Privacy Policy

1. Scope and Relationship to Other Agreements

1.1 Scope of This Policy

This Policy applies to information processed in connection with the Services.

1.2 Customer Agreements Control for Customer-Specific Terms

This Policy does not replace or amend any written agreement between Dental Boost and a business customer with respect to customer-specific service, security, or data-processing obligations, including any master services agreement, order form, subscription agreement, data processing addendum, or Business Associate Agreement ("BAA").

1.3 Conflict with Customer Agreements

If there is a conflict between this Policy and a written agreement governing our provision of Services to a business customer, the written agreement will control only to the extent of that customer-specific conflict. Nothing in any such agreement limits any non-waivable rights of individuals under applicable law or any disclosures we are required to make by law.

1.4 Supplemental Notices

We may provide additional or supplemental privacy notices at or before the point of collection where required by law or where a particular product, workflow, or jurisdiction requires additional disclosures.

2. Important Notice for Patients and Other End Users of Dental Practices

2.1 Customer Controls Patient-Facing Data Practices

Dental Boost provides software, automation, telephony, messaging, scheduling, CRM, and AI-enabled receptionist tools to dental practices and other business customers. If you are a patient, prospective patient, or other end user interacting with a dental practice or other organization that uses Dental Boost, that organization generally determines how your personal information, patient information, and records are collected, used, disclosed, retained, and otherwise processed.

2.2 Dental Boost May Process Information on a Customer's Behalf

In those circumstances, Dental Boost may process information, including Protected Health Information ("PHI"), on behalf of the dental practice or other business customer as its service provider, processor, contractor, or business associate, depending on the relationship and applicable law.

2.3 Contact the Practice or Provider for Patient Privacy Questions

If you have questions about your provider's privacy practices, your patient records, or your rights with respect to information submitted to a dental practice using Dental Boost, please contact that dental practice or other healthcare provider directly.

2.4 Customer Responsibility for Consents and Permissions

Where a customer uses the Services to send calls, text messages, emails, or other communications to patients, leads, or other end users, that customer is responsible for obtaining and maintaining any notices, consents, authorizations, opt-ins, opt-outs, revocations, and suppression records required by applicable law, unless the parties expressly agree otherwise in writing.

3. HIPAA, Business Associate Processing, and De-Identification

3.1 PHI Processing

Where Dental Boost creates, receives, maintains, or transmits PHI on behalf of a covered entity or other customer subject to the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations ("HIPAA"), Dental Boost will process such PHI only as permitted by applicable law, the applicable BAA, our agreement with the customer, and the customer's documented instructions.

3.2 BAA Requirement

Where a BAA is required before Dental Boost processes PHI on behalf of a customer, Dental Boost will enter into an appropriate BAA with that customer before processing PHI in a manner that requires such agreement, except to the extent otherwise permitted by applicable law.

3.3 Limits on PHI Use and Disclosure

Dental Boost's use and disclosure of PHI is limited to the purposes permitted by the applicable BAA, applicable law, and our agreements with the customer.

3.4 De-Identification

Where Dental Boost de-identifies information, Dental Boost will do so only where permitted by applicable law and, where applicable, authorized by the customer agreement and any required Business Associate Agreement. Dental Boost will treat such information as de-identified, will not attempt to re-identify it except as expressly permitted by law, and will require recipients of de-identified information by contract to maintain it in de-identified form and refrain from re-identification attempts except as expressly permitted by law.

4. AI and Automated Communications Disclosure

4.1 Use of AI and Automation

Dental Boost uses artificial intelligence, machine learning, automation, rules-based logic, and related technologies, including AI voice and text agents ("AI Agents"), to support features such as call handling, message drafting or response generation, routing, scheduling, workflow automation, transcription, summarization, tagging, classification, analytics, quality assurance, fraud prevention, and support operations.

4.2 Bot / Automated System Disclosure

When required by law, customer configuration, or the applicable workflow, Dental Boost or the applicable customer will provide a clear disclosure that an individual is interacting with an automated system rather than a live human representative.

