governs calls and texts to consumers. KwickPhone gives you the tools to operate within it — and you stay in control of consent for the numbers you contact:

• Call-recording disclosure — where calls are recorded, the AI can play a clear disclosure at the start of the call.
• Opt-out handling — texts honor STOP and standard opt-out keywords automatically, and we suppress further messages to anyone who opts out.
• Quiet hours — outbound texts respect local quiet-hours windows.
• Transactional focus — KwickPhone is built for answering and confirming, not blasting marketing; it responds to and confirms with the people who contact you.

ADA & accessibility

Accessibility is built into how KwickPhone works:

• Voice-first — a phone line answered in natural speech is reachable by people who can't or won't use an app or website, including many older and disabled callers.
• English & Spanish — callers are served in their language.
• TTY / relay — we support telecommunications relay service (dial 711) for callers who are deaf, hard of hearing, or have a speech disability.
• WCAG-aligned website — kwickphone.com is built toward WCAG 2.1 AA: sufficient color contrast, keyboard navigation, and descriptive alternative text.

Need an accommodation, or hit an accessibility barrier on our site? Email [email protected] and we'll respond promptly.

Data handling & sub-processors

We collect and process only what's needed to answer your phone, book the work, and take payment. Card payments are handled PCI-compliantly — no card number is ever read aloud or stored by the AI. For the full picture of what we collect and why, see our Privacy Policy and Terms of Service. To request the current list of sub-processors, email [email protected].

Request a Business Associate Agreement

Tell us about your practice and we'll send your BAA and onboarding next steps. Prefer to review the language first? Read the sample BAA.