Privacy Policy

 

 

Privacy Policy

Dental Intake Forms Pro – Your Privacy is Our Priority

🔒 Our Privacy Commitment

We DO NOT collect, store, access, or sell any patient data or personal health information (PHI) from your forms.

All patient data remains exclusively on your servers, under your complete control.

1. Overview

This Privacy Policy explains how Dental Intake Forms Pro (“we”, “our”, or “the Service”) handles information. Our software is designed with privacy-first principles, ensuring that sensitive patient data never leaves your control.

2. What We DON'T Collect

We want to be absolutely clear about what we DO NOT do:

  • We DO NOT access your patient database
  • We DO NOT sell any data to third parties
  • We DO NOT share information with marketing companies
  • We DO NOT track individual patients or their data
  • We DO NOT have access to form contents after submission

3. What We DO Collect

3.1 Account Information (Minimal)

For subscription management only, we collect:

  • Practice name
  • Billing email address
  • License key activation status
  • Domain where software is installed
  • Patient PDF forms are stored on S3 AWS servers and sent with expiring link to email selected in plugin

3.2 Technical Information

For software improvement and support:

  • WordPress version
  • PHP version
  • Plugin version
  • Error logs (sanitized, no PHI)

🛡️ How Patient Data is Protected

All patient data is encrypted using AES-256-GCM encryption and stored only in YOUR database.

  • Data is encrypted end-to-end and at rest
  • We have no access to your database
  • All processing happens locally on your installation
  • You maintain complete data sovereignty

4. Data Storage and Control

4.1 Your Data Stays Yours

Patient information submitted through our forms:

  • Is encrypted before storage
  • Remains under your exclusive control
  • Can be deleted by you at any time

4.2 No Third-Party Access

We do not provide any third party with access to your data. The only external service involved is Stripe for payment processing of your subscription, and they only receive billing information, never patient data.

5. Payment Processing

Subscription payments are processed by Stripe, Inc. We do not store credit card information. Stripe's privacy policy governs their handling of payment information. Stripe is PCI-DSS compliant and uses industry-standard encryption.

⚠️ HIPAA Compliance Notice

Important: While our software provides encryption and security features, HIPAA compliance is YOUR responsibility as the healthcare provider.

You must ensure:

  • Your hosting environment is HIPAA-compliant
  • You have Business Associate Agreements (BAAs) with relevant third parties
  • Your email provider supports encrypted PHI transmission with a BAA
  • Your staff is trained in HIPAA compliance and PHI handling
  • You implement appropriate administrative and physical safeguards
  • You maintain audit logs and access controls

6. Security Measures

Our software includes:

  • AES-256-GCM encryption for all patient data
  • Secure form submission over HTTPS and TLS submission to S3 AWS server
  • Protection against SQL injection and XSS attacks
  • Regular security updates and patches
  • Encrypted database storage

7. Your Rights and Control

Since patient data stays on your servers:

  • You have complete control over all data
  • You can export data at any time
  • You can delete data at any time
  • You control who has access
  • You manage all data retention policies

8. Cookies and Tracking

Our plugin:

  • Does not use tracking cookies
  • Does generate analytics based on patient submissions
    • Number of submissions and types of forms submitted
    • General area (city-level data) of new patients
  • Does not use pixel tracking
  • Only uses essential session cookies for form functionality

9. Data Breach Notification

In the unlikely event of a security incident affecting our systems (not your patient data, which we don't have access to), we will:

  • Notify affected customers within 72 hours
  • Provide details about the nature of the incident
  • Offer guidance on any recommended actions

10. Children's Privacy

Our service is designed for use by dental practices. We do not knowingly collect information from children. All patient information, including that of minors, is handled by your practice according to your policies and applicable laws.

11. International Data

Since patient data never leaves your server, international data transfer regulations (like GDPR) are managed according to your server location and your compliance requirements.

12. Changes to Privacy Policy

We may update this policy periodically. Significant changes will be communicated via email to the billing contact. The “Last Updated” date will reflect any changes.

13. Contact Us

For privacy-related questions or concerns:

Email: support@intake.dental
Website: https://intake.dental

For HIPAA compliance questions, we recommend consulting with a healthcare compliance attorney or HIPAA specialist, as we cannot provide legal advice.

14. Legal Disclaimer

This software is provided as a tool to assist with form collection and data encryption. We make no warranties regarding HIPAA compliance, as compliance depends on many factors beyond our software, including but not limited to your implementation, configuration, staff training, and overall security practices.

Last Updated: October 2025
Effective Date: October 2025