1. Introduction
PureChart, Inc. ("PureChart," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our dental practice management platform and related services (collectively, the "Services").
HIPAA Compliance: PureChart is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) for handling Protected Health Information (PHI). We maintain appropriate administrative, physical, and technical safeguards to protect PHI.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, professional credentials, and facility information
- Patient Information: Patient demographics, contact information, medical/dental history, treatment records, and insurance information
- Payment Information: Credit card details, bank account information (for facilities receiving payouts), and billing addresses
- Communications: The content of messages you send through the platform — including SMS, MMS, and WhatsApp messages, email, and in-app messages — along with support requests and feedback. Message content and recipient phone numbers are transmitted to our messaging providers (Twilio, MessageMedia) to deliver them.
- Photos, Videos, and Audio Recordings: Clinical images (e.g., dental x-rays and intraoral photos), patient documents, check-in photos, and consent videos — which may include audio — that you or your staff capture and attach to patient records.
2.2 Information Collected Automatically
- Device Information: Device type, operating system, browser type, and unique device identifiers
- Usage Data: Pages visited, features used, timestamps, and interaction patterns
- Location Data: Your IP address and general geographic location, and — when you use location-based features such as staff clock-in/clock-out verification, facility proximity, and job-application workflows — precise GPS location collected from your device. Precise location is used to verify on-site presence and identify nearby facilities, and may be transmitted to mapping services (Google Maps/Places) for that purpose.
2.3 Information from Third Parties
- Payment Processors: Transaction confirmations and payment status from Stripe
- Identity Verification: Verification results for compliance purposes
- Financial Institutions: Bank account verification data through Stripe Financial Connections
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve our dental practice management Services
- Process payments and facilitate payouts to dental facilities
- Verify identity and bank account ownership for security and compliance
- Send appointment reminders, payment notifications, and service updates
- Respond to support requests and communicate about your account
- Detect, prevent, and address fraud, security issues, and technical problems
- Comply with legal obligations, including HIPAA requirements
- Generate anonymized, aggregated analytics to improve our Services
4. Information Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
| Recipient | Purpose |
|---|---|
| Dental Facilities | Patient information shared with the facility providing care (as authorized) |
| Payment Processors (Stripe) | Payment processing, bank account verification, and payout facilitation |
| Communication Providers | Sending SMS reminders and email notifications (MessageMedia, SendGrid) |
| Legal Authorities | When required by law, subpoena, or to protect rights and safety |
| Business Transfers | In connection with merger, acquisition, or sale of assets |
No Third-Party Data Sharing: We do not share financial data collected through Stripe Financial Connections with third parties for their own purposes.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted using TLS/SSL encryption; sensitive data encrypted at rest
- Access Controls: Role-based access controls limiting data access to authorized personnel
- Infrastructure: Hosted on secure, SOC 2 compliant cloud infrastructure (Supabase/AWS)
- Payment Security: PCI-DSS compliant payment processing through Stripe
- Monitoring: Continuous security monitoring and audit logging
6. Data Retention
We retain information as follows:
- Patient Records: Retained per applicable state healthcare record retention laws (typically 7-10 years)
- Payment Records: Retained for 7 years for tax and audit purposes
- Account Information: Retained while account is active and for 3 years after closure
- Usage Logs: Retained for 2 years for security and analytics
7. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your information (subject to legal retention requirements)
- Portability: Request your data in a portable format
- Opt-Out: Opt out of marketing communications
- HIPAA Rights: For PHI, you have rights under HIPAA including access, amendment, and accounting of disclosures
To exercise these rights, contact us at privacy@purechart.com.
8. Children's Privacy
Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. Patient records for minors are managed by their parents/guardians or the treating dental facility.
9. Data Storage Location
All data is stored and processed within the United States. We do not transfer personal data outside of the United States.
10. Third-Party Services
Our Services integrate with the following third-party services, each with their own privacy policies:
- Stripe: Payment processing and financial connections - stripe.com/privacy
- Supabase: Database and authentication - supabase.com/privacy
- Google Cloud: Hosting and storage (including clinical images, documents, and consent videos) - cloud.google.com/privacy
- Twilio: SMS, MMS, and WhatsApp message delivery - twilio.com/legal/privacy
- MessageMedia: SMS and MMS message delivery - messagemedia.com/legal/privacy-policy
- Deepgram: Real-time call transcription (audio processed transiently; resulting text may be stored) - deepgram.com/privacy
The third parties listed above act as service providers (data processors) that handle data on our behalf under data-processing agreements, and are not permitted to use it for their own purposes.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Effective Date." Your continued use of our Services after changes constitutes acceptance of the updated policy.
12. Contact Us
Privacy Inquiries
PureChart, Inc.
Email: privacy@purechart.com
Support: support@purechart.com
Website: purechart.com
13. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, and shared
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
To submit a CCPA request, email privacy@purechart.com with subject line "CCPA Request."