PRIVACY POLICY

Last updated on [05/19/2025]

Dentistry.One LLC (collectively referred to as "D1", "we", "us", or "our"), provides certain websites and various mobile and/or desktop applications (collectively, the “Platform”) as well as services, features, content, and applications, which among other things provide potential patients access to a network of dental practitioners, who will provide dental and related services by and through the Platform (collectively, the “Services”). This Privacy Policy (the “Policy”) is not a contract and does not create any contractual rights or obligations.

PRIVACY IS IMPORTANT TO D1

Here at D1, your privacy is important to us and this Policy provides an overview of how we employ, disclose, and process your personal information. This Policy applies to visitors of the websites dentistry.one, the sub domain app.dentistry.one and any other publicly available associated domains and mobile applications owned and operated by D1 (again, the “Platform”).

For the purposes of this Policy, "you" and "your" means you as the visitor or user of the Platform. If the person accessing the Platform or engaging with our Services does so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization, if applicable. This Policy describes the types of personal information we collect from visitors and users of our Platform and our practices for using, maintaining, sharing, and protecting it. It also describes how you may contact us.

• Updates To This Policy
• Personal Information We Collect And What We Do With It
• Protected Health Information
• Use By Minors
• Third-Party Websites And Links And Social Media
• Cookies And Online Technologies Policy
• How We Protect Your Information
• Marketing
• Data Retention
• Notice To International Users
• How To Contact Us

UPDATES TO THIS POLICY

This Policy may be updated periodically to reflect changes in our privacy practices. It is your responsibility to review the Policy from time to time to view any such changes. Changes to this policy become effective immediately upon publication. Please consult this space for updates.

PERSONAL INFORMATION WE COLLECT AND WHAT WE DO WITH IT

When you visit the Platform, we may collect your:

• Online identifier information, such as your internet protocol (IP) address and other unique identifiers (like cookies);
• Geolocation information;
• Internet activity information, such as the referring website, time spent on the Platform, pages you look at and click, forms you look at and interact with, links that you click and generally how you interact with our Platform; and
• Device information, such as your operating system, browser and other technology on the devices that you use to access the Platform.

We collect this information in order to:

• Provide you with access to the Platform, including personalized features;
• Secure our networks, systems and databases against external threats;
• Perform general Platform analytics and monitor Platform usage;
• Develop, maintain and enhance our Platform and Services; and
• To advertise our Services, including through targeted or interest based advertising. You can read more about our use of tracking technologies here: Cookies and Online Technologies Policy.

We may disclose this information to our:

• Service providers (marketing services vendors, customer support and chat providers, IT support vendors, security monitoring providers, data analytics providers, practice management software providers, database and hosting vendors);
• Entities that operate plug-ins or social media features on our Platform; and
• Online advertising and marketing partners.

When you fill out a web form on our Platform, we may collect your:

• Identifier information, such as your full name and date of birth;
• Personal or business contact information, such as your phone number and e-mail;
• Business information, such as your company name and specialty;
• Licensure information, such as your professional license information, NPI number, specialty and states of licensure; and
• Any other information you choose to provide through the form.

We collect this information in order to:

• Respond to your requests and inquiries;
• Provide you with the Platform requested Services;
• Develop, maintain and enhance our Platform and Services, including by analyzing how users interact with our web forms;
• Perform analytics, derive metrics and perform research;
• Process transactions with you;
• Market our Services to you; and
• Contact you with information about our Services.

We may disclose this information to our:

• Service providers (webform and survey providers, customer support and chat providers, IT support vendors, data analytics providers, practice management software providers, database vendors and our text/email communication vendors);
• Advertising and marketing partners; and
• Providers and insurance carriers with whom you are connected.

When you sign-up for the Platform or engage with our Services through the Platform, we may collect your (or your dependents’):

• Identifier information, such as your full name, date of birth, pronouns, gender, account name and password;
• Contact information, such as your address, phone number and e-mail;
• Payment information, such as your payment card number, billing address, payment or banking information;
• Image information, such as photos of your mouth and teeth;
• Insurance information, such as your coverage details, member ID, group number, health plan information and carrier information;
• Pharmacy information;
• Medical and health information, such as your medical and dental history, medical conditions, height and weight, allergies, pain levels, medication and drug use; and
• Any information you provide to our AI chat bot or customer service interface.