4.3 Important AI Limitations

AI and automation tools may generate responses, summaries, transcripts, classifications, recommendations, or other outputs. Automated outputs may contain errors, omissions, inaccuracies, or inappropriate results. AI-generated content is provided for operational and informational purposes only and is not legal, medical, financial, or other professional advice. Important decisions should not be made solely on the basis of automated outputs without appropriate human review where appropriate.

4.4 Human Assistance and Automation Opt-Out

Where channel settings, legal requirements, and workflow design allow, a person may request human assistance or opt out of certain automated interactions, although doing so may limit certain features or delay response times.

5. Information We Collect

5.1 Categories of Information

We collect information directly from you, automatically from your devices and use of the Services, from our customers, from service providers, from integrated systems authorized by our customers or users, and from other lawful sources.

5.2 Personal Information You Provide Directly

We may collect the following categories of information you provide directly to us:

• name;
• business or practice name;
• job title or role;
• email address;
• telephone number;
• business mailing address;
• billing contact details;
• account credentials;
• form submissions, demo requests, survey responses, and support requests;
• communications content you send to us, and any other information you choose to provide.

5.3 Account, Customer, and Operational Data

If you or your organization use the Services, we may collect and process account and operational data such as:

• account registration details;
• subscription and plan details;
• onboarding information;
• workflow configurations;
• routing rules;
• automation logic;
• prompts, scripts, tags, templates, and settings;
• calendars and appointment-related data;
• support and implementation records;
• customer-authorized integration data.

5.4 Communications and Service Content

We may collect and process communications and service content, including:

• call recordings, where enabled and permitted by law;
• voicemails;
• call metadata and telephony logs;
• recordings and transcripts;
• AI-generated outputs and suggested responses;
• SMS or MMS messages;
• emails;
• chat content;
• appointment-related communications;
• customer support interactions;
• other service content processed through the Services.

Some of this information may include PHI, consumer health data, or other sensitive information depending on how a customer uses the Services.

5.5 Payment and Transaction Information

We may collect limited billing and transaction information, such as billing contact details, subscription status, invoices, payment status, transaction history, and related records. Full payment card information is generally processed directly by our third-party payment processors. To the extent Dental Boost receives or stores any card-related information, it is limited to the minimum information reasonably necessary for billing administration, fraud prevention, recordkeeping, or legal compliance.

5.6 Device, Usage, and Log Information

When you access our website or Services, we and our vendors may automatically collect information such as:

• IP address;
• browser type and version;
• device identifiers;
• operating system;
• referring URLs;
• pages viewed;
• links clicked;
• dates, times, and duration of visits;
• access logs;
• crash data;
• approximate geolocation derived from IP address, and similar technical and usage information.

5.7 Cookies and Similar Technologies

We, and our vendors may use cookies, pixels, SDKs, tags, local storage, and similar technologies to operate the website, remember preferences, analyze traffic, secure the Services, measure campaign effectiveness, and support analytics or advertising activities, subject to the limitations described in this Policy and applicable law.

5.8 Social Media and Third-Party Platform Information

If you interact with us through social media, or other third-party platforms, we may receive information such as your public profile details, username, engagement data, and information you make available through those services, subject to your settings and the third party's privacy practices.

5.9 Mobile Device Information

If you use a mobile device to access our website or Services, we may collect device model, operating system, browser type, IP address, device identifiers, and similar technical information. If a mobile application is offered now or in the future, we may also collect information associated with user-enabled permissions such as notifications, microphone access, or calendar access.

6. Sources of Information

We may collect information from the following sources:

• directly from you;
• from your employer, dental practice, or other organization using the Services;
• from patients, leads, and other individuals interacting with customer-configured workflows;
• automatically from your device or browser;
• from cookies, analytics tools, and similar technologies;
• from payment processors and other service providers;
• from telecommunications, telephony, email, and infrastructure providers;
• from integrated applications and platforms authorized by the customer or user;
• from publicly available sources or social media platforms.

