DentalDesk Privacy Policy

Last Updated: November 05, 2024

1. Introduction

DentalDesk ("we," "our," or "us") is committed to protecting the privacy and security of personal information for both patients and healthcare providers. This Privacy Policy explains our practices regarding the collection, use, storage, and protection of information, including specific measures to safeguard sensitive personal information through encryption.

2. Information We Collect

2.1 Categories of Personal Information

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"):

Identifiers (name, email address, IP address)
Professional or employment-related information
Commercial information
Internet or other electronic network activity
Protected classification characteristics under state or federal law
Health information (as a Business Associate under HIPAA)

2.2 Sources of Personal Information

Direct from you
From your use of our platform
From your devices when you use our services

3. Use of Personal Information

We use the personal information we collect for:

Providing and maintaining our services
Processing your transactions
Fulfilling our contract with you
Meeting legal obligations
Security and fraud prevention
Technical administration

4. Data Security

We implement industry-standard security measures to protect personal information from unauthorized access, alteration, or disclosure. We encrypt sensitive personal information, including but not limited to names, phone numbers, addresses, Social Security numbers or Similar Identifiers, and medical records, using the Advanced Encryption Standard (AES) algorithm.

4.1 User Responsibility for Private Key Security

It is the user's responsibility to keep their private key confidential at all times. The private key is required to decrypt sensitive personal information on our platform. Users should take all necessary precautions to safeguard their private key and prevent unauthorized access to their accounts. DentalDesk is not responsible for any security breaches or unauthorized access resulting from a user’s failure to protect their private key.

Encryption Standards

All sensitive information is encrypted using the AES algorithm in Galois/Counter Mode (AES-GCM), ensuring both data confidentiality and integrity.
Encryption occurs at the time of data entry, and encrypted data is stored on secure servers.
Encrypted information can only be decrypted with authorized access and the necessary cryptographic keys, which are securely managed and restricted to authorized personnel.

We limit access to encrypted personal information to authorized personnel who need it to provide services. No unencrypted sensitive personal information is shared externally or with third parties without user consent, except where legally required.

5. Cookies and Tracking Technologies

We use only essential cookies necessary for the functioning of our platform:

Session management
Security features
Basic platform functionality

We do not use tracking cookies or advertising technologies.

6. Data Retention

We retain personal information as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes. When data is no longer needed, it is securely deleted or anonymized.

7. User Rights

Users have the right to access, update, and delete their personal information. Due to encryption, retrieval of specific encrypted details requires identity verification to ensure secure access.

8. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, or regulatory requirements. Any updates will be posted on our website, and we encourage users to review this policy periodically.

9. Business Associate Agreement

As a provider of services to covered entities under HIPAA, we maintain Business Associate Agreements and comply with HIPAA requirements regarding protected health information.

10. Additional Disclosures

10.1 Financial Incentive Programs

We do not offer financial incentives in exchange for the collection, use, or sale of personal information.

10.2 Authorized Agent

You may designate an authorized agent to make requests on your behalf. Agents must provide proof of authorization and verify their identity.

11. Contact Us

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

DentalDesk, #16 Dr. Grullón, Hato Del Yaque, Santiago de los caballeros, República Dominicana.
Email: [email protected]
Phone: +1 (829) 983-3825

We will respond to verifiable consumer requests within 45 days.