Privacy Policy

Personal Information You Provide:

• Account registration data: name, email address, dental practice name, and professional credentials
• Profile information: practice location, specialty, number of operatories, and team size
• Payment information: processed securely through Stripe (we never store credit card numbers on our servers)
• Communications: messages sent through our platform, feedback submissions, and support requests
• Content preferences: modules accessed, forms downloaded, and features used

Information Collected Automatically:

• Device information: browser type, operating system, device type, and screen resolution
• Usage data: pages visited, features used, time spent on pages, and click patterns
• Log data: IP address, access times, referring URLs, and error logs
• Cookie data: session identifiers, authentication tokens, and preference settings (see Section 3)

Information We Do NOT Collect:

• Protected Health Information (PHI) as defined under HIPAA
• Patient records, treatment data, or clinical outcomes from your practice
• Social Security numbers or government-issued identification numbers
• Biometric data

We use the information we collect for the following purposes:

• Platform Access & Functionality: To create and manage your account, authenticate your identity, and provide access to platform features
• Payment Processing: To process subscription payments, issue invoices, and manage billing through our payment processor (Stripe)
• Personalization: To customize your experience based on your practice type, specialty, and content preferences via the Practice Settings feature
• Communication: To send account-related notifications, platform updates, educational content, and respond to your inquiries
• Analytics & Improvement: To understand how our platform is used, identify areas for improvement, and develop new features
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues

Legal Basis for Processing (GDPR):

• Contract Performance: Processing necessary to provide our services under your subscription agreement
• Legitimate Interest: Analytics, security, and platform improvement
• Consent: Marketing communications and non-essential cookies
• Legal Obligation: Tax reporting and regulatory compliance

We use cookies and similar tracking technologies to enhance your experience:

Managing Cookies: You can control cookies through our cookie consent banner (displayed on first visit) or through your browser settings. Disabling essential cookies may prevent you from accessing certain platform features. Our analytics provider (Umami) is privacy-focused and does not use personal identifiers.

*Payment cookies are only set during checkout sessions.

We do NOT sell your personal information. We share data only with the following categories of service providers, and only to the extent necessary to operate our platform:

We may also disclose your information if required by law, subpoena, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

• Active Account Data: Retained for the duration of your subscription plus 90 days after cancellation
• Payment Records: Retained for 7 years as required by tax and financial regulations
• Analytics Data: Aggregated and anonymized data retained indefinitely; identifiable analytics data deleted after 26 months
• Communication Records: Support tickets and correspondence retained for 3 years
• Security Logs: Access and authentication logs retained for 12 months

After the retention period, data is securely deleted or anonymized. You may request earlier deletion of your data (see Sections 6 and 7 for your rights).

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You may request a copy of the personal data we hold about you
• Right to Rectification: You may request correction of inaccurate or incomplete personal data
• Right to Erasure (“Right to Be Forgotten”): You may request deletion of your personal data, subject to legal retention requirements
• Right to Restrict Processing: You may request that we limit how we use your data
• Right to Data Portability: You may request your data in a structured, machine-readable format
• Right to Object: You may object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing your request.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CCPA

To submit a verifiable consumer request, contact us at [email protected] or email [email protected]. We will respond within 45 days. You may designate an authorized agent to submit requests on your behalf.

Do Not Track: Our platform does not currently respond to “Do Not Track” browser signals. We use privacy-focused analytics (Umami) that do not track individual users across websites.

Dental Mastery Academy is a professional education platform designed exclusively for licensed dental professionals. We do not knowingly collect personal information from children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (COPPA).

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

This platform does NOT collect, store, process, or transmit Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

The forms, templates, SOAP notes, clinical protocols, and other materials provided on this platform are educational resources designed for you to customize and implement within your own HIPAA-compliant practice management systems (e.g., Dentrix, Eaglesoft, Open Dental).

Your Responsibility: When you download, customize, and use forms from this platform in your practice, you are solely responsible for ensuring that your use complies with HIPAA, your state’s privacy laws, and all applicable regulations. We strongly recommend consulting with your compliance officer or legal counsel before implementing any patient-facing forms.

We are not a Business Associate as defined under HIPAA, and no Business Associate Agreement (BAA) is required or offered for use of this platform.

We implement industry-standard security measures to protect your personal information:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (SSL)
• Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption
• Access Controls: Role-based access controls limit who can access personal data within our organization
• Payment Security: Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified). We never store, process, or have access to your full credit card numbers
• Authentication: Secure OAuth 2.0 authentication with session-based tokens
• Monitoring: Continuous security monitoring and logging of access patterns

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

Our platform is hosted in the United States. If you access our platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EEA. By using our platform, you consent to the transfer of your information to the United States as described in this policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page
• Notify registered users via email for material changes
• Display a prominent notice on our platform

We encourage you to review this policy periodically. Your continued use of the platform after any changes constitutes acceptance of the updated policy.

For any privacy-related questions, concerns, or requests, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For CCPA requests, we will respond within 45 days as required by law.