Last update: October 31, 2025.
This policy applies to the Itaca platform, including the sites https://itaca.ai and https://app.itaca.pro. This policy explains how Itaca collects, uses and protects the personal information of its users.
Information We Collect
We may collect the following types of personal information from users who use our web application:
Account Information: When users register for an account, we may collect their name, email address and other contact information.
Professional Information: We may collect information about the user's medical specialty, qualifications or professional certifications, where applicable.
Patient Information: If users use our web application to manage patient registrations or appointments, we may collect patient-related information as authorized by the user and as necessary for the operation of the application.
Usage Data: We may collect data about how users interact with our web application, including log data, device information and usage patterns.
Billing Information: When subscribing to a payment plan, we may collect billing data such as name, billing address and partial payment method information (e.g., last 4 digits of card), as provided by our payment processor.
Using Google APIs
When the user decides to connect his Google account with Itaca, we request access through the permissions https://www.googleapis.com/auth/calendar and https://www.googleapis.com/auth/contacts.readonly.
These accesses are used exclusively for the following purposes:
- Calendar:
- Read the user's calendar events to display their upcoming medical appointments within the application.
- Create new events or update existing events to link them to sessions in Itaca, when explicitly authorized by the user.
- Contacts:
- Access to contacts is through the Google People API.
- Read basic contact information stored in the user's Google Account (such as name, email address, phone number) for the sole purpose of enriching their patient data in Itaca, facilitating the linkage between their contacts and their clinical records.
- No contacts are created, modified or deleted in the user's Google account.
Access and update tokens are stored encrypted and are used only to maintain the secure connection between Itaca and Google services.
The user can revoke this access at any time from their Google account or from their Itaca account settings, where they can manage and revoke calendar and contacts permissions.
.
How We Use Information
We use the information collected for the following purposes:
Provision of Services: We use user information to provide access to our web application and its features, including patient management and appointment scheduling tools.
For users who connect Google Calendar, the calendar information is used only to synchronize and display their events within Itaca.
Service Improvement: We analyze usage data to understand how users use our web application and to improve its functionality and user experience.
Communications: We may use users' contact information to send important updates, notifications and promotional offers related to our web application.
Legal Compliance: We may use and disclose user information as required by law or in response to lawful requests.
Payments
We use a third-party provider, Stripe, to securely process payments. When you make a purchase, your payment information (such as your card details) is collected and processed directly through Stripe in accordance with their Privacy Policy. We do not store or have access to your full payment method information.
Data Sharing
We do not sell, trade or rent users' personal information to third parties. However, we may share information with trusted service providers who assist us in operating our web application or conducting our business, subject to confidentiality obligations.
This includes sharing relevant personal and billing information with Stripe, our payment processing partner, to facilitate transactions. Stripe is contractually obligated to protect your data and use it only for payment processing.
In the case of integration with Google Calendar, calendar data is not shared with any third party or used for any purpose other than synchronization within Itaca.
Data Security
We take reasonable measures to protect the security of users' personal information and prevent unauthorized access, disclosure, alteration or destruction of data.
Google Calendar related data and authentication tokens are stored encrypted and transmitted securely using HTTPS and OAuth 2.0 protocols.
Data Retention
We retain billing and transaction records as required by tax, accounting and regulatory laws.
Personal information and Google Calendar data is retained only as long as the user's account is active or until access to Google Calendar is revoked.
Once access is revoked or the account is deleted, the synchronized data is permanently deleted from our servers.
Consent
By using our web application, users consent to the collection, use and sharing of their personal information as described in this Privacy Policy.
By connecting your Google Calendar account, you explicitly consent to Itaca accessing and processing your calendar data in accordance with the purposes stated above.
Changes to this Policy
We reserve the right to update or modify this Privacy Policy at any time. Users are encouraged to check this page periodically for any changes.
If we make material changes in the way we treat Google Calendar data, we will notify you before such changes take effect.
Contact us
If users have any questions or concerns about this Privacy Policy or the handling of their personal information, they may contact us at info AT itaca DOT ai.