Privacy Policy

This Privacy Policy explains how Dental Source Holdings LLC ("Dental Source," "we," "us," or "our") collects, uses, discloses, stores, and protects information when you access or use the Dental Source website, platform, content library, tools, templates, downloads, documents, continuing education materials, and related services (collectively, the "Service").

Dental Source is built for dental professionals and dental practices. This version of the Service is designed to operate without collecting patient-identifiable health information ("PHI"). Please do not enter patient-identifiable information into the Service unless Dental Source has expressly agreed in writing to support that use case.

1. Scope of this policy

This policy applies to information we collect through the Service, including our website, account areas, subscription and billing flows, educational content, document tools, practice management features, support communications, transactional emails, and product usage activity.

This policy does not apply to third-party websites, products, services, payment portals, or integrations that we do not control. Those services are governed by their own privacy policies and terms.

2. Who we are

Dental Source Holdings LLC provides an online education, clinical reference, document template, compliance support, and practice management platform for dental professionals and dental practices. You can contact us about privacy questions at privacy@dentalsource.co.

3. Information you provide to us

We collect information that you or your authorized users choose to provide, including:

• Account information: name, email address, password, account settings, role, organization or practice association, and authentication details.
• Practice information: practice name, address, phone number, website, branding details, logo, staff roles, practice preferences, and other information used to personalize templates, documents, and workflows.
• Profile and team information: user names, team invitations, team roles, permissions, subscription status, and account management details.
• Content and tool inputs: information you enter into calculators, templates, worksheets, documents, onboarding tools, marketing prompts, scorecards, compliance tools, or similar features.
• Support information: messages, attachments, troubleshooting details, feedback, requests, survey responses, and other information you send to us.
• Communications preferences: email preferences, notification choices, and product communication settings.

4. Information we collect automatically

When you use the Service, we may automatically collect technical and usage information, including:

• log data such as IP address, browser type, device type, operating system, and pages viewed;
• dates and times of access, session activity, referring pages, and approximate location derived from IP address;
• product activity such as lessons viewed, curriculum progress, tools opened, documents generated, preferences changed, and feature usage;
• security events such as sign-ins, failed login attempts, password resets, session activity, and access-control events;
• performance and diagnostic data such as errors, crashes, latency, browser metadata, and service health indicators.

5. Payment and billing information

Payments are processed by Stripe. We do not store full payment card numbers, card security codes, or complete bank account numbers on our servers. Stripe may provide us with limited billing details needed to manage subscriptions and purchases, such as customer ID, subscription status, payment status, invoice history, payment method type, last four digits, expiration date, billing name, billing email, billing address, and tax information.

Stripe processes payment data according to its own terms and privacy policy. Your use of payment features may require you to interact with Stripe-hosted checkout or billing portal pages.

6. Information we do not intend to collect

This version of Dental Source is not intended to collect or store patient-identifiable health information, including patient names, dates of birth, addresses, phone numbers, email addresses, medical record numbers, chart numbers, photographs, radiographs, treatment details tied to an identifiable patient, or other identifiers that could connect clinical information to a specific person.

Clinical documents and templates are provided for you to complete, store, and maintain in your own HIPAA-compliant systems and local practice workflows. If you believe you entered PHI or other sensitive patient information into the Service by mistake, contact us promptly at privacy@dentalsource.co.

7. HIPAA and Business Associate Agreements

Dental Source is designed to operate without PHI and is not intended to be used as a HIPAA system of record in its current configuration. Unless Dental Source has signed a Business Associate Agreement ("BAA") with you, you should not use the Service to create, receive, maintain, or transmit PHI on behalf of a covered entity or business associate.

If your intended use would require Dental Source to process PHI, contact us before using the Service for that purpose. We may decline the use case, require additional safeguards, require a BAA, or provide separate written terms.

8. How we use information

We use information to operate, secure, support, and improve the Service, including to:

• create, authenticate, and manage accounts;
• provide subscriptions, purchases, content, tools, templates, documents, and downloads;
• personalize generated materials with your practice information and preferences;
• process payments, manage billing, send invoices, handle renewals, and prevent payment abuse;
• provide customer support, respond to inquiries, troubleshoot issues, and send service messages;
• send transactional emails, account notices, security notices, renewal notices, and administrative messages;
• track curriculum progress, feature usage, completion status, and product activity;
• maintain security, prevent fraud, enforce access controls, and investigate suspicious activity;
• debug errors, measure performance, improve reliability, and develop new features;
• analyze aggregate product usage and understand which features are useful;
• comply with legal obligations, enforce our Terms, and protect our rights and users.

9. Legal bases where required

If privacy laws require a legal basis for processing, we process information based on one or more of the following: performance of a contract with you, our legitimate interests in operating and improving the Service, your consent where requested, compliance with legal obligations, and protection of our rights, users, and the Service.

10. Cookies and similar technologies

We use essential first-party cookies and similar technologies needed for the Service to work. These may include session cookies that keep you signed in, authentication tokens, security cookies, CSRF protections, and preference cookies such as sidebar or theme state.