7. How We Use Information

7.1 Processor / Service Provider vs. Direct Controller Use

Depending on the context, Dental Boost processes information either in its own capacity for information it controls directly or on behalf of a business customer as a service provider, processor, contractor, or business associate.

7.2 Processing on Behalf of Business Customers

When Dental Boost processes information on behalf of a business customer, including patient, lead, end-user, communications, service, or PHI-containing data, Dental Boost processes that information only as necessary to provide, operate, maintain, support, secure, troubleshoot, and improve the Services and as otherwise permitted by applicable law, the applicable BAA or other written agreement, and the customer's documented instructions.

7.3 Direct Uses of Information We Control

For information Dental Boost controls directly in its own capacity, we may use information for the following purposes:

• to provide, operate, maintain, support, secure, and improve the Services;
• to create, provision, manage, and authenticate accounts;
• to provide demos, onboarding, implementation, integration, and customer support;
• to enable telephony, messaging, scheduling, CRM, AI, automation, and workflow features;
• to process transactions, invoices, refunds, subscriptions, renewals, and account administration;
• to send service, support, administrative, security, legal, compliance, and account-related communications;
• to send marketing communications where permitted by law and consistent with your preferences;
• to personalize website content and user experiences;
• to analyze, troubleshoot, debug, and improve performance, quality, and usability;
• to monitor for fraud, spam, abuse, misuse, security incidents, and other harmful or unlawful activity;
• to enforce our agreements, policies, and legal rights;
• to comply with law, regulation, legal process, or lawful governmental request;
• to establish, exercise, or defend legal claims;
• to conduct internal reporting, audits, and business operations;
• to create aggregated or de-identified analytics and insights where permitted by law.

8. How We Use AI-Related Data

8.1 AI Processing for Requested Features

We may process communications and service content through AI and automation systems to provide requested features, including transcription, summarization, classification, call handling, response generation, routing, scheduling, support, quality assurance, troubleshooting, fraud prevention, misuse prevention, service support, and security monitoring.

8.2 PHI Training Restriction

We do not use PHI to train generalized, public-facing, or shared foundation AI models. We use PHI only as permitted by applicable law, the applicable BAA, our agreement with the customer, and the customer's documented instructions.

8.3 Non-PHI Customer Service Content Training Restriction

We do not use non-PHI customer service content to train generalized, public-facing, or shared foundation AI models unless expressly authorized in an applicable written agreement and permitted by law.

8.4 De-Identified / Aggregated Improvement Uses

We may use de-identified or aggregated information to improve the Services, quality assurance processes, system performance, analytics, and product functionality, provided we apply controls intended to prevent re-identification and comply with applicable law.

8.5 Review for Support, QA, Security, and Compliance

We may review AI interactions and outputs for support, quality assurance, debugging, security, misuse prevention, compliance, and service improvement. Where such data includes customer-controlled service data, patient data, or PHI, we do so only as necessary to provide the requested AI or automation features and to perform those functions as permitted by applicable law, the applicable BAA or other written agreement, and the customer's documented instructions.

8.6 Official Terms Control

Official agreements, policies, and customer-configured settings govern in the event of any inconsistency between an AI output and our binding written terms or the customer's configured workflow.

9. Legal Bases for Processing

Depending on the context and applicable law, we may process information:

• as necessary to perform a contract or take steps at your request before entering into a contract;
• to comply with legal obligations;
• to pursue our legitimate interests, such as operating and improving the Services, securing our systems, communicating with customers, preventing fraud, and enforcing our rights, provided such interests are not overridden by applicable legal requirements;
• based on consent, where consent is required; and as otherwise permitted by applicable law.

10. How We Disclose Information

We may disclose information to the following categories of recipients, subject to applicable law and contractual obligations. Notwithstanding anything else in this Policy, mobile phone numbers, text messaging originator opt-in data, and SMS consent records are not disclosed to third parties or affiliates for their own marketing or promotional purposes.

