Last updated: June 1, 2026 · Effective: June 1, 2026
DentaFlow ("we", "us", "our") operates the software platform at usedentaflow.com. This Privacy Policy explains how we collect, use, store, and protect personal information in connection with our Service.
This policy applies to dental clinics that subscribe to DentaFlow ("Clients") and patients who interact with the DentaFlow chat widget on Client websites ("End Users").
DentaFlow acts as a data processor on behalf of Clients. The dental clinic is the data controller responsible for patient data. Patients should consult their clinic's own privacy policy for information about how their data is used.
From Clients (dental clinics):
From End Users (patients via chat widget):
We do not collect:
Client data is used to:
End User data (patient conversations) is used to:
We will never:
For users in the European Economic Area (EEA) and UK, our processing is based on:
For health-related information patients may share in chat, processing is based on the explicit consent of the patient, facilitated through the Client's patient consent mechanisms. The Client bears responsibility for obtaining appropriate consents.
Upon account termination, Clients may request a data export within 30 days. After that period, all data is permanently deleted.
We share data only with the following service providers, all bound by data processing agreements:
All transfers of personal data outside the EEA/UK are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission.
We maintain strict data isolation between Clients — no clinic can access another clinic's data. We do not sell, rent, or trade personal data.
We implement industry-standard security measures including:
No internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach, we will notify affected parties as required by applicable law.
Depending on your location, you may have the right to:
Clients may exercise these rights by contacting privacy@usedentaflow.com.
End Users (patients) should contact the dental clinic they interacted with, as the clinic is the data controller.
We respond to verified requests within 30 days. EEA/UK residents may lodge a complaint with their local data protection authority. California residents have additional rights under the CCPA.
DentaFlow operates from the United States. Data may be transferred to and processed in the USA and other countries where our processors operate.
For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-US Data Privacy Framework where applicable, and other appropriate safeguards as required by law.
The Service is not directed at individuals under 13 years of age. We do not knowingly collect personal data from children under 13. Contact privacy@usedentaflow.com if you believe we have collected data from a child.
As the data controller, each Client is solely responsible for:
DentaFlow provides the technical infrastructure. Clients provide legal compliance. DentaFlow is not responsible for a Client's failure to comply with applicable laws.
We may update this Privacy Policy at any time. Material changes will be communicated to Clients via email at least 14 days before taking effect. The current version is always available at usedentaflow.com/legal/privacy.
Privacy requests: privacy@usedentaflow.com
HIPAA inquiries: hipaa@usedentaflow.com
General legal: legal@usedentaflow.com
We aim to respond within 5 business days.
Privacy questions: privacy@usedentaflow.com