We collect this information in order to:

• Connect you with providers, including scheduling appointments;
• Provide you with the Platform requested Services;
• Develop, maintain and enhance our Services;
• Perform analytics, derive metrics and perform research;
• Process transactions with you; and
• Contact you with information about our Services.

We may disclose this information to our:

• Service providers (payment processors, IT support vendors, customer support and chat providers, e-prescription providers, data analytics providers, practice management software providers, database and hosting vendors and text/email communication vendors);
• Imaging scanning provider (which uses artificial intelligence to scan your mouth photos);
• Eligibility and claim clearinghouses; and
• Providers with whom you are connected.

In addition, any information you provide may be disclosed to other entities in the circumstances described below:

• To our auditors.  We may be subject to audits from a number of entities as well as due to our own internal auditing policies. In order to accomplish an effective audit, we must provide information, which may include your personal information, to external auditors. We always ensure that your information is safely disclosed and stored and that auditors can only use your information for the purposes of completing an audit.
• To individuals or entities you authorize.  We may disclose your personal information to individuals or entities at your direction.
• To our affiliates.  We may share your personal information with our affiliates for the purposes of administering our business and providing our Services.
• In corporate transactions.  We may share all or part of your personal information with other entities in connection with the sale, assignment, merger or other transfer of all or a portion of our organization or assets to such entities (including due to a sale in connection with a bankruptcy).
• For legal purposes.  We may disclose all or part of your personal information to courts, litigants, regulators, arbitrators, administrative bodies or law enforcement when we have reason to believe that disclosing this information is necessary to resolve actual or suspected claims. We may also disclose your personal information in order to identify, contact or bring legal action against someone who may be violating any agreement with us, or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Platform, or anyone else that could be harmed by such activities. We may disclose information in response to a subpoena, search warrant, in connection with judicial proceedings, or pursuant to court orders, legal process or other law enforcement measures.

Finally, we may process your personal information into aggregated, anonymized or de-identified form for any purpose. Aggregated, anonymized or de-identified information is information that can no longer reasonably identify a specific individual and is no longer “personal information.”

PROTECTED HEALTH INFORMATION

This Policy applies to your interactions with the Platform leading up to, or separate from, a relationship with a dental practice. D1 does not provide medical care under the Health Insurance Portability and Accountability Act of 1996 and its related regulations and amendments from time to time (collectively, "HIPAA").

Once you are in contact with one of our practices, any data collected through your interactions with the Platform for purposes of scheduling services with a dental practice, arranging telehealth visits, viewing/paying invoices, or related activities, is controlled by your relationship with the practice and the practice’s HIPAA Notice of Privacy Practices and/or its general privacy policy.

When you set up an account with the Platform, that creates a customer relationship between you and D1, and that relationship provides you access as user and the opportunity to use the Platform’s functionalities as well as the Services. To the relationship, from time to time you will provide various information to D1, including but not limited to, your name, email address, payment information, phone number and certain other information, that D1 does NOT consider to be or deem "protected health information" or "medical information".

Nonetheless, while using different features and components of the Platform and/or the Services, from time to time you may also provide certain health or medical information, and such information may be protected under applicable laws. Please note and please be aware that D1 is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, "HIPAA"). However, it is possible that one or more of the Dental Groups (as defined in our Terms of Service) may (or may not) be considered or deemed a "covered entity" or "business associate" under HIPAA. In addition, under certain circumstances and some cases, D1 may be considered or deemed a "business associate" of a Dental Group.

Please be advised that HIPAA does not necessarily nor automatically apply to an entity or person merely because there may be health information involved or communicated, and that as a result HIPAA may not apply to your transactions or communications with D1 and the Dental Groups. On the other hand, strictly and solely to the extent that D1 is potentially deemed a "business associate", D1, in those instances may be subject to certain terms and conditions of HIPAA with respect to "protected health information," as defined under HIPAA ("PHI"), that you provide to D1, the applicable Dental Group or the providers.

