1. Introduction
Dental Marketing Tool ("we," "our," or "us") is an AI-powered growth platform built exclusively for dental practices. This Privacy Policy explains how we collect, use, store, and share information when you use our platform and services.
This policy applies to dental practice subscribers, their staff, and any individuals whose information is processed through our platform in connection with delivering our services. For information about how we handle Protected Health Information (PHI) under HIPAA, please also review our HIPAA Compliance page.
If you have questions about this policy, contact us at privacy@dentalmarketingtool.com.
2. Information We Collect
We collect information in four categories:
- Practice information: Business name, address, phone number, email address, website URL, billing information, and the names and contact details of authorized staff members who access the platform.
- Patient call recordings: When a patient calls your practice's AI Receptionist line, the call is recorded for quality assurance and service delivery. Every call opens with a required disclosure informing the caller that the call is being recorded and handled by an AI assistant. Recordings constitute PHI and are handled under the terms of our Business Associate Agreement.
- Usage data: Information about how your practice uses the platform, including features accessed, appointment booking events, review responses submitted, and dashboard interactions. This is used to improve the service and is analyzed in aggregated, anonymized form.
- Payment information: Billing and payment transactions are processed by Stripe. We do not store full card numbers, CVV codes, or bank account numbers. We retain only the last four digits of your card and your billing address for account management purposes.
3. How We Use Your Information
We use the information we collect to:
- Deliver and operate the Dental Marketing Tool platform, including the AI Receptionist, Review Responder, Text Auto-Booker, and AI SEO Engine features
- Process and respond to HIPAA-covered activities only as permitted under our signed Business Associate Agreement with your practice
- Generate aggregated, anonymized analytics to improve platform performance, individual patient data is never included in these analyses
- Send you service-related communications, including billing notices, system alerts, and feature updates
- Send product and marketing updates about new features or services from Dental Marketing Tool, you may opt out of marketing communications at any time by clicking "Unsubscribe" in any email or by contacting us directly
- Comply with legal obligations, enforce our Terms of Service, and resolve disputes
We do not use patient data to train AI models. Any AI model training or improvement uses only anonymized, aggregated signals that cannot be attributed to any individual patient or practice.
4. Information Sharing
🚫 We do not sell your data. Ever. To anyone. For any reason.
We share information only in the following limited circumstances:
- Subprocessors: We use a small set of vetted third-party providers to operate our platform. Each has signed a Data Processing Agreement with us:
- Cloud hosting and storage: Amazon Web Services (AWS), US-based, SOC 2 Type II certified
- Payment processing: Stripe, PCI-DSS Level 1 compliant
- Telephony and call infrastructure: Twilio, US-based, HIPAA-eligible
- Platform analytics: aggregated and anonymized only, no individual or patient-level data is shared with analytics tools
- Legal requirements: We may disclose information in response to a valid subpoena, court order, or other legal process. Where permitted by law, we will notify the affected practice before disclosure.
- Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, subscriber information may be transferred as part of the transaction. We will provide advance notice and ensure the acquiring party maintains equivalent privacy protections.
5. Cookies & Tracking
We use a minimal set of cookies to operate the platform:
- Session cookies: Required for login and maintaining your authenticated session. These are deleted when you close your browser or log out. They cannot be disabled without breaking platform functionality.
- Preference cookies: Store your dashboard layout and notification preferences across sessions.
- Optional analytics cookies: If you consent, we use anonymized analytics to understand feature usage patterns and improve the platform. You may opt out of analytics cookies at any time via the Cookie Preferences link in the platform footer, or by contacting us.
We do not use third-party advertising cookies, cross-site tracking cookies, or fingerprinting technologies of any kind.
6. Data Retention
- Protected Health Information (PHI): Retained per the terms of your signed Business Associate Agreement. HIPAA requires a minimum retention period of 6 years from creation or last effective date.
- Call recordings: Retained for 12 months from the date of the call unless a longer period is required by your BAA, applicable law, or an open legal hold.
- Non-PHI practice and account data: Retained for as long as your account is active, plus 2 years following account closure. After that period, data is permanently deleted or irreversibly anonymized.
- Payment records: Retained for 7 years to comply with financial recordkeeping requirements.
Upon account cancellation, we make your data available for export for 60 days, then apply our standard deletion schedule.
7. Your Rights
Depending on your location, you may have the following rights with respect to your information:
- Access: Request a copy of the information we hold about your practice and its account
- Correction: Request that inaccurate or incomplete information be corrected
- Deletion: Request deletion of your account data, subject to HIPAA retention requirements and our legal obligations, some data must be retained regardless of deletion requests
- Data portability: Request your data in a structured, machine-readable format
- Opt out of marketing: Unsubscribe from marketing and promotional communications at any time, this will not affect service-related communications
For patient rights regarding PHI (access, amendment, accounting of disclosures), those requests must be directed to the dental practice, which is the HIPAA Covered Entity. We will cooperate with your practice to fulfill any such requests.
To exercise any of the rights above, contact us at privacy@dentalmarketingtool.com. We respond to all requests within 30 days.
8. Security
We take the security of your data seriously and maintain a layered security program that includes:
- Encryption of all data in transit using TLS 1.3 and all data at rest using AES-256
- Role-based access controls and multi-factor authentication required for all internal staff accounts
- SOC 2 Type II certified cloud infrastructure, independently audited annually
- Annual penetration testing conducted by an independent third-party security firm
- Immutable audit logging of all PHI access events
- Documented incident response and breach notification procedures
No system is perfectly immune to attack. If you discover a potential security vulnerability, please report it responsibly to security@dentalmarketingtool.com.
9. Children
Dental Marketing Tool is a business-to-business platform and is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently received personal information from a child under 13, we will delete such information promptly. If you believe we may have information from or about a child under 13, please contact us at privacy@dentalmarketingtool.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, those that meaningfully affect your rights or how we use your data, we will provide at least 30 days advance notice via email to your account's primary contact before the changes take effect.
For minor, non-material updates (such as clarifications of existing practices or corrections of typographical errors), we will update the "Last updated" date at the top of this page and the changes will be effective immediately upon posting.
We encourage you to review this policy periodically. Continued use of the platform after a policy update constitutes your acceptance of the revised terms.
11. Contact
For questions, concerns, or requests related to this Privacy Policy or your data, contact our privacy team:
We are committed to resolving privacy concerns promptly and transparently. If you are not satisfied with our response, you may have the right to lodge a complaint with your applicable data protection authority.