We do not use third-party advertising cookies or cross-site behavioral advertising cookies in the current version of the Service. If that changes, we will update this policy and, if required, provide additional notice or consent options.

11. Analytics, diagnostics, and product improvement

We may use limited analytics and diagnostics to understand how the Service performs, which features are used, where users encounter errors, and how to improve the product. We aim to use the minimum information reasonably needed for these purposes and avoid using PHI.

Where possible, we use aggregated or de-identified information for reporting, product planning, and internal decision-making.

12. Service providers

We use trusted third-party providers to operate the Service. These providers process information on our behalf or in connection with services they provide to us. Current categories include:

• Hosting, database, and authentication: Supabase and related hosting or infrastructure providers.
• Payments and billing: Stripe.
• Transactional email: Resend or similar email delivery providers.
• Security, logging, diagnostics, and infrastructure: providers that help monitor availability, performance, and abuse.
• Professional advisors: attorneys, accountants, compliance advisors, and similar professionals where needed.

Service providers may access information only as reasonably necessary to provide their services, comply with law, protect security, or perform their contractual obligations.

13. When we disclose information

We may disclose information in the following circumstances:

• Within your practice or account: authorized users, administrators, and team members may see information based on roles and permissions.
• To service providers: vendors that help us provide, secure, bill, and support the Service.
• For legal reasons: if required by law, subpoena, court order, regulatory request, or similar legal process.
• For safety and security: to detect, prevent, or respond to fraud, security incidents, misuse, unauthorized access, or harm to users, patients, Dental Source, or third parties.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.
• With consent: when you direct us to share information or otherwise give permission.

14. We do not sell personal information

We do not sell personal information for money. We also do not share personal information for cross-context behavioral advertising in the current version of the Service. If our practices change, we will update this policy and provide any rights or notices required by applicable law.

15. Data retention

We retain information for as long as reasonably necessary to provide the Service, maintain your account, manage subscriptions, comply with legal and accounting obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business needs.

• Account and practice information is generally retained while your account is active.
• Billing and invoice records may be retained as required for tax, accounting, and legal purposes.
• Security logs and diagnostic data may be retained for a limited period to protect the Service.
• Backups may persist for a limited period before being overwritten or deleted in the ordinary course.

If you request deletion, we will delete or de-identify eligible information unless we need to retain it for legal, security, fraud-prevention, billing, dispute, backup, or legitimate business reasons.

16. Security

We use administrative, technical, and organizational safeguards designed to protect information, including HTTPS/TLS encryption in transit, encryption at rest where supported, authentication controls, access restrictions, role-based access, database row-level security, unique user credentials, payment processing through Stripe, and monitoring for abuse or suspicious activity.

No method of transmission, storage, or processing is completely secure. We cannot guarantee absolute security, and you are responsible for protecting your login credentials, devices, local downloads, generated documents, and any information you export from the Service.

17. Account administrators and team controls

If your account is connected to a practice, organization, or team, account owners or administrators may be able to access, manage, export, change, or delete information within that account. They may also control user roles, invitations, subscription settings, billing access, and team permissions.

If you use an email address provided by your employer or practice, your organization may have rights over that account or related data depending on your internal policies and agreements.

18. Your choices and privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain personal information. You may also have the right to object to certain processing or withdraw consent where processing is based on consent.

You can update some account information directly in the Service. For other requests, contact us at privacy@dentalsource.co. We may need to verify your identity and account authority before completing a request. Some requests may be limited by law, security, billing requirements, backups, or our need to provide the Service.

19. Email communications

We may send transactional and administrative emails about your account, subscription, billing, security, renewals, product changes, and support. These emails are necessary for the Service and generally cannot be opted out of while your account is active.

If we send optional marketing emails, you may unsubscribe using the link in the email or by contacting us. Unsubscribing from marketing emails does not stop transactional or account-related communications.

20. Children's privacy

The Service is intended for adults and professional use by dental practices. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact us so we can take appropriate action.

21. International users

Dental Source is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States or other locations where we or our service providers operate. Privacy laws in those locations may differ from the laws in your jurisdiction.

22. State privacy disclosures

Some state privacy laws require additional disclosures. Depending on your location and the applicability of those laws, you may have rights to know, access, correct, delete, obtain a copy of, or opt out of certain processing of personal information. We do not currently sell personal information or share it for cross-context behavioral advertising.

To submit a privacy request, contact privacy@dentalsource.co. We will not discriminate against you for exercising privacy rights, but some information is necessary to provide the Service and deleting it may affect your account or access.

23. Accessibility

We aim to conform to WCAG 2.1 Level AA. See our Accessibility Statement for details and how to report a barrier.

24. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as posting the updated policy, changing the last updated date, emailing the account owner, or displaying an in-product notice. Your continued use of the Service after the updated policy becomes effective means you acknowledge the updated policy.

25. Contact us

Questions, requests, or concerns about this Privacy Policy may be sent to privacy@dentalsource.co.