Privacy Policy

We collect information that you provide directly, information collected automatically when you use our services, and information from third-party sources.

Information You Provide

• Account registration details (name, email, practice name, phone number)
• Practice management system credentials for integration purposes
• Billing and payment information
• Communications you send to us (support requests, feedback)

Information Collected Automatically

• Call logs and interaction metadata (duration, timestamps)
• Device and browser information when accessing our dashboard
• Usage patterns and analytics data
• IP addresses and approximate location data

We use the information we collect to:

• Provide, maintain, and improve our AI receptionist services
• Process appointments and integrate with your practice management system
• Send service-related communications and updates
• Analyze usage patterns to improve product performance
• Comply with legal obligations, including HIPAA requirements
• Detect and prevent fraud or abuse

As a HIPAA-compliant service, we handle Protected Health Information (PHI) with the highest standards of care. PHI is governed by our Business Associate Agreement (BAA) and is subject to additional protections beyond those described in this Privacy Policy.

We never sell PHI. We never use PHI for marketing purposes. Access to PHI is strictly limited to authorized personnel on a need-to-know basis.

We do not sell your personal information. We may share information with:

• Service providers: Third parties who help us operate our services (cloud hosting, payment processing, analytics) under strict contractual obligations
• Practice management systems: Your chosen PMS to facilitate appointment scheduling and patient record synchronization
• Legal requirements: When required by law, regulation, or legal process
• Business transfers: In connection with a merger, acquisition, or sale of assets

We implement industry-leading security measures to protect your data, including:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• SOC 2 Type II certified infrastructure
• Regular penetration testing and security audits
• Role-based access control with multi-factor authentication

We retain your information for as long as your account is active or as needed to provide services. When you terminate your account, we will delete or anonymize your data within 90 days, unless retention is required by law or for legitimate business purposes.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at privacy@dentlo.ai.

We use essential cookies to operate our dashboard and optional analytics cookies to understand how our services are used. You can manage cookie preferences through your browser settings.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email.