01
INTRODUCTION & SCOPE
Maine Street Market LLC, doing business as GZD Consulting (“GZD Consulting,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at ai.gzd.consulting (the “Site”), interact with our AI voice receptionist services (the “Services”), or otherwise communicate with us.
This policy applies to information we receive from prospective clients, current clients, website visitors, and individuals who interact with our AI on behalf of practices that use our Services. By using the Site or Services, you acknowledge that you have read this policy.
Effective date: April 19, 2026
02
INFORMATION WE COLLECT
We collect information in several ways, depending on how you interact with us.
Information You Provide Directly
When you contact us through our website, fill out an intake form, request a demo, sign up as a client, or correspond with us by email or phone, you may provide:
- Name, business name, role or title
- Email address and phone number
- Mailing or business address
- Practice type, size, and operational details (e.g., software you use, hours of operation, services offered)
- Any other information you choose to share in messages or forms
Information Collected Automatically
When you visit the Site, we may automatically collect standard technical information, which may include:
- IP address and approximate geographic location
- Browser type, device type, and operating system
- Pages visited, time on page, and referring URL
- Date and time of visit
Information From Third Parties
We may receive information about you from third parties, such as referral sources, business partners, or publicly available sources, where you have authorized them to share that information or where sharing is otherwise permitted.
Information Collected When You Interact With Our AI Services
If you are an end-patient, customer, or caller of a practice that uses our Services, our AI receptionist may collect information during your call, which may include:
- Audio recording of the call
- Transcript of the conversation
- Caller phone number and timestamp
- Appointment details (date, time, reason for visit, provider)
- Insurance information you choose to share
- Any other information you provide during the call
Important note for end-patients of our healthcare clients: The practice you called is the entity that controls your information for healthcare purposes. We process information on the practice’s behalf as their service provider. For information about your rights regarding your protected health information, please refer to the practice’s Notice of Privacy Practices.
Back to top ↑
03
HOW WE USE INFORMATION
We use the information we collect for legitimate business purposes, including:
- Providing, operating, and maintaining our Services
- Configuring and improving our AI for our clients’ specific practice needs
- Improving the quality, accuracy, and performance of our AI through review of recordings and transcripts
- Communicating with prospective and current clients about demos, services, support, billing, and updates
- Processing payments and managing client accounts
- Quality assurance, training, and oversight of the Services
- Responding to inquiries, requests, and feedback
- Complying with legal obligations and protecting our legal rights
- Detecting, investigating, and preventing fraud, abuse, or violations of our policies
For information processed on behalf of a healthcare client, our use is governed by the Business Associate Agreement (“BAA”) we have signed with that client.
Back to top ↑
04
HOW WE SHARE INFORMATION
We do not sell personal information. We share information only as described below.
With Service Providers
We rely on third-party service providers to operate our Services. These providers are bound by contractual obligations to use information only as needed to provide their services to us. They include, but are not limited to:
- Retell AI — voice AI platform
- ElevenLabs — voice synthesis
- ChatDash — client portal
- Stripe — payment processing
- Make.com — workflow automation
- Supabase — data storage
- pVerify — insurance verification (for applicable client tiers)
This list may change from time to time as we update our service stack. We make reasonable efforts to use providers that maintain appropriate security and privacy practices.
With Our Clients
Information collected through calls handled by our AI on behalf of a client practice is shared with that practice through the call log, transcript, and dashboard. The client practice is the party that owns and uses that information for their patient or customer relationship.
For Legal and Compliance Reasons
We may disclose information if we believe in good faith that disclosure is required to: comply with applicable law or legal process; respond to lawful requests by public authorities; protect our rights, property, or safety, or that of our clients or others; or investigate possible violations of our terms.
Business Transfers
If we are involved in a merger, acquisition, financing, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to standard confidentiality protections.
With Your Consent
We may share information for any other purpose with your consent.
Back to top ↑
05
PROTECTED HEALTH INFORMATION & HIPAA
For our healthcare clients, we may handle Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations. In those engagements, we act as a Business Associate of the client practice.
