What Rivet stores about your clients

You’re accountable for the personal health information of the people who contact your practice. Knowing exactly what Rivet stores — and for how long — is the foundation of that accountability.

What Rivet collects from your clients

Rivet handles client information on your behalf as your agent. Every category below is treated as personal health information (PHI) and protected accordingly.

Category	How it arrives	Where it lives
Phone number	The phone network passes it on every inbound call and SMS	Database
Voicemail audio	The caller leaves a message; Twilio records it	Twilio for the platform retention window (30 days by default); fetched on demand by Rivet
Voicemail transcript	Transcribed locally on Rivet’s Canadian hardware	Database
Voicemail intent classification	Rivet’s local LLM categorizes the transcript (“new client,” “reschedule,” “urgent,” etc.)	Database
SMS content	Sent or received via your Rivet number	Database
Caller name	A client may volunteer it in a voicemail or text	Database
Video session metadata	Time joined, duration, participating phone numbers	Database
Video session content	Encrypted peer-to-peer between you and your client — not stored	—

What Rivet does not collect:

Diagnoses, treatment plans, or formal clinical notes — those live in your EHR. See the measurement vs. clinical content line.
Health-card numbers, OHIP numbers, or government identifiers.
Payment card numbers — Stripe handles payments end to end.
Recordings of video sessions. The architecture has no recording path.
Anything from third-party AI services. Voicemail audio and transcripts never leave Rivet’s infrastructure for cloud AI processing.

Retention defaults

Category	Default retention
Voicemail audio recordings	30 days, then automatically deleted
Voicemail transcripts	Retained while the conversation is active; caller personal information purges 90 days after last activity
SMS conversation history	Same 90-day purge after last activity
Caller phone number	Subject to the same 90-day purge cycle
Video session metadata	90 days
Call history	Retained while your account is active, subject to the 90-day caller-information purge
Imported contacts	Retained while your account is active; deleted on request or on account closure

Anonymous metadata about activity volume and timing — counts, not content — may be retained for service-performance analysis.

Your client’s right to deletion

A client can ask you, at any time, to delete information you hold about them. Under PHIPA, that request comes to you as the custodian. To act on it:

Confirm the request with the client (a text or email reply is fine).
Email hello@getrivet.ca from your Rivet-signed-in email address. Include the client’s phone number and the scope (“everything,” “the October 14 voicemail,” “just the message history,” etc.).
Rivet acts on your authorization and deletes the requested information within seven business days.
Rivet confirms the deletion back to you so you can close the loop with the client.

You stay in the audit trail — the audit log records that the deletion was authorized by your account.

Your client’s right to access

If a client asks for a copy of what you hold about them (PHIPA s.52), you respond as the custodian. The data is exportable from your inbox — voicemail transcripts, SMS history, and session metadata can be copied or printed. If you need a structured export or help compiling a complete response, email hello@getrivet.ca.

Imported phone contacts

If you import contacts from your phone (to display names alongside incoming calls and to suppress auto-replies on personal contacts), those contact records are held only for that purpose. They aren’t used for any other purpose, aren’t shared with any third party, and are deleted when you remove them or close your account. Imported contacts are non-client personal information — the people in your contacts haven’t consented to anything by being in your phone. Rivet limits use to display and auto-reply suppression for that reason.

When you cancel

When you cancel your account, Rivet — at your option — either returns your data to you or securely deletes it within 30 days. Two carve-outs apply:

Billing records are retained for seven years to meet Canada Revenue Agency requirements.
Operational audit logs (sign-in events, security events) are retained for 90 days.

You can elect a return-and-delete (we send you an export, then delete) or delete-only (no export). Email hello@getrivet.ca to invoke the cancellation path you want.

Where the data physically lives

Voicemail audio + transcription: processed locally in Canada on Rivet’s hardware. See voicemail processing in Canada.
Database (Supabase): currently hosted in a United States region.
WebRTC TURN relay for video (when used): Metered.ca in Canada.

The full sub-processor list and their processing locations are in the Data Processing Agreement.

Voicemail processing in Canada

What runs in Canada, and why that matters for your most sensitive audio.

Encryption

What’s protected, where, and how.

Your role as custodian

Access, correction, and deletion as your obligation under PHIPA.

​What Rivet collects from your clients

​Retention defaults

​Your client’s right to deletion

​Your client’s right to access

​Imported phone contacts

​When you cancel

​Where the data physically lives

​Related articles