10.1 Service Providers, Contractors, and Processors

We may disclose information to vendors, service providers, contractors, subprocessors, and processors that perform services on our behalf, such as:

• cloud hosting and infrastructure providers;
• payment processors;
• customer support platforms;
• analytics and monitoring providers;
• telecommunications and telephony providers;
• SMS and messaging delivery providers;
• email service providers;
• security and fraud prevention vendors;
• implementation, integration;
• workflow support providers;
• other service providers needed to operate, support, secure, or improve the Services.

These parties are authorized to process information only for legitimate business purposes, on our behalf or as otherwise instructed by us or our customers, and are subject to appropriate contractual restrictions where applicable.

10.2 Customer-Directed Recipients and Integrations

If a customer enables an integration or directs us to process or transmit data with a third-party system, platform, or provider, we may disclose information as necessary to carry out those instructions.

10.3 Business Customers and Their Authorized Users

Where Dental Boost provides Services to an organization, information processed through the Services may be accessible to that organization and its authorized administrators, personnel, agents, and vendors as permitted by the organization's instructions and our agreement with that organization.

10.4 Corporate Transactions

We may disclose information in connection with an actual or proposed merger, acquisition, financing, asset sale, bankruptcy, restructuring, or similar transaction, subject to customary confidentiality protections and applicable law.

10.5 Legal, Compliance, and Safety Disclosures

We may disclose information:

• to comply with applicable law, regulation, legal process, or lawful governmental request;
• to enforce our agreements and policies;
• to detect, investigate, prevent, or address fraud, security, or technical issues;
• to protect the rights, property, safety, or security of Dental Boost, our customers, users, or others, or to establish, exercise, or defend legal claims.

10.6 With Consent or at Your Direction

We may disclose information with your consent or at your direction.

11. Advertising, Analytics, and Remarketing

11.1 Public Marketing Website Advertising Tools

On our public-facing marketing website and related marketing properties, Dental Boost may use analytics and advertising tools, including tools offered by providers such as Google and Meta, to understand website usage, measure campaign performance, create audiences, deliver advertising, conduct remarketing or retargeting, and improve our marketing efforts, subject to applicable law.

11.2 Data Collected by Advertising and Analytics Technologies

These technologies may collect or receive identifiers, device information, online activity information, and similar usage data over time and across websites, applications, or services.

11.3 Types of Advertising and Analytics Technologies We May Use

We may use:

• analytics tools;
• remarketing or retargeting tools;
• audience matching or suppression features, and similar analytics and advertising technologies.

11.4 Google and Meta / Third-Party Vendor Ad Technologies

Third-party vendors, including Google and Meta, may use cookies, pixels, device identifiers, and similar technologies to show ads based on your prior visits to our website or interactions with our marketing properties.

11.5 Combined First-Party and Third-Party Identifiers

We and our advertising and analytics partners may use first-party cookies or identifiers together with third-party cookies, pixels, or other identifiers to measure ad performance, understand interactions with our website and marketing properties, build audiences, suppress audiences, and support remarketing or retargeting activities, subject to applicable law.

11.6 Public-Site Limitation

These activities are limited to our public-facing marketing website and related marketing properties. They do not apply to mobile phone numbers, SMS consent records, text messaging originator opt-in data, message content, or authenticated patient environments.

11.7 No Ad-Tech on Patient / PHI / Consumer Health Data Environments

Dental Boost does not use third-party advertising pixels, retargeting technologies, cross-context behavioral advertising tools, or similar advertising trackers on any authenticated patient environment or on any webpage, form, scheduler, chat flow, portal, or communication interface where PHI or consumer health data is collected, transmitted, or reasonably inferable.

11.8 Healthcare-Related Environment Restrictions

Where analytics or advertising technologies are used in healthcare-related environments, Dental Boost will do so only where legally permitted, technically configured to avoid impermissible disclosures, and, where applicable, subject to a valid BAA and any required authorization, consent, or other lawful permission.

11.9 Advertising and Cookie Choices

You can manage cookies through your browser settings and, where available, through our cookie, consent, or privacy preference tools. Some analytics and advertising partners also provide separate opt-out tools.

