DentalRecovery← Back to Home

Privacy Policy

Effective date: April 7, 2026

AI Automation LLC (“DentalRecovery,” “we,” “us,” or “our”) operates the DentalRecovery software platform and the website at getdentalrecovery.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Service. By using the Service, you agree to the practices described below.

1. Who This Policy Applies To

This policy applies to two groups:

  • Practice Users — dental practice owners, staff, and other authorized users who sign up for and operate the DentalRecovery dashboard.
  • Patients — individuals whose information is imported into DentalRecovery from a dental practice’s practice management software (such as Open Dental) for the purpose of treatment plan follow-up.

2. Information We Collect

2.1 Information from Practice Users

  • Account information: name, email address, password (hashed), practice name, role.
  • Billing information processed by our payment processor (we do not store full card numbers).
  • Practice management software credentials (encrypted at rest using AES-256).
  • Communications you send us (support requests, feedback, demo bookings).

2.2 Information from Patients (via Practices)

When a dental practice connects DentalRecovery to its practice management software, we receive patient data necessary to operate the Service. This may include:

  • Patient name, phone number, email address, and date of birth.
  • Treatment plan details, procedure codes, estimated treatment value, and presentation date.
  • Visit history, appointment status, and provider assignments.
  • SMS opt-in/opt-out status and message history with the practice.
  • Insurance status (where relevant for prioritization).

This information may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We treat all such data as PHI and handle it under a Business Associate Agreement (BAA) with the practice.

2.3 Information Collected Automatically

  • Log data (IP address, browser type, pages visited, timestamps).
  • Device and usage data necessary to operate and secure the Service.
  • Limited cookies required for authentication and session management. We do not use third-party advertising cookies.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service.
  • Identify unscheduled treatment plans, score them for priority, and (where the practice has approved) send appointment-related SMS and email reminders to patients on the practice’s behalf.
  • Authenticate users and protect against unauthorized access.
  • Process payments and manage subscriptions.
  • Respond to support requests and communicate updates about the Service.
  • Comply with legal obligations and enforce our Terms of Service.

4. SMS / Text Messaging Disclosures

DentalRecovery enables dental practices to send appointment-related SMS messages to their own patients. The following terms apply to all SMS messaging facilitated through the Service:

  • No sale or sharing of mobile information. Mobile phone numbers and any data associated with SMS opt-in (including consent records) are not sold, rented, shared, or transferred to any third parties for marketing or promotional purposes. This includes, without exception, affiliates and partners.
  • Limited service-provider sharing. Mobile information may be shared with subprocessors strictly to deliver SMS messages on the practice’s behalf (for example, Twilio as our messaging carrier). These subprocessors are contractually bound to use the information solely to provide the messaging service and not for their own marketing purposes.
  • Consent. Patients receive SMS messages only after the dental practice has obtained appropriate consent and the patient’s record indicates SMS communication is permitted.
  • Opt-out. Patients may opt out of SMS at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT. Opt-out requests are processed immediately and the patient will not receive further automated SMS from the Service. Patients may reply HELP for assistance.
  • Message frequency and rates. Message frequency varies based on the practice’s follow-up sequence. Message and data rates may apply.

5. How We Share Information

We share information only in the limited circumstances described below:

  • With the practice. Patient data is made available to authorized users at the dental practice that owns the data.
  • With service providers (subprocessors). We use vetted subprocessors to host infrastructure, deliver messages, and process payments — including but not limited to Supabase (database and authentication), Vercel (hosting), Inngest (background jobs), Twilio (SMS), SendGrid (email), and our payment processor. Each is bound by a data protection agreement and a BAA where required by HIPAA.
  • For legal reasons. We may disclose information when required by law, subpoena, or other legal process, or to protect rights, property, or safety.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred subject to the same protections described in this policy.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

6. Data Retention

We retain account information for as long as the practice maintains an active subscription. Patient data is retained as needed to provide the Service and to comply with the practice’s recordkeeping obligations. Practices may request deletion of their data at any time, subject to legal retention requirements. Backups containing deleted data are purged on our standard rolling schedule.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit (TLS) and encryption at rest for sensitive credentials. Access to production systems is restricted, logged, and reviewed. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. HIPAA

For practices handling Protected Health Information, DentalRecovery operates as a Business Associate. We will execute a Business Associate Agreement with each covered-entity practice prior to processing PHI in production.

9. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, or to object to or restrict certain processing. Practice users can manage account information directly in the dashboard. Patients should direct requests to their dental practice, which controls the underlying record. We will assist the practice in fulfilling valid requests.

10. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect information directly from children. Patient data imported by a practice may include minors; that information is handled under the practice’s authority and the BAA.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above. If changes are material, we will provide additional notice (for example, by email or in-app banner).

12. Contact Us

Questions about this Privacy Policy or our data practices can be directed to:

AI Automation LLC
Email: privacy@getdentalrecovery.com