Privacy Policy
Your privacy and data security are our top priorities. Learn how DentOnly protects and manages your information.
DentOnly Privacy Policy
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Information Sharing and Disclosure
- 5. Data Security
- 6. Data Retention
- 7. Your Rights and Choices
- 8. Cookies and Tracking Technologies
- 9. Children's Privacy
- 10. International Data Transfers
- 11. Changes to This Policy
- 12. Contact Information
Introduction
Welcome to DentOnly, a comprehensive dental practice management software solution. This Privacy Policy describes how DentOnly ("we," "our," or "us") collects, uses, protects, and shares information when you use our software platform, website, and related services (collectively, the "Services").
DentOnly is designed specifically for dental professionals to manage their practices, including patient records, appointment scheduling, treatment planning, billing, and practice analytics. We understand the sensitive nature of healthcare data and are committed to maintaining the highest standards of privacy and security.
HIPAA Compliance
DentOnly is designed to be HIPAA compliant and serves as a Business Associate for covered healthcare entities. We implement appropriate administrative, physical, and technical safeguards to protect Protected Health Information (PHI).
Information We Collect
Practice and Account Information
- Practice name, address, and contact information
- Healthcare provider information (names, licenses, specialties)
- User account details (usernames, email addresses, roles)
- Billing and payment information
- Practice preferences and configuration settings
Patient Health Information (PHI)
- Patient demographics and contact information
- Medical and dental history
- Treatment records and clinical notes
- Diagnostic images and radiographs
- Insurance information
- Appointment and treatment scheduling data
- Billing and payment records
Technical Information
- IP addresses and device information
- Browser type and version
- Usage patterns and feature utilization
- System performance and error logs
- Security event logs
How We Use Your Information
Primary Uses
- Practice Management: Enable core functionalities like patient scheduling, treatment planning, and record keeping
- Clinical Support: Provide tools for diagnosis, treatment planning, and patient care coordination
- Billing and Insurance: Process payments, submit insurance claims, and manage financial records
- Reporting and Analytics: Generate practice insights, compliance reports, and performance metrics
Service Improvement
- Enhance software functionality and user experience
- Develop new features and services
- Conduct security monitoring and system optimization
- Provide customer support and technical assistance
Legal and Regulatory Compliance
- Comply with healthcare regulations (HIPAA, state dental board requirements)
- Respond to legal requests and court orders
- Prevent fraud and ensure system security
- Maintain audit trails for compliance purposes
Information Sharing and Disclosure
We do not sell, rent, or trade personal information or PHI. Information may be shared only in the following circumstances:
Authorized Disclosures
- Healthcare Operations: With other healthcare providers involved in patient care (with proper authorization)
- Insurance Processing: With insurance companies for claims processing and reimbursement
- Patient-Authorized: When patients specifically authorize disclosure to third parties
- Business Associates: With vetted service providers who assist in our operations (under strict contractual protections)
Required Disclosures
- To comply with legal obligations and regulatory requirements
- In response to valid court orders or subpoenas
- For public health and safety purposes as required by law
- To prevent serious threats to health or safety
Third-Party Integrations
DentOnly may integrate with third-party services (laboratories, imaging centers, insurance networks). All integrations are subject to strict data protection agreements and HIPAA compliance requirements.
Data Security
Technical Safeguards
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Network Security: Firewalls, intrusion detection, and continuous monitoring
- Data Backup: Automated, encrypted backups with geographic redundancy
- Audit Logging: Comprehensive logging of all system access and changes
Administrative Safeguards
- Regular security training for all personnel
- Background checks for employees with system access
- Incident response procedures and breach notification protocols
- Regular security assessments and penetration testing
- Business associate agreements with all vendors
Physical Safeguards
- Secure data centers with 24/7 monitoring
- Biometric access controls and security cameras
- Environmental controls and redundant power systems
- Secure disposal of hardware and storage media
Data Retention
We retain information only as long as necessary for legitimate business purposes and legal compliance:
- Patient Records: Retained according to applicable state and federal laws (typically 7-10 years after last treatment)
- Financial Records: Retained for tax and audit purposes (typically 7 years)
- System Logs: Retained for security and troubleshooting purposes (typically 1-3 years)
- Backup Data: Automatically purged according to retention schedules
When data is no longer needed, it is securely deleted using industry-standard methods to prevent recovery.
Your Rights and Choices
Healthcare Provider Rights
- Access: Review and obtain copies of practice and patient data
- Correction: Request correction of inaccurate information
- Export: Export data in standard formats for migration or backup
- Account Control: Manage user access and permissions within your practice
Patient Rights (as applicable)
- Right to access their own health records
- Right to request corrections to their information
- Right to request restrictions on use or disclosure
- Right to an accounting of disclosures
Exercising Your Rights
To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to requests within the timeframes required by applicable law.
Children's Privacy
DentOnly is designed for use by healthcare professionals and their staff. We do not knowingly collect personal information from children under 13 for marketing purposes. When pediatric patient information is processed, it is handled according to HIPAA requirements and applicable state laws regarding minors' healthcare records.
Parents and guardians have the right to access, correct, or request deletion of their child's health information in accordance with applicable healthcare privacy laws.
International Data Transfers
DentOnly primarily operates within the United States and stores data in secure facilities located in the U.S. If international data transfers are necessary for service provision or support, we ensure:
- Appropriate safeguards are in place
- Compliance with applicable data protection laws
- Contractual protections for transferred data
- Notification to affected practices when required
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will notify you via email and in-app notifications
- We will post the updated policy on our website
- We will provide a summary of key changes
- For significant changes, we may require acknowledgment
Continued use of DentOnly after notification of changes constitutes acceptance of the updated policy.
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Security Incidents
To report suspected security incidents or data breaches, please contact our Security Team immediately at security@dentonly.com or call our 24/7 security hotline at 1-800-SECURITY.