Privacy Policy

1. Relationship to Other Agreements

This Privacy Policy works together with:

• our Terms of Service; and
• our Business Associate Agreement ("BAA") for Protected Health Information ("PHI") governed under HIPAA.

If there is any conflict between this Privacy Policy and a signed BAA as it relates to PHI, the BAA controls.

2. Information We Collect

We collect information in three categories: Business/Account Data, Operational & Communications Data, and Technical Data (including cookies and analytics).

2.1 Business and Account Information

When your dental practice creates an account, books a demo, or subscribes to the Services, we may collect:

• Practice name and contact details
• Account credentials and preferences
• Billing and payment information (processed by third-party processors such as Stripe)
• Information shared during sales calls, onboarding, surveys, support, or training

2.2 Operational & Communications Data

When you use the Services, we may collect and process:

• Telephone calls, voicemails, call metadata, telephony logs, recordings, transcripts, and AI-generated responses
• SMS/MMS messages, emails, chat transcripts, and appointment-related communications
• Practice workflow data such as scheduling, reminders, missed-call details, routing logic, and inputs entered by your staff
• User-created prompts, scripts, flows, tags, and configurations

Some of this data may include Protected Health Information (PHI) under HIPAA.

2.3 Technical Data, Cookies, and Analytics

When you visit our Site or use the Services, we may collect:

• Device type and browser information
• IP address
• Approximate location
• Access times and navigation behavior
• Error logs and diagnostic data

We use cookies and similar technologies to:

• authenticate users;
• maintain session preferences;
• analyze site usage; and
• improve the performance of the Site and Services.

You may disable cookies in your browser settings, but doing so may affect certain features.

3. How We Use Information

We use collected information to:

• operate, maintain, improve, and secure the Services;
• authenticate users and protect accounts;
• enable AI receptionist, routing, messaging, scheduling, and automation features;
• provide onboarding, support, troubleshooting, and training;
• process subscriptions and billing;
• enforce security, anti-abuse, TCPA, and HIPAA controls; and
• send service-related communications and, where permitted, marketing communications (you may opt out of marketing at any time).

De-Identified and Aggregated Information

We may use or share de-identified and/or aggregated information to:

• analyze trends;
• improve system performance and accuracy; and
• develop new features and AI enhancements.

Information that is de-identified in accordance with HIPAA is no longer considered PHI.

4. SMS Messaging & Text Message Program (A2P Compliance)

Dental Boost does not sell or share mobile opt-in information, including phone numbers or SMS consent records, with any affiliates or third parties for marketing or promotional purposes. SMS opt-in data is kept confidential and used solely to deliver messages you have explicitly consented to receive.

Transactional SMS Messages

Dental Boost operates a transactional SMS messaging program. By opting in, you agree to receive SMS messages from Dental Boost related to your demo, appointments, account activity, and services you have requested.

All SMS messages are sent by Dental Boost.

• Message frequency may vary
• Message and data rates may apply

Marketing & Promotional SMS Messages

If you separately opt in, Dental Boost may send marketing or promotional SMS messages, which may include product updates, service announcements, or special offers.

• Marketing SMS messages are optional and not required to receive our Services
• Marketing consent is collected separately from transactional consent
• Message frequency may vary
• Message and data rates may apply

Opt-In and Consent

You will only receive SMS messages if you explicitly opt in through a clear affirmative action, such as checking an unchecked consent checkbox. We maintain timestamped records of all opt-in actions.

Consent to receive SMS messages is not a condition of purchasing or using our Services.

Opt-Out

You may opt out at any time by replying STOP. After opting out, you will receive a confirmation message and no further SMS messages will be sent unless you subsequently re-opt in.

Help & Support

Reply HELP for assistance, or contact [email protected].

Carrier Disclosures

Wireless carriers are not liable for delayed or undelivered messages.

SMS Data Protection Statement

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors that support service delivery (such as customer support or SMS aggregators) is permitted solely for message delivery and operational support. All other categories exclude text messaging originator opt-in data and consent.

Dental Boost complies with the Telephone Consumer Protection Act (TCPA) and all applicable messaging regulations.

5. How We Use and Protect PHI (HIPAA)

When providing Services to dental practices, Dental Boost acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

We process Protected Health Information ("PHI") only in accordance with:

• applicable HIPAA regulations;
• our Business Associate Agreement (BAA) with the covered dental practice; and
• the documented instructions of the covered entity.

Our HIPAA Commitments

• PHI is encrypted in transit and at rest
• Access to PHI is restricted based on role and necessity
• PHI is not sold, rented, or used for marketing purposes
• PHI is not used to train public or shared AI models
• De-identified and aggregated data may be used to improve system performance in accordance with HIPAA de-identification standards

Breach Notification

In the event of a confirmed breach involving PHI, Dental Boost will notify affected customers in accordance with the HIPAA Breach Notification Rule and the terms of the applicable BAA.

Customer Responsibilities

Dental practices are responsible for:

• obtaining required patient consents;
• providing lawful authorization to submit PHI to the Services; and
• ensuring their own compliance with HIPAA and applicable privacy laws.

6. How We Share Information

We do not sell, lease, or share personal information for cross-context behavioral advertising.

6.1 Subprocessors and Service Providers

We engage third-party vendors to support the Services, including:

• telephony and carrier networks;
• cloud hosting and infrastructure providers;
• AI processing providers;
• scheduling tools (optional);
• billing and payment systems; and
• analytics, monitoring, and support tools.

All subprocessors are contractually obligated to maintain confidentiality, implement appropriate safeguards, and use information solely for service delivery. Where required, we execute Business Associate Agreements or equivalent protections.

6.2 Legal and Safety

We may disclose information if required by law, lawful request, or to protect rights, property, systems, or the safety of users or the public. Where legally permitted, we will provide advance notice.

6.3 Business Transfers

If we undergo a merger, acquisition, financing, restructuring, or sale of assets, information may be transferred as part of that transaction subject to this Privacy Policy.

7. Data Retention

We retain information:

• while your account is active; and/or
• as necessary to meet contractual, legal, security, or compliance obligations.

When data is no longer required, it is deleted, anonymized, or de-identified consistent with HIPAA where applicable.

8. Security

We implement administrative, technical, and physical safeguards, including:

• encryption in transit (TLS) and at rest (AES-256);
• access controls and least-privilege policies;
• multi-factor authentication for internal systems;
• monitoring and audit logging;
• incident response procedures; and
• vendor security reviews.

No system is completely secure, but we continuously improve our safeguards.

9. International Transfers

Our Services are hosted in the United States. If you access the Services from outside the U.S., you consent to the processing of your information in the United States.

10. U.S. State Privacy Rights

Certain U.S. state laws provide privacy rights such as access, correction, deletion, portability, and opting out of "sale" or "sharing" (as defined by law). Dental Boost does not sell personal information and does not share personal information for cross-context behavioral advertising.

To exercise applicable rights, email [email protected] with the subject "Privacy Rights Request" and your state of residence.

11. Do Not Track

Because standards for interpreting "Do Not Track" signals are not established, we do not currently respond to them.

12. Your Rights and Choices

Depending on your jurisdiction, you may request access, correction, deletion, or copies of your information. You may opt out of marketing emails using unsubscribe links. Patients must contact their dental provider for rights related to health information.

13. Children's Privacy

The Services are not intended for children under 16, and we do not knowingly collect information from children.

14. Changes to This Policy

We may update this Privacy Policy periodically. The "Last Updated" date reflects the current version. Continued use of the Site or Services constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related inquiries:

• Email: [email protected]
• Website: https://www.dentalboost.ai