Moreover, any medical or health information provided by you may benefit from certain protections under applicable state laws (“State Protected Information”). However, any information that does not constitute PHI or State Protected Information under applicable laws may be used or disclosed in any manner permitted under our Privacy Policy. PHI or State Protected Information shall not be deemed to include information that has been de-identified in accordance with HIPAA.

The Dental Groups and providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Platform or the Service, you acknowledge receipt of the Notice of Privacy Practices from your Medical Group and provider(s).

Finally, you understand and agree that by using the Platform and/or the Services, even in those cases where HIPAA does apply to D1, the Dental Groups, the Providers, any and all information that you submit to D1 that is not intended for and used solely in connection with the provision of dental care and treatment by the Dental Group and providers, is not considered Protected Health Information, and such information shall only be subject to and governed by D1’s Privacy Policy and applicable state privacy laws. For purposes of clarity, information you provide to D1 in order to register and set up an account on the Platform, including name, username, email address, and phone number, or other related contact or payment information, are not considered Protected Health Information.

USE BY MINORS

The D1 Platform and Service is generally for use by individuals who are at least eighteen (18) years of age or such older age as required by applicable state law per the locale or jurisdiction in which the individual is using the Service. Individuals who are between the ages of thirteen (13) and eighteen (18) (or such older age of majority) may use the Service for the sole purpose of obtaining a dental consultation if a parent or legal guardian provides consent to such use in accordance with the requirements set forth in our Terms and Service. Nothing contained within the Platform and/or the Service is intended to address, and/or is directed to, any children under the age of thirteen (13). To the extent that D1 has actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.

In addition, if you are under sixteen (16) years of age, then you (or, in the alternative, your parent or legal guardian if you are under age 13) may request at any time that D1 removes content or information about you that may be accessible or posted on the Platform. In order to do so you must please submit any such request ("Minor Information Removal Request") to either of the following:

• By mail: Dentistry.One, Attn: Privacy Requests, 20 Highland Ave., Metuchen, NJ 08840
• By email: privacy@dentistry.one, using the subject line of "Minor Information Removal Request"

With each Minor Information Removal Request, please also specifically provide the following information in the body of the request:

• The basis and description of your request;
• The specific nature identity and of the content or information to be removed;
• The specific location of the content or information on the Platform (e.g. , the applicable link or URL);
• the specific statement that the request is in connection with "Minor Information Removal Request"; and
• Your name, street address, city, state, zip code and email address, and whether you prefer to receive a response to your request by mail or email.

Please be aware that we do not accept any Minor Information Removal Request by and through telephone or facsimile. D1 is not responsible for failing to comply with any Minor Information Removal Request that is incomplete, incorrectly or improperly labeled or incorrectly transmitted.

Please note that we are not required to erase or otherwise eliminate, or facilitate erasure or elimination of such content or information in certain cases and circumstances, including for example, in those circumstances where an international, federal, state, or local law, rule or regulation mandates that D1 to maintain the content or information; when D1 maintains the content or information on behalf of your Providers (as defined in our Terms of Services) as part of your electronic medical record; when the content or information is stored on or posted to the Platform by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when D1 anonymizes the content or information, so that you cannot be individually identified; when you do not follow the above described instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.

The above description of D1's practices concerning the collection of personal information through the Platform and/or Service from certain persons or individuals under the age of 18, is not an admission and is not intended to be an admission that D1 is subject to or regulated by the Children's Online Privacy Protection Act, the Federal Trade Commission's Children's Online Privacy Protection Rule(s), or any related or similar international, federal, state, or local laws, rules, or regulations.

THIRD PARTY WEBSITES AND LINKS AND SOCIAL MEDIA

Certain features of the Platform permit you to initiate interactions between the Platform and third-party services or platforms, such as social networks ("Social Media"). Social Media include features that allow you to click and access D1's pages on certain third-party platforms, such as Facebook, Twitter and LinkedIn as applicable, and from there to "like" or "share" our content on those platforms. Use of Social Media may entail a third party's collection and/or use of your data. If you use Social Media or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you are using. Both D1 and the third party may have access to information about you and your use of both the Platform and the third-party service.

