Privacy policy
Introduction and scope
This Privacy Policy explains how DentalCareOS ("DentalCareOS", "we", "us") collects, uses, and protects information when you visit our website or use our practice management platform. It applies to our marketing website and to the DentalCareOS application provided to dental practices and their authorized staff. It does not change the terms of any signed agreement between DentalCareOS and a practice, which controls if there is a conflict.
Information we collect
We collect information you provide directly, such as your name, email, practice name, and the contents of a demo request. When you use the platform, we process the practice and patient records your practice enters or imports. We also collect limited technical information automatically, such as browser type, device, and pages viewed, to operate and secure the service.
How we use information
We use information to provide and improve the service, respond to demo and support requests, secure our systems, and meet legal obligations. We do not sell personal information. We do not use protected health information for advertising.
PHI and HIPAA
When a dental practice uses DentalCareOS to store or process protected health information (PHI), the practice is the HIPAA covered entity and DentalCareOS acts as its Business Associate. We handle PHI only as permitted by our Business Associate Agreement with the practice and by the Health Insurance Portability and Accountability Act (HIPAA). See our BAA page for more.
Sharing and disclosure
We share information with service providers (subprocessors) who help us run the platform under contract, and only as needed to deliver the service. We may disclose information when required by law or to protect the rights and safety of users. We require our subprocessors to protect information to standards consistent with this policy and our customer agreements.
Data security
We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, network isolation for sensitive data, and audit logging. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify affected parties of incidents as required by law and contract.
Data retention
We retain information for as long as needed to provide the service and to meet legal, accounting, and contractual obligations. Practice and patient records are retained according to the customer agreement; on termination we return or destroy PHI as the agreement and HIPAA require.
Your choices and rights
You may request access to, correction of, or deletion of personal information we hold about you, subject to legal and contractual limits. For PHI, requests are handled through the dental practice that controls the record. To make a request, contact us using the details below.
Children's privacy
Our website and platform are intended for dental practices and their staff, not for children. The platform may contain records of pediatric patients entered by a practice; those records are governed by the customer agreement and HIPAA, not by direct collection from a child.
Changes to this policy
We may update this policy from time to time. We will post the updated version here and change the "Last updated" date. Material changes affecting customers will be communicated as the customer agreement requires.
Contact
Questions about this policy? Contact us at privacy@dentalcareos.com. (This contact address is a draft placeholder pending counsel review.)