12. SMS, Calling, and Messaging Privacy

12.1 Dental Boost Messaging Uses

If you separately request, opt in to, register for, or otherwise provide the level of consent required by applicable law to receive calls, text messages, or similar communications from Revenue Rocket LLC d/b/a Dental Boost, we may use your number to send messages from Dental Boost related to:

• demo confirmations;
• appointment-related messages;
• customer support messages;
• service notifications;
• account and operational alerts;
• follow-up communications;
• marketing or promotional messages where you have provided any required consent.

12.2 Message Frequency and Rates

Some messages may be one-time, and others may be recurring, depending on the nature of your interaction with Dental Boost, the program for which you enrolled, and the communications you requested. Message frequency may vary. Message and data rates may apply.

12.3 Consent Limits

Providing a mobile phone number, submitting a form, creating an account, or agreeing to this Privacy Policy alone does not constitute consent to receive marketing or promotional text messages. Where consent is required by law, Dental Boost obtains the level of consent required for the applicable message type before sending marketing text messages, autodialed or prerecorded calls, or other regulated communications. Consent to receive marketing communications is not a condition of purchase unless permitted by law and clearly disclosed.

12.4 Program-Specific Consent

Any consent you provide to receive SMS or calling communications from Dental Boost applies only to Dental Boost and to the specific message categories, programs, or interactions for which you have provided consent. It does not authorize messages from unrelated brands, campaigns, or third parties.

12.5 Messaging Privacy Commitments

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. Text messaging originator opt-in data and consent will not be shared with any third parties except telecommunications carriers, messaging providers, aggregators, and service providers that support the delivery, routing, customer service, security, fraud prevention, compliance, or documentation of our messaging services. Your mobile information will not be sold, rented, or used by third parties or affiliates for their own independent marketing or promotional purposes.

12.6 Disclosures to Messaging and Telecom Vendors

We may disclose mobile numbers, message content, call data, and opt-in or opt-out status to telecommunications carriers, messaging providers, aggregators, platforms, and vendors as necessary to deliver, route, monitor, secure, support, and document messaging or calling services and to comply with applicable law.

12.7 STOP / HELP / Revocation

You may opt out of a Dental Boost text messaging program at any time by replying STOP to messages from that program. After we process your STOP request, we may send a one-time confirmation message confirming your opt-out. After that, you will no longer receive text messages from that program unless you opt in again. Any later transactional, administrative, security, billing, or account-related text messages will be sent only where you have separately provided any required consent or where otherwise permitted by applicable law.

For assistance, reply HELP to a Dental Boost text message or contact us at [email protected].

Where consent is required for calls or text messages, you may revoke consent through any reasonable method that clearly expresses a desire not to receive further such communications. Reply-text STOP requests are processed promptly for the applicable text messaging program. Other reasonable revocation requests for calls or text messages will be honored within a reasonable time and, where applicable, no later than ten (10) business days after receipt.

12.8 Non-Marketing Messages After Opt-Out

Opting out of marketing communications does not prevent us from sending transactional, administrative, security, safety, support, account, billing, or other non-marketing messages where permitted by law.

13. Cookies and Tracking Choices

13.1 Browser Controls

Most browsers allow you to control cookies, including blocking or deleting them. If you disable cookies or similar technologies, some features of the website or Services may not function properly.

13.2 Consent Tools

Where required by law, we will provide choices regarding non-essential cookies and similar technologies through our consent tools or other legally sufficient methods.

14. Data Retention

14.1 General Retention Standard

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, preserve backups, and maintain appropriate business, tax, accounting, and financial records.

14.2 Retention Factors

Retention periods vary based on the type of information, the nature of the relationship, the Services used, customer instructions, technical requirements, operational needs, backup cycles, contractual obligations, and legal requirements.

