Privacy Policy

Effective Date: March 10, 2025

1. Introduction Welcome to Cream Digital ("Company," "we," "our," "us"). We specialize in AI infrastructure buildouts and custom AI solutions. Protecting your privacy is a priority for us. This Privacy Policy outlines how we handle user data, compliance obligations, security measures, and your rights. By using our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.


2. Information We Collect We do not collect, store, or process any personal data, call recordings, transcripts, or metadata. Our AI infrastructure serves as a connector between existing systems, meaning all data remains under the client’s control.


3. How We Use Data Although we do not store data, our AI solutions facilitate communication, automation, and workflow efficiencies for clients. If any data is processed through our infrastructure, it is managed entirely within the client’s ecosystem. However, we reserve the right to analyze anonymized usage trends for performance optimization and service improvement.


4. Data Retention and Deletion Since we do not store data, there are no retention or deletion policies applicable to our systems. Clients utilizing our AI solutions retain full control over their data and are responsible for managing their own retention and deletion policies.


5. Third-Party Services We integrate with third-party services, including but not limited to:

  • Retell AI (for AI-powered voice solutions)
  • Amazon Web Services (AWS) (for cloud-based processing)
  • Client-selected CRMs (e.g., HubSpot, Salesforce, eClinicalWorks, etc.)


Any data processed by these services remains under the client's control. Clients are responsible for ensuring compliance with the terms and policies of these third-party providers.


6. Security Measures Although we do not store data, we implement industry-standard security measures to protect our AI infrastructure, including:

  • Utilizing HIPAA-compliant tools such as Retell AI and AWS for secure processing.
  • Secure authentication protocols to prevent unauthorized access.
  • Regular system audits and compliance reviews to maintain security integrity.
  • Implementing industry-standard encryption for communication layers within our AI infrastructure.


7. Compliance with HIPAA, CCPA, and GDPR

  • HIPAA (Health Insurance Portability and Accountability Act): For healthcare clients, we sign Business Associate Agreements (BAAs) to ensure compliance with HIPAA regulations and the protection of protected health information (PHI).


  • CCPA (California Consumer Privacy Act): If we process data of California residents on behalf of clients, we acknowledge consumer rights under CCPA, including:
  • The right to request information about collected data.
  • The right to request data deletion (handled by the client’s infrastructure).
  • The right to opt out of data selling (we do not sell data).


  • GDPR (General Data Protection Regulation): While we do not operate in the European market, clients processing GDPR-governed data are responsible for compliance.


8. Children’s Privacy Our services are not intended for individuals under the age of 18. We do not knowingly process or store information related to minors. If a client processes data involving minors, they must ensure compliance with applicable child data protection laws.


9. Changes to This Privacy Policy We reserve the right to update this Privacy Policy periodically. Any significant changes will be communicated to clients via email or a notification on our website. Continued use of our services after updates constitutes acceptance of the revised policy.


10. Contact Information For privacy-related inquiries or concerns, please contact us at oscar@creamdigital.ai


By using our services, you acknowledge and agree to this Privacy Policy.