Privacy Policy

Who We Are

Treatment Plan ("we," "us," "our") is a patient communication platform used by dental and orthodontic practices. We help practices deliver treatment plan information to patients via secure, personalized web pages and text messages.

Information We Collect

From Dental Practices (our customers):

• Practice name, contact person, email, phone number
• Practice management software type
• Billing and payment information
• Staff account credentials (email and hashed password)

From Patients (on behalf of our customers):

• Patient name, date of birth, and phone number (provided by the practice)
• Treatment plan details including procedures, costs, and insurance information
• Page view activity (opens, clicks, time spent)
• Appointment booking actions

From Website Visitors:

• Name, email, phone, and practice name (when you submit our interest form)
• Standard web analytics (pages visited, browser type, referring site)

How We Use Your Information

• To deliver treatment plan pages to patients on behalf of their dental practice
• To send SMS messages containing secure links to treatment plans
• To provide analytics and reporting to dental practices
• To manage practice accounts and billing
• To respond to inquiries from prospective customers
• To improve and maintain our platform

How We Protect Your Information

• All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)
• Patient health information is stored in HIPAA-compliant infrastructure
• Access to patient data requires date-of-birth verification
• Treatment plan links use opaque codes — no patient identifiers appear in URLs
• All access to patient data is logged for audit purposes
• We maintain a Business Associate Agreement (BAA) with each dental practice

Information Sharing

We do not sell your personal information. We share information only as follows:

• With dental practices: Patient engagement data (opens, clicks, bookings) is shared with the practice that created the treatment plan
• Service providers: We use sub-processors for hosting (AWS), SMS delivery (Twilio), and email (SendGrid), all under appropriate data protection agreements
• Legal requirements: We may disclose information when required by law or to protect rights and safety

Data Retention

• Active treatment plan data is retained as long as the practice maintains their account
• Patient engagement analytics are retained for 24 months
• Prospect inquiry data (interest form submissions) are retained for 12 months
• Practices may request deletion of their data at any time

Your Rights

Patients: Contact your dental practice directly to request access to, correction of, or deletion of your treatment plan information. Your practice controls this data and we process it on their behalf.

Dental Practices: You may access, export, or delete your account data at any time by contacting us. We will respond within 30 days.

Website Visitors: You may request deletion of any information you've submitted via our contact forms.

Cookies and Tracking

We use minimal cookies for session management and security (reCAPTCHA). We do not use advertising trackers or sell data to third parties.

Children's Privacy

Our platform is used by dental practices that may treat minors. Treatment plan information for minors is managed by the dental practice in accordance with applicable law. We do not knowingly collect information directly from children under 13.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to our practice customers via email. The "last updated" date at the top reflects the most recent revision.