← Dental Now
Privacy Policy
Effective date: March 8, 2026 · Last updated: June 11, 2026
Dental Now is a neutral technology platform and marketplace — we are not your healthcare
provider. We do not employ, refer, recommend, or endorse any dental provider. To the extent
we handle health-related information you submit, we protect it consistent with applicable law.
We are not a HIPAA covered entity with respect to self-submitted booking data; our hosting
infrastructure (Fly.io) operates under a signed Business Associate Agreement. For your consumer
health data rights (including Washington My Health My Data Act rights), see our
Consumer Health Data Privacy Policy.
1. Who We Are
Dental Now ("we," "us," or "our") is a dental appointment facilitation platform operated by
Samuel Wachira, d/b/a Dental Now, a sole proprietorship based in Massachusetts. We connect
patients with licensed dental providers. Our contact information appears at the end of this policy.
2. Information We Collect
We collect the following categories of information:
- Account information: name, email address, and password hash.
- Appointment information: requested appointment date and time, reason for
visit, dental insurance information, and any notes you provide to the provider.
- Contact information: phone number provided during booking.
- Location information: ZIP code or GPS coordinates used to find nearby
providers (collected only with your explicit permission; not stored after search results
are returned).
- Device and usage data: IP address, browser/device type, and anonymized
interaction events used to improve the service. No cross-site tracking is performed.
- Consent record: timestamp of your agreement to this Privacy Policy and
the Consumer Health Data Privacy Policy.
- Student profile information: If you register as a dental student, we collect
your name, school or university, academic year, specialty interest, clinical hours goal,
phone number, biography, and optionally a resume/CV (PDF).
- School verification data: To verify student status, we may collect your .edu
email address domain or a photograph/scan of your student ID. Student IDs are stored in a
private storage bucket, accessible only to you and platform administrators for verification
purposes. Student IDs are never shared publicly.
- Shadowing and clinical hours data: Records of shadowing requests, session
dates, hours logged, and provider-confirmed completion records.
- Advisor profile information: If you register as a pre-dental advisor, we
collect your name, school affiliation, and professional title.
- Public portfolio data: If you choose to share your portfolio, a unique
share token is generated. Anyone with this link can view your name, school, academic year,
specialty interest, biography, and provider-confirmed shadowing hours. You control whether
to share this link.
- Push notification tokens: On mobile devices, we collect your device push
notification token to send appointment and shadowing status updates. You can revoke
notification permissions at any time in your device settings.
Information about your appointment and reason for visit is sensitive health information.
Under the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA),
appointment details and reason for visit constitute sensitive personal information
(health-related information). We collect and use this data solely to facilitate your
appointment with the dental provider you select. We do not use sensitive personal information
for purposes beyond those stated in this policy without your separate authorization. We protect
it as described in this policy and consistent with applicable law. For your specific
health-data rights, see our Consumer Health Data Privacy Policy.
3. How We Use Your Information
- To match you with and transmit your appointment request to the dental provider you select.
- To send appointment confirmations, updates, and cancellation notices.
- To meet our obligations under applicable privacy laws, including state health-privacy
laws and HIPAA where it applies.
- To detect and prevent fraud, unauthorized access, and security incidents.
- To improve the functionality and safety of the Dental Now platform (using anonymized
aggregate data only).
- To facilitate shadowing arrangements between dental students and dental providers who
have opted into the student program.
- To generate aggregated, anonymized school-level statistics for the School Leaderboard
feature (school name, total student count, aggregate hours). Individual student identities
are not disclosed on the leaderboard.
- To enable pre-dental advisors to view aggregated statistics for students at their
affiliated school (student names, academic years, and total hours are visible to advisors
at the same school).
- To send 6-month recall reminder emails for dental checkups. You may unsubscribe from
these emails at any time via the unsubscribe link included in each email.
- To send push notifications for appointment and shadowing status changes (requires your
device permission).
We do not sell your personal information or consumer health data to any third
party — ever. We do not share it with data brokers or advertisers. We do not use health-related
information for marketing or advertising without your separate, specific, written authorization.
Data minimization. We minimize the personal information we transmit to
third-party service processors. Appointment details (including reason for visit, contact
information, and clinical notes) remain within your authenticated account on our Fly.io
infrastructure (covered by a signed Business Associate Agreement). Email and push notification
delivery systems receive only a generic nudge directing you to open the app — they do not
receive your appointment details, reason for visit, insurance information, or contact details.
Full booking information is accessible only to you and the provider you selected, within the
authenticated application.
4. How We Share Your Information
Your information may be shared only in the following limited circumstances:
- With the dental provider you book: We share your booking details, reason
for visit, contact information, and notes exclusively with the provider you select, solely
to facilitate your appointment.
- Infrastructure hosting (Business Associate): We self-host our database
and authentication infrastructure on Fly.io, Inc., under a signed Business Associate
Agreement. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Email delivery: We use Resend, Inc. for transactional email delivery
as a data processor under data-processing terms. We minimize the health-related content
transmitted via email.
- Push notifications: We use Expo (Software Mansion S.A.) for mobile
push notification delivery as a data processor under data-processing terms. Push
notification content does not contain appointment details — all notifications direct
you to open the app.
- With pre-dental advisors: If you register as a student, advisors affiliated
with the same school may view your name, academic year, specialty interest, and aggregated
shadowing hours. Advisors cannot view your school ID, resume, or contact information.
- Public portfolio (opt-in): If you share your portfolio link, anyone with the
link can view your name, school, academic year, specialty interest, bio, and provider-confirmed
shadowing session details. This is entirely opt-in; no data is made public unless you actively
share the link.
- Legal requirements: We may disclose information if required by law,
court order, or government authority, or to protect the rights and safety of our users.