Our Platform may contain links to other online platforms operated by third parties. We do not control such other online platforms and are not responsible for their content, their privacy policies, or their use of your information. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Platform and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on the Platform. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal information by third parties. Any information submitted by you directly to these third parties is subject to that third party's privacy policy.

COOKIES AND ONLINE TECHNOLOGIES POLICY

What is a cookie?

A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. There are several types of cookies:

• Session cookies  provide information about how a website is used during a single browser session while a user is visiting a website. Session cookies usually expire after the browser is closed.
• Persistent cookies  remain on your device between different browser sessions for a set amount of time in order to enable the website to remember user preferences, settings, or actions across other sites. A persistent cookie will remain on a user’s device for a set period of time specified in the cookie.
• First-party cookies  are cookies set by the operator of the website you are visiting.
• Third-party cookies  are cookies set by third parties that are different from the operator of the website you are visiting.

Our collection of cookies

We, our marketing partners, affiliates, and analytics or service providers use cookies and other similar technologies. We group the cookies that we collect into the following categories based upon their function (note that all types of cookies, as described above, may be found in each category):

Third-party cookies

The Platform allows third-parties to place cookies on your Internet-connected device in order to deliver advertisements based upon your web-browsing habits and history. Further, in order to provide interoperability and plug-ins from various social media websites (like Facebook), the Platform allows these third-parties to place and collect cookies on your Internet-connected device. However, you can restrict the third-party collection of cookies through the instructions provided in the section How To Opt-Out Of Tracking And Restrict Cookies below.

Analytics

We may use service providers to provide Platform metrics and other analytics services. These service providers may use cookies (see above); web beacons (also called clear GIFs or pixels), which are small blocks of code that allow us to measure the actions of visitors using D1’s Platform; and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our Platform and Services, webpages viewed, time spent on webpages, links clicked and conversion information (e.g., transactions entered into). This information may be used by D1 and its service providers on behalf of D1 to analyze and track usage of our Platform and Services to determine the popularity of certain content and to better understand how you use our Platform and Services.

We use Google Analytics on the Platform to analyze how individuals use the Platform. We will package up information about how individuals interact with our Platform and send it to Google Analytics to be processed into reports. This information includes basic pageviews and visit data such as device type, operating system, and browser type. When Google Analytics processes data, it aggregates and organizes the data based on particular criteria like whether a user’s device is mobile or desktop, or which browser they’re using. If, at any time, you choose not to participate in the use of analytics software, please use your web browser’s available opt-outs as described in the section How To Opt-Out Of Tracking And Restrict Cookies.

Advertising

We have partnered with third-party advertising networks that collect information about your online web browsing habits to serve you with interest-based advertisements. The information collected about you to serve these ads can include your IP address, unique online identifiers, your activity on our Platforms and information about your operating system, browser and platform and other technology on the devices you use to access the Platform.

The Meta Pixel is a snippet of code that sends data back to Meta about visitors who use the Platform and allows us to provide custom advertising on Meta properties (like Facebook and Instagram). The data provided to Meta may include information about how you interact with our Platform, including your search queries.

Session Recorders

Our Platform utilizes session recorders provided by a third-party service provider to understand how users interact with the Platform in order to identify and fix issues, identify areas for improvement and perform optimization updates. These recordings only track how you interact with our Platform, and not any other website, and aren’t used to provide you with advertisements, build profiles about you, do not collect Protected Health Information and are not otherwise connected to your personal identity.

We may use Hotjar in order to better understand our users’ needs and to optimize our Platform and Services. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

We also may use Fullstory to analyze user sessions on the Platform. Fullstory uses first-party cookies and local storage to maintain a coherent scope for a user session across multiple pages on a single website. Specifically, Fullstory collects information about a users interaction with our Platform, including the resources that they access, pages viewed, how much time they spent on a page, and how they reached our Platform. Fullstory also logs the details of user visits to our Platform and information generated in the course of using our Platform, such as mouse movements, clicks, page visits, text entered, how long they spent on a page, and other details of their actions on the Platform. For further details, please see Fullstory’s privacy policy.

Do Not Track

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. D1 does not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available external tools, we offer you the choices described in this Policy to manage the collection and use of information about you.

