Privacy Policy

Last updated: June 30, 2026

DentalHIPAA ("we", "our", or "us") operates the website www.dentalhipaa.com and the DentalHIPAA compliance tracking software (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

We collect the following information when you use DentalHIPAA:

• Account information: Email address, practice name, and password (encrypted) when you register.
• Compliance data: HIPAA checklist items you complete, BAA records you enter, staff training records, and risk assessment responses. This data belongs to you.
• Uploaded documents: Files you upload (PDFs, images) as evidence for compliance items. These are stored securely and are only accessible by you.
• Payment information: Processed securely by Stripe. We never store your credit card details on our servers.
• Usage data: Basic analytics about how you use the Service (page views, feature usage) to improve the product.

2. What We Do NOT Store

DentalHIPAA is a compliance tracking tool. We do not store any patient health information (PHI). Your patient records, clinical data, and protected health information remain in your practice management system. Never enter patient data into DentalHIPAA.

3. How We Use Your Information

• To provide and maintain the Service
• To process payments via Stripe
• To send compliance reminders and important account notifications
• To improve and develop new features
• To respond to your support requests

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL database and file storage) hosted on secure cloud infrastructure. We use industry-standard encryption for data in transit (TLS/HTTPS) and at rest. Uploaded documents are stored in private, access-controlled storage buckets — only you can access your files.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

• Stripe — for payment processing
• Supabase — for database and file storage infrastructure
• When required by law or court order

6. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

7. Data Retention

We retain your account data for as long as your account is active. If you cancel your account, you may request deletion of your data by contacting us at support@dentalhipaa.com. We will delete your data within 30 days of the request.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data

To exercise these rights, contact us at support@dentalhipaa.com.

9. Children's Privacy

DentalHIPAA is intended for use by licensed dental professionals. We do not knowingly collect data from anyone under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.