Privacy Policy

Toothreferral.com LLC ("Toothreferral," "we," "us," or "our"), with a principal place of business at 13220 Strickland Rd, STE 166, Raleigh, NC 27613, operates the website and digital platform located at toothreferral.com (the "Platform"). We are committed to protecting the privacy of our users, which includes healthcare providers ("Covered Entities") and their authorized personnel (collectively, "Users" or "you").

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform. Please note that any Protected Health Information (PHI) submitted to the Platform is governed strictly by our Business Associate Agreement (BAA) and HIPAA, which takes legal precedence over this Privacy Policy where applicable.

1. Information We Collect

We believe in strict data minimization. We only collect the following direct information:

• Account and Profile Information: When a dental practice or practitioner registers, we collect names, professional titles, practice names, physical addresses, corporate email addresses, and phone numbers.

No Technical Log Collection: Toothreferral does not track, store, or collect background technical logs, server logs, IP addresses, browser types, device information, operating systems, or passive platform interaction metrics.

2. Financial Transactions & Billing Data

All financial transactions on the Platform are processed securely through Stripe, Inc. ("Stripe").

• When you purchase a subscription or make a payment, your credit card and financial credentials are submitted directly to Stripe.
• Toothreferral does not store, process, or have access to your raw credit card numbers or security codes. All cardholder data is retained by Stripe in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Your interactions with Stripe are governed by their own corporate Privacy Policy.

3. Embedded Analytics & User Statistics

We deploy analytics tools strictly to generate functional, value-driven business insights for our Covered Entities:

• Embedded Google Analytics: We employ Google Analytics exclusively within embedded forms to capture usage trends. This data is utilized solely to compile performance dashboards and metric parameters directly for the active User.
• User-Generated Statistics: Performance analytics are derived directly from a practice's active platform usage. This allows the Covered Entity to understand referral volume, platform utility, and exactly how Toothreferral benefits their operational workflow.
• Strict Non-Disclosure: This operational statistics data is confidential, is never shared with third parties, and is accessible only to the originating Covered Entity and necessary system administrators for localized display.

4. How We Use Your Information

We use your basic profile information strictly for the following operational purposes:

• To provision, maintain, and secure the Toothreferral platform infrastructure.
• To authenticate user identities and enforce Role-Based Access Controls (RBAC).
• To facilitate the routing and secure transmission of dental referrals between authorized practices.
• To communicate system updates, security alerts, and support responses.

5. Third-Party Integrations & Infrastructure

To deliver a secure and efficient platform, we seamlessly integrate with elite technical sub-processors. Your data is handled according to strict enterprise safeguards:

• Hosting and Storage: All application data is securely hosted inside Amazon Web Services (AWS) in the US East (N. Virginia) Region.
• Document and Signature Management: Electronic signatures, consent logs, and referral legal envelopes are generated and safely archived within our AWS architecture via DocuSign APIs.
• Edge Security: Cloudflare provides our Web Application Firewall (WAF) and active DDoS mitigation. Cloudflare acts strictly as a secure conduit and does not persistently store platform data.
• Google APIs: We connect directly to Google APIs via secure OAuth tokens to enable workflow features (such as address lookups or calendar configurations) explicitly authorized by the User.

6. Strict Prohibition on the Sale of Data

Toothreferral does not, and will never, sell, rent, lease, or commercially monetize any data, corporate information, or patient information processed on our platform. All information remains the property of the Covered Entity and/or the respective patient. We do not share data with third-party data brokers, marketing agencies, or advertisers.

7. Data Security and Role-Based Access

We implement rigorous administrative, physical, and technical safeguards designed to protect information from unauthorized access or disclosure:

• All data is encrypted at rest within AWS and encrypted in transit via SSL/TLS protocols enforced by Cloudflare.
• The Platform enforces Role-Based Access Controls (RBAC), ensuring that your practice staff can only view information relevant to their assigned administrative or clinical roles.

8. Contact Us

If you have any questions or concerns regarding this Privacy Policy, please reach out to us:

• Email: Info@toothreferral.com
• Address: Toothreferral.com LLC, 13220 Strickland Rd, STE 166, Raleigh, NC 27613