14.3 General Retention Practices

In general, we apply the following retention practices:

• lead, inquiry, and demo request information: retained for as long as needed to respond to the request, manage sales and onboarding activities, and maintain related records;
• account, subscription, and contract information: retained for the duration of the relationship and for a reasonable period afterward for renewals, support continuity, recordkeeping, audits, tax, accounting, dispute resolution, and legal compliance;
• billing and transaction records: retained as needed for accounting, tax, chargeback, fraud prevention, and legal compliance;
• customer support and implementation records: retained for as long as needed to provide support, maintain service history, and improve support quality;
• service communications, call logs, recordings, transcripts, and messaging records: retained according to customer configuration, contractual requirements, legal obligations, operational needs, and backup schedules;
• security, fraud, compliance, and audit logs: retained as needed to protect the Services, investigate incidents, document compliance, and comply with legal or contractual obligations;
• marketing preference, suppression, consent, and revocation records: retained as needed to honor preferences, maintain suppression lists, document consent status, document revocation status, and comply with telecommunications, email, privacy, and consumer protection laws;
• cookie identifiers and analytics data: retained in accordance with browser settings, consent choices, vendor configurations, and applicable law;
• de-identified and aggregated data: may be retained for analytics, service improvement, benchmarking, security, and lawful business purposes, provided the data is maintained in de-identified or aggregated form.

14.4 Deletion and Backup Copies

When information is no longer required, we will delete, anonymize, aggregate, or otherwise securely dispose of it in accordance with applicable law, contractual obligations, and our retention practices. Residual copies may remain in backup systems for a limited period consistent with our backup, disaster recovery, and record retention processes.

14.5 Washington Consumer Health Data Backup Timing

For consumer health data subject to Washington law, if data subject to a valid deletion request is stored in archived or backup systems, deletion may be delayed only as reasonably necessary to enable restoration processes and will not exceed six (6) months from authentication of the request.

15. Security of Information and Incident Response

15.1 Security Measures

We use reasonable administrative, technical, physical, and organizational safeguards designed to protect personal information against unauthorized access, acquisition, disclosure, alteration, loss, or destruction. These safeguards may include access controls, authentication measures, encryption in transit where appropriate, system monitoring, logging, vendor management, workforce training, incident response procedures, and other security measures appropriate to the nature of the information and Services.

15.2 Service Provider Safeguards

We require service providers and subprocessors handling personal information on our behalf to implement appropriate safeguards and contractual restrictions consistent with the sensitivity of the information and the services provided.

15.3 No Absolute Security Guarantee

No method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

15.4 Incident and Breach Notification

If we determine that a reportable security incident or data breach has occurred, we will provide notice in the manner and within the timeframe required by applicable law, regulation, the applicable BAA, and contractual obligations. Security incidents involving PHI will be handled in accordance with applicable HIPAA requirements and the applicable BAA. Incidents involving non-HIPAA health data will be handled in accordance with applicable federal and state breach-notification requirements, including the FTC Health Breach Notification Rule where applicable.

16. Sensitive Information

16.1 Do Not Send Unnecessary Sensitive Information Through Unsecured Channels

Please do not send highly sensitive personal information to us through unsecured or public channels unless specifically requested and appropriate safeguards are in place. This includes, for example, Social Security numbers, full financial account credentials, government-issued identification numbers, or other information not reasonably necessary for the requested interaction.

16.2 Health-Related Information

Where our customers use the Services to process patient or health-related information, such processing may be governed by HIPAA, a BAA, customer instructions, Washington's My Health My Data Act, or other applicable law.

16.3 Sensitive Personal Information Use Limits

Dental Boost does not use or disclose sensitive personal information except as reasonably necessary to provide the Services, comply with legal obligations, protect the security and integrity of the Services, carry out other disclosed and permitted business purposes, or as otherwise permitted by applicable law. Where required by law, Dental Boost will provide any required notice and obtain any required consent before using or disclosing sensitive personal information for additional purposes.

17. International Data Transfers

17.1 U.S.-Based Operations

Dental Boost is based in the United States, and the Services are primarily operated from the United States. Information may be transferred to, stored in, and processed in the United States and other jurisdictions where we or our service providers operate.

17.2 International Users

If you access the Services from outside the United States, you understand that your information may be transferred to jurisdictions that may not provide the same level of data protection as your home jurisdiction. Where required by law, we will implement appropriate safeguards for such transfers.