Web beacons, pixels, tags and scripts

In addition to cookies, we use other technologies to recognize and track visitors to D1’s Platform. A web beacon (also known as a “tracking pixel” or “clear GIF”) is a clear graphic image (typically a one-pixel tag) that is delivered through a web browser or HTML email, typically in conjunction with a cookie. Web beacons allows us certain functionality, for example, monitoring how users move from one page within a website to another, to track access to our communications, to understand whether users have come to a website from an online advertisement displayed on a third-party website, to measure how ads have been viewed and to improve site performance.

These technologies may be used on Platform or in our emails to help us to deliver cookies, count visits, understand usage of our sites, campaign effectiveness and determine whether an email has been opened.

Social Media Plug-ins (Linked-In and Instagram).

These plug-ins allow us to integrate social media functions into D1’s Platform and may also be used for advertising purposes by those social media companies. If you visit our Platform while logged into your social media accounts, information about your visit to our Platform, your social media identifier and information about your browser may be provided to those third-party social media companies. You should review the privacy policy of any social media entity with whom you have an account to learn about how they may use your data.

How To Opt-Out Of Tracking And Restrict Cookies

You can opt-out of the tracking of your online behavior by:

• visiting the Network Advertising Initiative (NAI) website opt-out page: http://www.networkadvertising.org/choices;
• visiting the Digital Advertising Alliance (DAA) opt-out page: http://www.aboutads.info/; and
• downloading and installing the Google browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.

You can control and delete cookies through your browser settings through the following:

• Google Chrome
• Mozilla Firefox
• Safari
• Opera
• Microsoft Internet Explorer
• Microsoft Edge
• Safari for iOS (iPhone and iPad)
• Chrome for Android

Please be aware that restricting cookies may impact the functionality of the Platform. For example, refusing cookies will not allow D1 remember your log-in information. Additional general information about cookies, including how to be notified about the placement of new cookies and how to disable cookies, can be found at www.allaboutcookies.org.

Alternatively, you may visit the U.S. Federal Trade Commission’s website www.consumer.ftc.gov to obtain comprehensive general information about cookies and how to adjust the cookie settings on various browsers.

HOW WE PROTECT YOUR INFORMATION

We are committed to making sure your information is protected and have selected third-party vendors that help keep your personal data safe. Unfortunately, we do not control these third parties and therefore cannot guarantee complete security. We employ several commercially reasonable electronic safeguards to keep your information safe where possible. Accordingly, we cannot fully guarantee against the access, disclosure, alteration, or deletion of data through events, including but not limited to hardware or software failure or unauthorized use. Any information that you provide to us is done so entirely at your own risk.

MARKETING

We do not sell your personal data to third parties for their marketing purposes without your explicit consent. We may combine your information with information we collect from other companies and use it to improve and personalize the Services, content and advertising. If you do not wish to receive marketing communications from us, you can send an email to the contact in How to Contact Us.

We may give you the opportunity to sign up for informational or promotional text messages. You may opt-in by providing your mobile number and consenting to receive texts. You may opt-out at any time as instructed in the confirmation text or by using the contact in How to Contact Us and including your mobile number (please allow reasonable processing time for a form or a direct email). Standard mobile data rates apply.

DATA RETENTION

We generally retain records only as long as necessary and as required for our business operations, for archival purposes, and/or to satisfy legal requirements. When determining the appropriate retention period for personal information, we take into account various criteria, such as the amount, nature, and sensitivity of the personal information; potential risk of harm from unauthorized use or disclosure; purposes for which we process your personal information; whether we can achieve those purposes through other means; and business operations and legal requirements. Because we maintain our Platform to protect from accidental or malicious loss and destruction, residual copies of your personal information may be retained in our backup and archival systems for a limited period of time, after which the information will be automatically deleted or put beyond use where deletion is not possible.

NOTICE TO INTERNATIONAL USERS

The Platform is controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of (and within) the United States. Any information you provide to us through use of our Platform may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored/accessed.

HOW TO CONTACT US

Should you have any questions about our privacy practices or this Policy, please email us at privacy@dentistry.one.