Privacy Policy
Last Updated: January 1, 2026
Dentaloo ("Dentaloo," "we," "our," or "us") is committed to protecting the privacy and security of personal, financial, and dental health information, including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Dentaloo platform, including our website, applications, integrations, and communication channels.
1. Scope of This Policy
This Privacy Policy applies to all data processed by Dentaloo, including:
- Patient, guarantor, and dental provider information submitted through Dentaloo
- PHI processed under a Business Associate Agreement ("BAA")
- Billing, claims, and insurance data entered manually or via integrations
- Website analytics and device information
- Customer support communications
2. Information We Collect
2.1 Summary of Information Collected
| Category | Examples | Source | Includes PHI? |
|---|---|---|---|
| Patient & Dental Provider Information | Names, contact details, date of birth, demographics, appointment data, treatment codes, insurance details, claim documents | You, Dental Practice, Integrations | Yes |
| Account & Identifiers | Login credentials (hashed), IP address, MFA logs, practice name | User | No |
| Billing & Transaction Data | Subscription plans, invoices, billing history, payment tokens | User / Payment Processor | No |
| Device & Usage Data | Browser type, OS, audit logs, cookies | System / Browser | No |
| Support Communications | Emails, chats, attachments, call recordings | User | May contain PHI |
| Integration Data | PMS sync data, eligibility responses, claim status | Third-party systems | Yes |
2.2 Information We Do Not Collect
Dentaloo does not collect:
- Biometric identifiers
- Facial recognition data
- Voiceprints or fingerprints
- Advertising profiles based on PHI
3. How We Use Information
3.1 Purposes for Data Use
| Purpose | Data Used | Legal Basis (GDPR) | HIPAA Basis |
|---|---|---|---|
| Account creation & authentication | Identifiers | Contract | Permitted Use |
| Dental billing & claims processing | PHI, Identifiers | Contract | Payment & Operations |
| Insurance eligibility & remittance | PHI | Legal Obligation | Payment Activities |
| Security, fraud prevention & audits | Device data, logs | Legitimate Interest | Security Rule |
| Platform performance & improvement | De-identified analytics | Legitimate Interest | De-identified Only |
| Communications & support | Identifiers, Support data | Contract | Permitted Use |
| Marketing (non-PHI only) | Identifiers | Consent | PHI Excluded |
Dentaloo never uses PHI for advertising, tracking, profiling, or marketing purposes.
4. HIPAA Compliance & Safeguards
Dentaloo operates as a HIPAA-compliant Business Associate and implements the following safeguards:
- Business Associate Agreements with Covered Entities
- Enforcement of the Minimum Necessary Rule
- No sale or monetization of PHI
- No third-party analytics on PHI-protected areas
- Encryption of PHI at rest and in transit
5. Data Retention
We retain information only as long as required by law or contractual obligations:
- PHI: 6-10 years (or as required by state law)
- Billing and financial records: 7 years
- Non-PHI analytics: up to 26 months
- Support communications: up to 3 years
6. Cookies & Tracking Technologies
Dentaloo does not use cookies or tracking technologies on pages that process or display PHI. Limited cookies may be used on public-facing pages for basic functionality.
7. Disclosure of Information
We do not sell personal information.
PHI is disclosed only as permitted under HIPAA, including to:
- HIPAA-compliant service providers
- Authorized dental practice integrations
- Government authorities when legally required
- Successor entities in the event of a merger or acquisition (with notice)
8. International Data Transfers
Where applicable, international data transfers rely on:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- HIPAA-compliant technical and organizational safeguards
9. Your Rights
Patients (HIPAA)
Patients should submit access, amendment, or disclosure requests directly through their dental provider.
EU / UK Users (GDPR)
Requests related to access, deletion, correction, or portability may be submitted to: [email protected]
10. Security Measures
Dentaloo maintains industry-standard security controls, including:
- TLS 1.3 and AES-256 encryption
- Multi-factor authentication (MFA)
- Role-based and zero-trust access controls
- SOC 2 Type II aligned policies
- Daily encrypted backups
11. Breach Notification
In the event of a data breach involving PHI, Dentaloo will notify affected Covered Entities without undue delay and comply with all applicable legal and regulatory notification requirements.
12. Contact Information
Dentaloo, Inc.
1985 W Big Beaver Rd, #320
Troy, MI 48084
Email: [email protected]
Phone: +1 313-314-8985