18. Your Privacy Rights and Choices

18.1 General Rights Overview

Depending on your jurisdiction and the nature of our relationship with you, you may have some or all of the rights described below, subject to applicable exceptions and verification requirements. If we process your information solely on behalf of a dental practice or other business customer, you should direct your request to that customer in the first instance. Where appropriate, we may forward your request to the relevant customer or assist that customer in responding as required by law, contract, or applicable data-processing obligations.

18.2 General Rights

You may have the right to:

• know or confirm whether we process your personal information;
• access a copy of your personal information;
• correct inaccurate personal information;
• delete personal information;
• opt out of certain marketing communications;
• opt out of certain targeted advertising or similar activities where applicable law provides that right;
• withdraw consent where our processing is based on consent;
• limit certain uses of sensitive personal information where applicable law provides that right;
• appeal a denial of certain rights requests where required by law.

18.3 Verification and Non-Discrimination

We may need to verify your identity, authority, and residency before processing a request. We will not discriminate against you for exercising applicable privacy rights.

19. Washington Consumer Health Data Notice

19.1 Applicability

This section applies only to the extent Dental Boost collects, uses, or shares "consumer health data" subject to Washington's My Health My Data Act outside HIPAA-regulated processing. Where required by applicable law, this section is intended to serve as Dental Boost's consumer health data privacy notice, and we will make it available through a prominent link on our homepage and in any other location required by law.

19.2 Definition of Consumer Health Data

For purposes of this section, "consumer health data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status, as defined by applicable law.

19.3 Categories of Consumer Health Data We May Collect

Depending on the context, we may collect categories of consumer health data such as:

• information about health-related appointments, inquiries, requests, or communications;
• information that may identify an individual's interest in seeking healthcare or dental services;
• communications content relating to health-related questions, scheduling, treatment discussions, or care coordination;
• call recordings, transcripts, messages, and related metadata involving health-related interactions;
• approximate location information derived from IP address or device data that may indicate an attempt to obtain healthcare services, and precise location information only where a consumer affirmatively enables that collection in a product or workflow that separately discloses the practice and obtains any consent required by law, and other data that may identify a consumer's physical or mental health status, diagnosis, treatment, or healthcare-seeking behavior, where applicable.

19.4 Purposes for Collection and Use

We may collect and use consumer health data to:

• provide requested website or Service functionality;
• route, schedule, document, and support health-related communications;
• provide AI receptionist, call handling, messaging, and workflow features;
• authenticate users and support accounts;
• secure and maintain the Services;
• provide support and troubleshoot issues;
• comply with legal obligations;
• carry out other disclosed purposes with consent where required.

19.5 Consent for Additional Collection or Sharing

Where Washington consumer health data is collected or shared outside what is necessary to provide a product or service requested by the consumer, Dental Boost will obtain any consent required by applicable law before such collection or sharing. Where required, consent for sharing will be separate and distinct from consent for collection, and consumers may withdraw consent for future collection or sharing using the methods described in this Policy.

19.6 Sources of Consumer Health Data

We may collect consumer health data from:

• consumers directly;
• our customers and their authorized users;
• communications submitted through calls, messages, forms, chat, or scheduling tools;
• integrated systems authorized by our customers;
• service providers acting on our behalf.

19.7 Categories of Consumer Health Data Shared

Except where permitted or required by law, directed by the consumer or our customer, or necessary to provide a product or service requested by the consumer, Dental Boost does not sell consumer health data and does not share consumer health data with third parties or affiliates for their own independent marketing or advertising purposes.

Where consumer health data is shared within the meaning of applicable Washington law, the categories of consumer health data that may be shared include:

• health-related appointment, inquiry, scheduling, and communication data;
• call recordings, transcripts, messages, and related metadata involving health-related interactions; and
• other health-related communications content necessary to provide the requested product or service or to carry out another disclosed and legally permitted purpose.

