Privacy Policy

1. Information We Collect

We collect information that you provide directly to us when you register for an account, use the DentOS platform, or communicate with us:

• Account Information: Name, email address, practice name, phone number, and billing information.
• Practice Data: Patient records, appointment data, insurance information, and clinical notes processed through the platform.
• Usage Data: Information about how you use DentOS, including log data, IP addresses, browser type, and device identifiers.
• Communications: Records of your communications with our support team and AI agents.

2. HIPAA Compliance

DentOS operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enter into a Business Associate Agreement (BAA) with all covered entities using our platform. We implement all required administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

• All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access to PHI is strictly role-based and logged
• We conduct regular security audits and risk assessments
• We maintain a comprehensive incident response plan

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the DentOS platform and AI agents
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments and questions
• Train and improve AI models (using de-identified data only, per your BAA)
• Comply with legal obligations

4. Information Sharing

We do not sell, trade, or rent your personal information or patient data to third parties. We may share information with:

• Service Providers: Vetted third parties who assist in delivering our services (cloud infrastructure, payment processing), all bound by confidentiality agreements.
• Legal Requirements: When required by law, subpoena, or other legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with advance notice).

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account termination, we will delete or de-identify your data within 90 days, unless a longer retention period is required by law. Patient records subject to HIPAA retention requirements will be handled per applicable regulations.

6. Security

We implement industry-leading security measures including SOC 2 Type II certification, end-to-end encryption, multi-factor authentication, and continuous security monitoring. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have rights including:

• Access to the personal information we hold about you
• Correction of inaccurate data
• Deletion of your personal information
• Portability of your data in a machine-readable format
• Opt-out of certain data processing activities

To exercise these rights, contact us at privacy@dentos.io.

8. Cookies

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

9. Children's Privacy

DentOS is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Policy on this page and updating the "Last updated" date. We encourage you to review this Policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@dentos.io
• Address: Raptric LLC, Privacy Officer