Privacy Policy

1. Our Role: Data Processor vs. Data Controller

Dentiflex acts strictly as a Data Processor regarding any operational or clinical data uploaded to the Platform. The Client (the dental practice) remains the absolute Data Controller. We process data strictly according to the Client’s instructions to generate the Executive Revenue Audit. It is the Client's sole responsibility to ensure any files uploaded to the secure portal comply with the "minimum necessary" standards under HIPAA and applicable state laws.

2. Absolute Data Isolation (The Anti-Cartel Guarantee)

Dentiflex maintains strict data isolation protocols. Any data, practice schedules, or operational files uploaded by the Client to the Platform are used solely to generate that specific Client's computational audit.

Dentiflex is strictly prohibited from selling, leasing, sharing, or distributing Client production data to any third-party entities, including but not limited to insurance clearinghouses, industry trade associations, or corporate dental organizations (DSOs). All input text is handled via encrypted transport layers to preserve the absolute operational privacy of the practice.

3. Aggregated Benchmarking & Proprietary Processing

While we never share your specific practice data, our computational engine must learn. Upon ingestion into the secure portal, all raw practice production data is immediately stripped of any identifying markers (De-Identified) and converted into our proprietary 'DF Variables'.

Dentiflex retains the absolute right to utilize this anonymized, purely mathematical and statistical data to improve our computational algorithms, establish regional fee benchmarks, and enhance the logic of our 19 Optimization Protocols. This De-Identified, aggregated statistical data is wholly owned by Dentiflex.

4. The "Burn After Reading" Retention Protocol

Dentiflex employs a strict data minimization protocol to mitigate risk. Raw CSV files or operational data uploaded for the purpose of the Executive Revenue Audit are used solely during the active processing phase.

Once the final Audit PDF is generated and securely delivered, the raw source files are permanently purged from our active processing servers within thirty (30) days, leaving only the de-identified statistical output.

5. Public Website Data Collection

When you visit our public-facing website, we automatically collect standard analytics data, including IP addresses, browser types, and usage metrics, to optimize our marketing and website performance. We may use cookies or tracking pixels on the public site. However, this tracking data is strictly isolated from the secure computational Platform and is never linked to operational audit data.

6. Third-Party Service Providers

To operate the Platform, we engage essential third-party service providers (e.g., secure cloud hosting via AWS, payment processing via Stripe). These providers are bound by strict confidentiality and data security obligations and are only permitted to process data as necessary to provide their specific infrastructure services to Dentiflex.