Dentadex

Legal

Privacy Policy.

What we collect when you use dentadex.com, why we collect it, and what your rights are.

v1 — under lawyer review. We’ll post the reviewed version here when it’s ready.

Effective date
May 26, 2026
Last updated
May 26, 2026

This policy explains how Dentadex Inc.(“Dentadex,” “we,” “us”) handles personal information you give us through the marketing site at dentadex.com. Our marketing site does not process patient data. Our application at app.dentadex.com processes Protected Health Information (PHI) under separate Business Associate Agreements with each dental practice. See our Business Associate Agreement for how PHI is handled.

1. Who we are

Dentadex is a dental billing platform. The legal entity is Dentadex Inc., with notices sent to privacy@dentadex.com. For the application’s data handling, we act as a data processor on behalf of each practice (the data controller). For this marketing site, we act as a data controller.

Dentadex serves dental practices in the United States. We do not target the EU, UK, or Quebec. If you reach us from outside the US, by submitting our contact form or emailing us you consent to your information being processed in the United States.

2. What we collect

Information you send us

When you fill out our contact form or email us, we collect your name, email, practice name, phone number (if you share it), the kind of practice management system you use, and the message you write. We also collect any UTM parameters in the page URL so we can tell which marketing channel sent you.

Information collected automatically

Our hosting provider (AWS) keeps short-term server logs of IP addresses and request metadata for security and uptime. We hash IP addresses before they reach our application logs so the raw IP is never persisted. We do not run third-party analytics, advertising pixels, or session-replay tools on this marketing site. If that changes, this page changes first.

What we do not collect

No patient health information passes through this marketing site. Patient records live only inside our application and stay there. We do not buy email lists. We do not enrich your data with third-party profile services.

3. How we use it

  • To reply to the message you sent us.
  • To set up a demo or a pilot, if that’s what you asked for.
  • To improve the site — for example, by counting how many people came from each marketing channel.
  • To meet legal and tax record-keeping rules.
  • To protect the site from spam, bots, and abuse (this is the only reason we look at IPs).

We do not use the information you send through this site for ad targeting on other sites. We do not sell or rent your personal information. Dentadex does not sell Personal Information or share it for cross-context behavioral advertising as defined in Cal. Civ. Code §1798.140(ah).

4. Who we share it with

We use a small set of vendors, called sub-processors, to run our business. The current list:

  • AWS(RDS, S3, CloudFront, ECS, Cognito, KMS, Secrets Manager) — hosts the site, the application, and encrypted backups. Covered by a Business Associate Agreement.
  • Resend— sends transactional email (a welcome email after a demo request, password resets, system notifications). We never send patient information by email, and we do not sign a BAA with Resend.
  • Stripe— processes our billing once a practice signs up. Stripe receives only the data needed to bill the practice. Stripe never receives patient information.
  • Plaid— matches a practice’s bank deposits to insurance payments inside the application. Covered by a Business Associate Agreement.
  • Your practice management system, through a local agent that runs on hardware your practice owns — the agent reads and writes to your PMS using your office’s login. The PMS vendor is not our sub-processor; we route data through your own system.

We will share information when the law requires us to (for example, a court order). When we get a request like this, we push back where we have grounds to and we tell you, unless the law forbids it.

5. How long we keep it

Contact-form data: up to 24 months after your last message, then deleted. Demo and pilot records: as long as the relationship is active, plus 12 months. Server logs: 30 days. Financial and tax records: 7 years, as the IRS requires. Patient information inside the application is handled per the BAA — not this policy.

6. Your rights

Depending on where you live, you have the right to ask us:

  • What personal information we have about you (right to know).
  • To correct anything that’s wrong.
  • To delete it.
  • To stop processing it for direct marketing (we don’t do that here, but the right still applies).
  • To get a copy of it in a portable format.
  • To opt out of the sale or sharing of personal information for cross-context behavioral advertising — we don’t do either, so this opt-out is automatically honored.
  • To not be retaliated against for using any of these rights.

To use any of these rights, email privacy@dentadex.com. We respond within 45 days, and may extend by an additional 45 days when reasonably necessary, with notice to you, consistent with Cal. Civ. Code §1798.130(a)(2)(A) and the comparable state statutes. We won’t charge you and we won’t penalize you for asking.

State-specific disclosures

The state laws below grant residents the rights above, with small variations in timing and scope. Residents of these states can use the same email address to exercise any right.

  • California (CCPA / CPRA, Cal. Civ. Code §1798.100 et seq.). Categories of personal information we collect and the sources, business purposes, and recipients are described in §2, §3, and §4 above. We retain each category for the periods described in §5. We do notcollect Sensitive Personal Information as defined in Cal. Civ. Code §1798.140(ae); if that changes, this page changes first. You also have the right to limit the use and disclosure of SPI under §1798.121 — not applicable today because we don’t collect any.
  • Virginia (VCDPA, Va. Code §59.1-575 et seq.). Right to access, correct, delete, port, and opt out of targeted advertising, sale, and profiling.
  • Colorado (CPA, Colo. Rev. Stat. §6-1-1301 et seq.). Same rights as Virginia, plus right to opt out of profiling that produces legal or similarly significant effects.
  • Connecticut (CTDPA, Conn. Gen. Stat. §42-515 et seq.). Same access / correction / deletion / portability / opt-out rights.
  • Utah (UCPA, Utah Code §13-61-101 et seq.). Right to know, delete, port, and opt out of targeted advertising and sale.
  • Texas (TDPSA, Tex. Bus. & Com. Code §541.001 et seq.).Same access / correction / deletion / portability / opt-out rights. No volume threshold — the law applies once Dentadex no longer qualifies as an SBA small business.

7. Children

This site is built for dental-practice operators. We do not knowingly collect personal information from anyone under 13. If you think a child has sent us information, email privacy@dentadex.com and we’ll delete it.

8. Security

We encrypt data in transit with TLS 1.2+ and at rest with AWS-managed keys. We run on AWS in private subnets, with short-lived credentials, immutable infrastructure, and audit logging. Our HIPAA Security Officer (named in the BAA) signs off on every production change.

If we suffer a breach of unencrypted personal information of Illinois residents, we will notify affected individuals in the most expedient time possible and without unreasonable delay, consistent with 815 ILCS 530/10. Breaches affecting more than 500 Illinois residents will also be reported to the Illinois Attorney General. Breaches involving PHI follow the notification timelines in our Business Associate Agreement.

9. Cookies and tracking

See our Cookie Policy. Short version: we set only the cookies the site needs to work, and we don’t run third-party analytics on this marketing site today.

10. Changes to this policy

When we change this policy, we update the “Last updated” date above and keep prior versions on file. If a change affects how we use information we already have, we’ll email you before it takes effect.

11. Contact

Privacy questions: privacy@dentadex.com. Legal notices: legal@dentadex.com. Email is the designated method to submit privacy requests and legal notices under this policy.