- Business transfers: In the event of a merger, acquisition, or asset
sale, data will only be transferred to a successor that agrees to be bound by terms no
less protective than this policy.
5. Data Retention
Booking records are retained for 7 years from the date of the appointment,
as required by applicable healthcare regulations. After this period, records are permanently
and securely deleted. Account data is retained until you request deletion.
Student profile data, shadowing records, and logged hours are retained until you delete your
account. School ID images are retained only as long as needed for verification and are deleted
when you remove them or delete your account. Upon account deletion, all student data
(profile, shadowing requests, logged hours, uploaded files) is anonymized and de-identified.
Personal identifiers are removed, but anonymized records may be retained as required by
applicable law (minimum 6 years for certain healthcare records). You may request
confirmation of anonymization by contacting admin@dentalnow.io.
Analytics & Third-Party Services
Vercel Analytics: On the web version of Dental Now, we use Vercel Analytics
to collect anonymized page view and performance data. No personally identifiable information
is collected through this service. You may opt out via the cookie consent banner.
Expo Push Notifications: We use Expo's push notification service to deliver
notifications to your device. Device push tokens are transmitted to Expo for delivery purposes
only. Push notification content does not contain patient names, appointment times, or other
health-related information — all notifications use generic text directing you to open the app.
6. Security
We implement the following safeguards:
- All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
- Access to appointment data is restricted to authenticated users and authorized dental
providers via role-based access control (RBAC) and Row-Level Security (RLS) policies.
- Sessions automatically time out after 15 minutes of inactivity.
- Audit logging is enabled for all access to booking records.
- We conduct regular security reviews of our infrastructure and access controls.
7. Your Privacy Rights
You have the following rights regarding your information:
- Right to Know/Access: You may request a copy of the personal information
we hold about you, including the categories collected, the purposes of use, and the
categories of third parties with whom it is shared. We will respond within 30 days of a
verified request.
- Right to Correction: You may request correction of inaccurate or
incomplete information.
- Right to Deletion: You may request deletion of your personal data,
subject to applicable retention requirements (see Section 5).
- Right to Limit Use of Sensitive Personal Information: Under CCPA/CPRA,
you may request that we limit our use of your sensitive personal information (including
appointment details and reason for visit) to only what is necessary to provide the
Service. Contact us to exercise this right.
- Right to Opt Out of Sale: We do not sell personal information. This
right is satisfied by our no-sale practice.
- Right to Withdraw Consent: Where we rely on your consent to process
data, you may withdraw it at any time. Withdrawal does not affect processing already
completed.
- Right to Non-Discrimination: We will not deny you service, charge you
different prices, or provide a different level of service because you exercised a privacy
right.
To exercise any of these rights, contact our Privacy contact at
admin@dentalnow.io.
We will respond within 30 days and will not require you to create an account to submit a
request. For consumer health data rights under the Washington My Health My Data Act or
similar state laws, see our
Consumer Health Data Privacy Policy.
8. Children's Privacy
Dental Now is not directed to children under 13. We do not knowingly collect personal
information from children under 13 without verified parental consent. If you believe we
have inadvertently collected such information, please contact us immediately.
9. California Residents — CCPA/CPRA Notice at Collection
This section serves as the required notice at collection for California residents under the
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) (Cal. Civ.
Code §1798.100 et seq.; CCPA Regs §7012).
Categories of personal information collected and purposes:
- Identifiers (name, email, phone): to create and manage your account, to
send appointment notifications, and to facilitate your booking with the dental provider
you choose.
- Sensitive personal information — health data (appointment details, reason
for visit, dental insurance information): solely to transmit your appointment request to the
dental provider you select and to send status notifications. We use this data for no other
purpose without your separate authorization.
- Internet or network activity (anonymized page views, device type): to
improve platform performance. No cross-site tracking. No health data in analytics.
- Professional/educational information (student program, school, clinical
hours): for students only, to facilitate the shadowing program and enable advisor
oversight within the same institution.
We do not sell personal information. We do not share personal information
for cross-context behavioral advertising. California residents have the rights described in
Section 7 above, including the right to know, delete, correct, and limit use of sensitive
personal information. To submit a verifiable consumer request, contact
admin@dentalnow.io. We will not discriminate
against you for exercising these rights.
10. Breach Notification
If we discover a security breach that involves your personal information, we will notify you
and the appropriate regulatory authorities consistent with applicable law, including the FTC
Health Breach Notification Rule (16 C.F.R. Part 318, as amended effective July 29, 2024) and
applicable state breach-notification statutes. For breaches covered by the FTC HBNR, we will
notify affected individuals without unreasonable delay and no later than 60 calendar days after
discovery. Notifications to regulators will follow the timelines required by applicable law.
We will not create a reportable breach by routing health-related data through un-BAA'd third
parties — our data-minimization posture (Section 3) is designed to prevent this.
11. Consent Practices
Where we collect consent (including for consumer health data under state health-privacy laws),
we do so through a separate, unbundled opt-in that is specific, informed, and voluntary. We do
not use pre-checked boxes, confirmshaming decline labels, manufactured urgency, or hidden
disclosures. Consents are not bundled into general terms acceptance — health-data-specific
consents appear at the point of collection (the booking flow). You may withdraw any consent at
any time by contacting admin@dentalnow.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated
via in-app notice at least 30 days before they take effect. Continued use of Dental Now
after the effective date constitutes acceptance of the revised policy.
13. How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with us or
with the U.S. Department of Health and Human Services Office for Civil Rights:
You will not be retaliated against for filing a complaint.
14. Contact Us
For information about your consumer health data rights, see our
Consumer Health Data Privacy Policy.