This Consumer Health Data Privacy Policy describes how Dental Now collects, uses, and shares consumer health data as required by the Washington My Health My Data Act (RCW 19.373) and applicable state and federal privacy law. This policy supplements our Privacy Policy.
Dental Now is a neutral technology platform and marketplace — we are not your healthcare provider. We do not employ, refer, recommend, or endorse any dental provider. We do not practice dentistry or provide medical advice. This policy replaces any prior Notice of Privacy Practices that may have incorrectly framed Dental Now as a HIPAA covered entity with respect to self-submitted booking data; we are not such an entity. Our hosting infrastructure (Fly.io) operates under a signed Business Associate Agreement for the data it processes on our behalf.
"Consumer health data" means personal information that identifies or is reasonably linkable to you and that relates to your health status or healthcare. On Dental Now, this includes:
It does not include your general account information (name, email, password), student shadowing records, advisor data, or anonymized aggregate statistics — none of which relate to your personal health status.
We collect consumer health data only when you affirmatively submit an appointment request. You provide this information directly and voluntarily. We do not infer health status from your activity on the platform, do not purchase consumer health data from data brokers, and do not receive health data from third-party advertisers.
Consent to collect (separate, unbundled, opt-in). Before collecting your consumer health data, we present a clear, affirmative opt-in at the point of collection (the booking flow). This consent is separate from your general account terms acceptance — it is specific to the collection of your appointment details and reason for visit for the purpose of facilitating your appointment. We do not use pre-checked boxes, confirmshaming, or bundled consents. If you decline, we will not collect your consumer health data and cannot facilitate a booking on your behalf.
Under the Washington My Health My Data Act (RCW 19.373), valid consent requires a "clear affirmative act that signifies a consumer's freely given, specific, informed, opt-in, voluntary, and unambiguous agreement." Our consent UX is designed to meet this standard.
We use consumer health data solely to:
We do not use consumer health data for advertising, profiling, or marketing purposes.
Separate consent to share (unbundled, in-context). Sharing your consumer health data with a specific dental provider requires a second, separate, affirmative opt-in. This consent-to-share is presented at the booking confirmation step — the natural point where you are already affirmatively choosing to send your request to a specific dentist. It is not bundled with your general account terms. You consent to sharing your appointment details with one specific provider, for the purpose of facilitating your appointment with that provider only. The consent does not authorize sharing with any other provider or for any other purpose.
We share consumer health data only in these circumstances:
We do not and will not sell your consumer health data. We have no valid authorization to sell consumer health data and do not do so. We do not share consumer health data with data brokers, advertisers, analytics providers, or any third party for their independent use.
Data minimization. We minimize the consumer health data we transmit to third-party service processors. Appointment details (including reason for visit, contact information, and clinical notes) remain within your authenticated account on our Fly.io infrastructure (BAA-covered). Email and push notification processors receive only a generic nudge — no health details transit those channels. This minimization is a deliberate design choice that reduces data-breach risk and supports our compliance posture under MHMDA and the FTC Health Breach Notification Rule.
We implement the following safeguards:
Under the Washington My Health My Data Act (RCW 19.373) and applicable state privacy law, you have the following rights with respect to your consumer health data. To exercise any right, contact admin@dentalnow.io. We will respond within 30 days and will not discriminate against you for exercising any right.
You may request a copy of the consumer health data we hold about you. We will respond within 30 days of a verified request. To submit a request, contact admin@dentalnow.io.
You may request deletion of your consumer health data. We will honor deletion requests subject to applicable retention requirements (appointment records are generally retained for 7 years under state healthcare regulations). You can also delete your account at any time through the app, which anonymizes your personal identifiers.
You may withdraw your consent to the collection and sharing of consumer health data at any time by contacting admin@dentalnow.io. Withdrawal does not affect data already collected and shared in reliance on your prior consent.
If you believe we hold inaccurate consumer health data about you, you may request a correction by contacting admin@dentalnow.io.
If you believe your privacy rights have been violated, you may file a complaint with us or with either of the following authorities. You will not be retaliated against for filing a complaint.
We may update this policy from time to time. Material changes will be communicated via in-app notice at least 30 days before they take effect. The current version is always available at dentalnow.io/hipaa.
For our full data privacy practices, see the Privacy Policy.