1. Aperçu général

This Privacy Policy explains how Dental Education, Inc. d/b/a Intake.Dental (“we”, “our”, or “the Service”) collects, uses, and protects information. Our platform is designed with privacy-first principles and hosted entirely on our own HIPAA-compliant infrastructure delivered through practice-branded subdomains (e.g., yourpractice.intake.dental).

2. What We DO NOT Do

We want to be absolutely clear:

• Nous ne vendons AUCUNE donnée à des tiers.
• Nous NE partageons PAS d'informations avec des sociétés de marketing.
• We DO NOT track individual patients for advertising purposes
• We DO NOT access patient PHI except as necessary to provide the Services (e.g., encryption, PDF generation, PMS synchronization)
• We DO NOT use patient data for AI model training or any purpose beyond delivering your requested Services

3. Ce que nous collectons

3.1 Practice Account Information

For account management and service delivery, we collect:

• Practice name, address, and contact information
• Billing email address and subscription details
• Practice subdomain and branding preferences
• User accounts (name, email, role) for practice staff

3.2 Patient Data (on behalf of the Practice)

As a Business Associate, we process and store patient data submitted through intake forms on behalf of the practice, including:

• Patient demographics, contact information, and medical/dental history
• Insurance information (encrypted and used for eligibility verification when enabled)
• Electronic signatures and consent records
• Appointment and consultation scheduling data

All patient data is encrypted using AES-256-GCM with our proprietary dual-layer encryption and stored on HIPAA-compliant AWS infrastructure.

3.3 Technical Information

For service improvement, security monitoring, and support:

• Browser type and version
• IP addresses (hashed for analytics, raw for security audit logs)
• Error logs (sanitized to exclude PHI)
• Platform usage analytics (aggregate, non-identifying)

4. Data Hosting & Infrastructure

4.1 Our Infrastructure

Unlike self-hosted solutions, Intake.Dental is a fully managed SaaS platform. All data is hosted on infrastructure owned and operated by Dental Education, Inc., including:

• Amazon Web Services (AWS) for HIPAA-compliant storage and computing
• Supabase for managed database services with encryption at rest
• Dedicated practice subdomains with isolated data environments
• Automated encrypted backups with point-in-time recovery

4.2 Third-Party Service Providers

We use the following third-party services to deliver the platform. Each maintains their own compliance programs, and we maintain BAAs where applicable:

• Amazon Web Services (AWS): HIPAA-compliant infrastructure, S3 document storage
• Supabase: Managed database hosting
• Stripe: Payment processing (PCI-DSS compliant; receives only billing data, never patient data)
• Sikka AI: Practice Management System integration (maintains own BAA)
• Insurance verification APIs: Real-time eligibility checks (HIPAA-compliant EDI transactions)
• Daily.co: HIPAA-compliant video consultation infrastructure
• DeepL: Form translation services (receives de-identified form templates only, not patient data)

5. Traitement des paiements

Subscription payments are processed by Stripe, Inc. We do not store credit card information. Stripe's privacy policy governs their handling of payment information. Stripe is PCI-DSS compliant and uses industry-standard encryption. Patient payment information collected during consultation scheduling is also processed through Stripe and never stored on our servers.

6. Mesures de sécurité

Our platform includes:

• AES-256-GCM encryption with proprietary dual-layer (Glyph) encryption for all PHI
• TLS 1.3 encryption for all data in transit
• HIPAA-compliant AWS infrastructure with server-side encryption at rest
• Protection against SQL injection, XSS, and CSRF attacks
• Regular security audits and vulnerability assessments
• Isolated per-practice data environments with row-level security
• Automated security monitoring and alerting

7. Vos droits et votre contrôle

As a registered practice, you have the following rights:

• Access and export all your patient data at any time through the dashboard
• Request deletion of patient records in compliance with applicable retention requirements
• Control which staff members have access and at what permission level
• Manage all data retention policies within the platform
• Receive a copy of your data in standard formats upon request
• Upon termination, 30 days to export data before scheduled secure deletion

8. Cookies et suivi

Our platform:

• Uses only essential session cookies for authentication and form functionality
• Does not use third-party advertising cookies or pixel tracking
• Generates aggregate analytics based on patient submissions (submission counts, form types, general geographic area at city level) for practice dashboards
• Uses marketing attribution data (UTM parameters, referral sources) solely for practice-facing analytics

9. Notification en cas de violation des données

In the event of a security incident affecting PHI, we will:

• Notify affected practices within 72 hours of discovery
• Provide details about the nature and scope of the incident
• Cooperate with practice breach notification obligations under HIPAA
• Offer guidance on recommended mitigation actions
• Document the incident and remediation steps for compliance records

10. Confidentialité des enfants

Our service is designed for use by dental practices. Patient information for minors is submitted by parents, guardians, or the dental practice on behalf of the patient. All such information is handled in accordance with HIPAA, applicable state laws, and the practice's own policies regarding minor patient records.

11. Données internationales

Patient data is stored on servers located in the United States. If your practice serves patients in jurisdictions with specific data transfer requirements (e.g., GDPR, PIPEDA), you are responsible for ensuring appropriate disclosures and consent mechanisms are in place.

12. Modifications apportées à la politique de confidentialité

We may update this policy periodically. Significant changes will be communicated via email to the practice administrator. The “Last Updated” date will reflect any changes. Continued use of the Services after notification constitutes acceptance of the updated policy.

13. Contactez-nous

Pour toute question ou préoccupation relative à la confidentialité :

14. Mentions légales

This platform is provided as a tool to assist with patient intake, communication, teledentistry, and practice management integration. While we have built the platform to exceed standard HIPAA technical safeguard requirements and execute BAAs with all registered practices, compliance is a shared responsibility that depends on proper implementation, staff training, and adherence to all applicable laws and regulations by the practice.

Last Updated: February 2026
Effective Date: February 2026