We sign a separate Business Associate Agreement (“BAA”) with each healthcare client. The BAA governs how we may use and disclose PHI, and it requires us to implement appropriate safeguards. We use and disclose PHI only as authorized by the BAA and as permitted by HIPAA.
If you are a patient of one of our healthcare clients and have questions about your rights regarding your PHI, please refer to your healthcare provider’s Notice of Privacy Practices, or contact the provider directly. Patient rights with respect to PHI are exercised through the provider, not through us.
Back to top ↑
06
CALL RECORDING DISCLOSURE
Calls handled by our AI receptionist may be recorded for quality assurance, training, service improvement, and client recordkeeping purposes.
Florida is a two-party consent state for call recording under Fla. Stat. § 934.03. To comply with this requirement, our AI discloses at the start of every call that the call may be recorded. By continuing the call after that disclosure, the caller consents to the recording.
Recordings and transcripts are stored using encryption in transit and at rest through our service providers, and are accessible to the client practice that received the call. Access on our side is limited to personnel who have a legitimate operational need.
For calls that involve PHI, recording, storage, and access are additionally governed by the BAA with the relevant healthcare client.
Back to top ↑
07
DATA RETENTION
We retain information for as long as is reasonably necessary for the purposes described in this policy, including providing the Services, complying with our legal and contractual obligations, resolving disputes, and enforcing our agreements.
For PHI, retention is governed by the terms of the BAA with the relevant healthcare client and applicable law. When information is no longer needed, we take reasonable steps to delete it or render it de-identified.
Back to top ↑
08
YOUR RIGHTS
Depending on where you live, you may have certain rights with respect to your personal information. These may include the right to:
- Request access to the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your personal information, subject to legal and contractual exceptions
- Opt out of marketing communications
- Exercise additional rights provided by applicable state or federal law
Residents of California, Florida, and certain other states may have additional rights under applicable state privacy laws. We will respond to verifiable requests in accordance with applicable law.
If you are an end-patient of one of our healthcare clients and your request concerns PHI, you should generally direct your request to the practice that provides your care, since they are the covered entity that controls that information. We will support the practice in responding as required by the BAA.
To exercise any of these rights, please contact us using the information in the Contact Us section below. We may need to verify your identity before responding.
Back to top ↑
09
COOKIES & TRACKING
We do not currently use cookies or tracking technologies on this Site beyond what is required for basic site functionality. We do not currently run analytics, advertising, or behavioral tracking tools.
We may add analytics or similar tools in the future. If we do, we will update this policy to describe what is in use and for what purpose.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of the Site.
We do not currently respond to “Do Not Track” browser signals, as no consistent industry standard has been established.
Back to top ↑
10
SECURITY
We take steps to protect information using reasonable administrative, technical, and physical safeguards designed to guard against unauthorized access, use, alteration, or disclosure. These safeguards include encryption in transit and at rest where appropriate, access controls, and the use of reputable service providers.
No system can be guaranteed 100% secure, however, and we cannot guarantee the absolute security of any information. If we become aware of a security incident affecting your information, we will respond in accordance with applicable law and any contractual obligations, including under any applicable BAA.
Back to top ↑
11
CHILDREN’S PRIVACY
The Site and Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take appropriate steps to delete it.
For minors who interact with our AI as patients of our healthcare clients, the relationship is between the patient (and the patient’s parent or guardian) and the client practice. Information received from those calls is handled in accordance with our BAA with the client.
Back to top ↑
12
THIRD-PARTY LINKS
Our Site may contain links to third-party websites and services. We are not responsible for the privacy practices, content, or availability of those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
Back to top ↑
13
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. For material changes, we will provide additional notice as appropriate, which may include a notice on the Site or direct communication to clients.
Your continued use of the Site or Services after the updated policy takes effect constitutes acknowledgement of the updated policy.
Back to top ↑
14
CONTACT US
If you have questions about this Privacy Policy or about how we handle your information, please contact us:
