← Dental Now
Privacy Policy
Effective date: March 8, 2026 · Last updated: March 11, 2026
HIPAA Notice: Dental Now operates as a HIPAA-covered entity. This policy
describes how we handle your Protected Health Information (PHI) in compliance with the
Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing
regulations (45 CFR Parts 160 and 164).
1. Who We Are
Dental Now ("we," "us," or "our") is a dental appointment facilitation platform operated by
Dental Now, Inc. We connect patients with licensed dental providers. Our registered address
and contact information appear at the end of this policy.
2. Information We Collect
We collect the following categories of information:
- Account information: name, email address, and password hash.
- Appointment information: requested appointment date and time, reason for
visit, dental insurance information, and any notes you provide to the provider.
- Contact information: phone number provided during booking.
- Location information: ZIP code or GPS coordinates used to find nearby
providers (collected only with your explicit permission; not stored after search results
are returned).
- Device and usage data: IP address, browser/device type, and anonymized
interaction events used to improve the service. No cross-site tracking is performed.
- Consent record: timestamp of your agreement to this Privacy Policy and
the HIPAA Notice of Privacy Practices.
- Student profile information: If you register as a dental student, we collect
your name, school or university, academic year, specialty interest, clinical hours goal,
phone number, biography, and optionally a resume/CV (PDF).
- School verification data: To verify student status, we may collect your .edu
email address domain or a photograph/scan of your student ID. Student IDs are stored in a
private storage bucket, accessible only to you and platform administrators for verification
purposes. Student IDs are never shared publicly.
- Shadowing and clinical hours data: Records of shadowing requests, session
dates, hours logged, and provider-confirmed completion records.
- Advisor profile information: If you register as a pre-dental advisor, we
collect your name, school affiliation, and professional title.
- Public portfolio data: If you choose to share your portfolio, a unique
share token is generated. Anyone with this link can view your name, school, academic year,
specialty interest, biography, and provider-confirmed shadowing hours. You control whether
to share this link.
- Insurance verification data: If you use the insurance verification feature,
we transmit your first name, last name, date of birth, and insurance member ID to our
insurance eligibility partner (Stedi, Inc.) solely to check your coverage status. This data
is not stored on our servers beyond the duration of the request.
- Push notification tokens: On mobile devices, we collect your device push
notification token to send appointment and shadowing status updates. You can revoke
notification permissions at any time in your device settings.
Information related to your appointment and health visit reason constitutes
Protected Health Information (PHI) under HIPAA.
3. How We Use Your Information
- To match you with and transmit your appointment request to the dental provider you select.
- To send appointment confirmations, updates, and cancellation notices.
- To fulfill our legal obligations under HIPAA and applicable state health privacy laws.
- To detect and prevent fraud, unauthorized access, and security incidents.
- To improve the functionality and safety of the Dental Now platform (using anonymized
aggregate data only).
- To facilitate shadowing arrangements between dental students and dental providers who
have opted into the student program.
- To generate aggregated, anonymized school-level statistics for the School Leaderboard
feature (school name, total student count, aggregate hours). Individual student identities
are not disclosed on the leaderboard.
- To enable pre-dental advisors to view aggregated statistics for students at their
affiliated school (student names, academic years, and total hours are visible to advisors
at the same school).
- To verify dental insurance eligibility prior to booking, via our eligibility verification
partner (Stedi, Inc.).
- To send 6-month recall reminder emails for dental checkups. You may unsubscribe from
these emails at any time via the unsubscribe link included in each email.
- To send push notifications for appointment and shadowing status changes (requires your
device permission).
We do not sell your information to third parties. We do not use PHI for
marketing without your separate written authorization.
4. How We Share Your Information
Your information may be shared only in the following limited circumstances:
- With the dental provider you book: We share your booking details, reason
for visit, insurance, contact information, and notes exclusively with the provider you
select, solely to facilitate your appointment (Treatment purpose under HIPAA).
- Service providers (Business Associates): We use Supabase, Inc. as our
database and authentication provider. Supabase acts as a HIPAA Business Associate under a
signed Business Associate Agreement (BAA). All PHI stored with Supabase is encrypted at
rest (AES-256) and in transit (TLS 1.2+). We use Stedi, Inc. for insurance eligibility
verification (270/271 transactions). We use Resend, Inc. for transactional email delivery.
We use Expo (Software Mansion S.A.) for mobile push notification delivery.
- With pre-dental advisors: If you register as a student, advisors affiliated
with the same school may view your name, academic year, specialty interest, and aggregated
shadowing hours. Advisors cannot view your school ID, resume, or contact information.
- Public portfolio (opt-in): If you share your portfolio link, anyone with the
link can view your name, school, academic year, specialty interest, bio, and provider-confirmed
shadowing session details. This is entirely opt-in; no data is made public unless you actively
share the link.
- Legal requirements: We may disclose information if required by law,
court order, or government authority, or to protect the rights and safety of our users.
- Business transfers: In the event of a merger, acquisition, or asset
sale, PHI will only be transferred to a successor that agrees to be bound by terms no
less protective than this policy.
5. Data Retention
Booking records containing PHI are retained for 7 years from the date of
the appointment, as required by applicable healthcare regulations. After this period, records
are permanently and securely deleted. Account data is retained until you request deletion.
Student profile data, shadowing records, and logged hours are retained until you delete your
account. School ID images are retained only as long as needed for verification and are deleted
when you remove them or delete your account. Upon account deletion, all student data
(profile, shadowing requests, logged hours, uploaded files) is permanently and irrecoverably
deleted.
6. Security
We implement the following safeguards in accordance with the HIPAA Security Rule
(45 CFR Part 164, Subpart C):
- All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
- Access to PHI is restricted to authenticated users and authorized dental providers via
role-based access control (RBAC) and Row-Level Security (RLS) policies.
- Sessions automatically time out after 15 minutes of inactivity.
- Audit logging is enabled for all access to booking records.
- We conduct regular security reviews of our infrastructure and access controls.
7. Your Rights Under HIPAA
As a patient, you have the following rights regarding your PHI:
- Right of Access: You may request a copy of your PHI held by Dental Now
within 30 days of your request.
- Right to Amendment: You may request correction of inaccurate or
incomplete PHI.
- Right to Accounting of Disclosures: You may request a list of
disclosures of your PHI made for purposes other than treatment, payment, or operations.
- Right to Restriction: You may request that we restrict certain uses or
disclosures of your PHI. We are not required to agree but will consider all requests.
- Right to Confidential Communications: You may request that we
communicate with you by alternative means or at an alternative address.
- Right to Revoke Authorization: Where we rely on your authorization to
use or disclose PHI, you may revoke it at any time in writing.
To exercise any of these rights, contact our Privacy Officer at
admin@dentalnow.io.
We will respond within 30 days.
8. Children's Privacy
Dental Now is not directed to children under 13. We do not knowingly collect personal
information from children under 13 without verified parental consent. If you believe we
have inadvertently collected such information, please contact us immediately.
9. California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA)
and the California Privacy Rights Act (CPRA), including the right to know, delete, and
opt out of the sale of personal information. We do not sell personal information. To submit
a verifiable consumer request, contact
admin@dentalnow.io.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated
via in-app notice at least 30 days before they take effect. Continued use of Dental Now
after the effective date constitutes acceptance of the revised policy.
11. How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with us or
with the U.S. Department of Health and Human Services Office for Civil Rights:
You will not be retaliated against for filing a complaint.
12. Contact Our Privacy Officer
For information about how your medical information may be used and disclosed, please also
review our HIPAA Notice of Privacy Practices.