Legal

Privacy policy

Effective July 9, 2026

The short version

Sirvo is a marketing tool for medical practices — not a medical tool. We collect ordinary business information (your name, work email, practice website, specialty, and city) and public web data about how your practice appears in search results and AI assistants. We never collect, store, or process patient data. Protected health information (PHI) has no path into our systems by design.

What we collect

  • Information you give us: name, work email, practice name, website URL, specialty, and city — when you use the AI Visibility Checker, subscribe, or contact us.
  • Google account data you connect (optional): if you choose to connect your Google account, we access your Google Search Console and Google Analytics data for your practice's website — described in full in the “Google user data” section below.
  • Public web data: search rankings, Google Business Profile information, public reviews, and how AI assistants answer questions about practices in your area.
  • Usage data: standard analytics about how this website and the Sirvo product are used (pages visited, features used), collected via cookies or similar technologies.
  • Billing data: handled by our payment processor (Stripe); Sirvo never stores full card numbers.

What we never collect

No patient data, ever. Sirvo does not connect to practice management systems, electronic medical records, appointment books, patient communications, or any system containing PHI. This is an architectural decision, not just a policy: our product works entirely with your public website, your Google Business Profile, and public search data. Because no PHI enters our systems, Sirvo is not a HIPAA business associate and no BAA is required to use it.

Google user data (Search Console, Site Verification & Analytics)

Some Sirvo features work with your Google account. Connecting it is optional, always initiated by you through Google's own consent screen (OAuth), and never requires sharing your Google password with us. When you connect, Sirvo requests only the following scopes, for the following purposes:

  • Google Search Console (webmasters): to read your website's search performance (queries, clicks, impressions, positions, indexing status) so your Sirvo dashboard and reports can show how patients find your practice, and to submit sitemaps for content Sirvo publishes on your behalf.
  • Site verification (siteverification): to verify (or confirm existing verification of) your ownership of your practice's website with Google, so a Search Console property can be connected or created for it without manual DNS work where possible.
  • Google Analytics — read (analytics.readonly): to read your website's traffic and conversion data (sessions, page views, events, conversions) so Sirvo can report the results of its work in new-patient inquiries rather than raw clicks.
  • Google Analytics — configure (analytics.edit): to set up measurement on your behalf — for example creating or configuring an Analytics property, data stream, or the conversion events (calls, form fills, booking clicks) that power your New Patients Report. We use it to configure measurement, never to delete your existing data.

How this data is used: exclusively to provide and improve the Sirvo features you see — your dashboard, rankings, reports, and publishing. We do not use Google user data to build advertising profiles, we do not sell it, and we do not transfer it to third parties except to the service providers that host and run Sirvo (acting on our instructions), when required by law, or as part of a merger or acquisition with equivalent privacy protections. Humans at Sirvo do not read this data except with your explicit permission (e.g. a support request you initiate), where necessary for security or abuse investigation, or to comply with law.

Storage and protection: OAuth tokens and Google API data are stored encrypted in transit and at rest on Google Cloud infrastructure, with access restricted to the server-side systems that need them. Your Google password is never seen or stored by Sirvo.

Retention and deletion: you can disconnect your Google account at any time from your Sirvo settings, or revoke Sirvo's access from your Google account at myaccount.google.com/permissions. On disconnection we delete the stored tokens, and on account deletion (or request to privacy@sirvo.ai) we delete Google user data we hold about you within 30 days, except where retention is required by law.

Limited Use disclosure: Sirvo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How we use information

  • To provide the service: visibility reports, content plans, publishing, and performance reporting.
  • To email you what you asked for (checker reports, weekly digests, monthly reports) and occasional product updates — every email has an unsubscribe link.
  • To improve the product through aggregate, de-identified usage analysis.

We do not sell your information. We share it only with the service providers required to run Sirvo (hosting, email delivery, payments, analytics), each bound to use it solely on our behalf.

Your rights

You can request a copy of the information we hold about you, ask us to correct it, or ask us to delete it — email privacy@sirvo.ai and we'll handle it within 30 days. Depending on where you live (e.g., California, EU/EEA, UK), you may have additional statutory rights, which we honor.

Changes

If we change this policy in a way that matters, we'll update the date above and notify subscribers by email. Questions any time: privacy@sirvo.ai.