19.8 Categories of Third Parties With Whom Consumer Health Data May Be Shared

Where permitted by law and applicable to the Services at issue, consumer health data may be shared with the following categories of third parties:

• customer-directed integrations;
• third parties involved in delivering a product or service requested by the consumer;
• professional advisors, regulators, courts, law enforcement, or governmental authorities where required or permitted by law.

Disclosures to processors, contractors, and service providers acting on our behalf are governed by contract and, where applicable law excludes such disclosures from the definition of "sharing," are not treated as "sharing" for purposes of this section.

19.9 Affiliates

Dental Boost currently does not share consumer health data with affiliates. Dental Boost currently has no affiliates with whom it shares consumer health data for independent business, marketing, or promotional purposes.

19.10 Washington Rights

If Washington's My Health My Data Act applies, you may have the right to:

• confirm whether we collect, share, or sell consumer health data concerning you and access that data;
• receive a list of third parties and affiliates with whom we have shared or sold consumer health data and an active contact mechanism for those parties where required by law;
• withdraw consent from our collection and sharing of consumer health data where consent is the basis for processing;
• request deletion of consumer health data;
• appeal a refusal to take action on your request.

We do not sell consumer health data.

19.11 Deletion Assistance for Consumer Health Data

If we receive and authenticate a valid deletion request for consumer health data subject to Washington law, we will delete the applicable consumer health data from our records as required by law and will notify processors, contractors, service providers, affiliates, and other recipients to whom we disclosed that consumer health data, as required by applicable law, so that they may also delete it from their records where required.

20. How to Exercise Rights

20.1 Contact Methods

To exercise applicable privacy rights, you may contact us using the designated methods we make available for the relevant right. Those methods may include:

• Email: [email protected]
• Mail: Revenue Rocket LLC d/b/a Dental Boost, 522 W Riverside Ave Suite N, Spokane, WA 99201, United States
• Online Request Mechanism: Where available through our website, use any rights-request or privacy-request form made available for the applicable request

20.2 Verification

We may require reasonable verification of identity, residency, and authority before fulfilling a request. We do not require you to create a new account to submit a rights request, although we may require you to use an existing account where appropriate for security purposes.

20.3 Fees

We generally do not charge a fee for standard privacy requests. Where permitted by law, we may charge a reasonable fee or decline to act if a request is manifestly unfounded, excessive, or repetitive.

20.4 Authorized Representatives

Authorized representatives may submit requests on behalf of an individual where permitted by applicable law, subject to appropriate verification.

21. Appeals

If we deny your request, you may appeal by replying to our response or by contacting us at [email protected] with the subject line "Privacy Rights Appeal."

If we deny an appeal relating to Washington consumer health data, we will provide, where required by law, information regarding how to contact the Washington Attorney General.

22. Email Marketing and CAN-SPAM

If you receive marketing emails from us, you may unsubscribe by using the unsubscribe link in the message or by contacting us at [email protected].

We may still send transactional, administrative, security, billing, support, legal, or other non-marketing messages after you opt out of marketing communications.

23. Do Not Track

Because there is not yet a universally accepted standard for browser-based "Do Not Track" signals, our website may not respond to all such signals.

24. Children's Privacy

The Services are intended for businesses, healthcare practices, and adults, and are not directed to children under 13. We do not knowingly collect personal information directly from children under 13 through our public-facing website for our own independent purposes. If we learn that we have collected personal information directly from a child under 13 in violation of applicable law, we will take reasonable steps to delete it.

25. Third-Party Websites, Services, and Integrations

The Services may contain links to third-party websites, applications, integrations, or services that are not controlled by Dental Boost. We are not responsible for the privacy, security, or content practices of those third parties. We encourage you to review their privacy policies and terms before interacting with them.

26. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

If we make material changes, we will update the "Last Updated" date and provide any additional notice required by applicable law. If applicable law requires consent or other action before certain new data practices take effect, we will comply with those requirements before implementing the change.

27. Contact Information

• Revenue Rocket LLC d/b/a Dental Boost
• Email: [email protected]
• Website: https://dentalboost.ai
• Address: 522 W Riverside Ave Suite N, Spokane, WA 99201, United States