Legal · Effective April 7, 2026

Privacy policy

AI Automation LLC (“DentalRecovery,” we,” “us,” or our”) operates the DentalRecovery software platform and the website at getdentalrecovery.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Service. By using the Service, you agree to the practices described below.

1. Who this policy applies to

This policy applies to two groups:

  • Practice Users: dental practice owners, staff, and other authorized users who sign up for and operate the DentalRecovery dashboard.
  • Patients: individuals whose information is imported into DentalRecovery from a dental practice’s practice management software (such as Open Dental) for the purpose of treatment plan follow-up.

2. Information we collect

2.1 Information from practice users

  • Account information: name, email address, password (hashed), practice name, role.
  • Billing information processed by our payment processor (we do not store full card numbers).
  • Practice management software credentials (encrypted at rest using AES-256).
  • Communications you send us (support requests, feedback, demo bookings).

2.2 Information from patients (via practices)

When a dental practice connects DentalRecovery to its practice management software, we receive patient data necessary to operate the Service. This may include:

  • Patient name, phone number, email address, and date of birth.
  • Treatment plan details, procedure codes, estimated treatment value, and presentation date.
  • Visit history, appointment status, and provider assignments.
  • SMS opt-in/opt-out status and message history with the practice.
  • Insurance status (where relevant for prioritization).

This information may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We treat all such data as PHI and handle it under a Business Associate Agreement (BAA) with the practice.

2.3 Information collected automatically

  • Log data (IP address, browser type, pages visited, timestamps).
  • Device and usage data necessary to operate and secure the Service.
  • Limited cookies required for authentication and session management. We do not use third-party advertising cookies.

3. How we use information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service.
  • Identify unscheduled treatment plans, score them for priority, and (where the practice has approved) send appointment-related SMS and email reminders to patients on the practice’s behalf.
  • Authenticate users and protect against unauthorized access.
  • Process payments and manage subscriptions.
  • Respond to support requests and communicate updates about the Service.
  • Comply with legal obligations and enforce our Terms of Service.

4. SMS / text messaging disclosures

DentalRecovery enables dental practices to send appointment reminder and treatment follow-up SMS messages to their own patients. The following terms apply to all SMS messaging facilitated through the Service:

  • No sale or sharing of mobile information. Mobile phone numbers collected through the SMS appointment reminder service are used solely to deliver appointment reminders and treatment follow-ups to patients. Mobile phone numbers and any data associated with SMS opt-in (including consent records) are never sold, rented, shared, transferred, licensed, or otherwise disclosed to any third parties, affiliates, marketing partners, or data brokers for marketing, promotional, or any other purpose. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
  • Limited service-provider sharing. Mobile information is shared only with Twilio, our SMS carrier, strictly to deliver appointment reminder messages on the dental practice’s behalf. Twilio is contractually bound to use the information solely to provide the messaging service and is prohibited from using it for their own marketing or any other purpose. Mobile information is never shared between dental practices, even if multiple practices use the DentalRecovery platform.
  • Consent. Patients receive SMS messages only after providing explicit consent through one of two methods: (1) checking an optional SMS consent checkbox and signing the patient intake form at the dental office, or (2) replying “YES” to a double opt-in SMS. Consent is given directly to DentalRecovery (operated by AI Automation LLC) as the practice’s SMS messaging provider; it is not shared with or transferred to any other party. Consent is recorded in the dental practice’s management software and verified via API before every message is sent. Consent collected for one dental practice is never used for another practice. Full details of the consent flow are documented at getdentalrecovery.com/sms-consent.
  • Opt-out. Patients may opt out of SMS at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message. Opt-out requests are processed immediately and the patient will not receive any further SMS from the Service unless they actively provide new consent. Patients may reply HELP at any time for assistance.
  • Message frequency. Patients receive a maximum of 6 SMS messages over an 8-week period per treatment plan (approximately 1–2 messages per month). The sequence stops immediately if the patient books an appointment, declines treatment, or opts out.
  • Message and data rates. Message and data rates may apply depending on the patient’s mobile phone service plan. DentalRecovery does not charge patients any additional fees for SMS messages.

5. How we share information

We share information only in the limited circumstances described below:

  • With the practice. Patient data is made available to authorized users at the dental practice that owns the data.
  • With service providers (subprocessors). We use vetted subprocessors to host infrastructure, deliver messages, and process payments, including but not limited to Supabase (database and authentication), Vercel (hosting), Inngest (background jobs), Twilio (SMS), SendGrid (email), and our payment processor. Each is bound by a data protection agreement and a BAA where required by HIPAA.
  • For legal reasons. We may disclose information when required by law, subpoena, or other legal process, or to protect rights, property, or safety.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred subject to the same protections described in this policy.

SMS opt-in and consent data exclusion. All of the above categories exclude text messaging originator opt-in data and consent. This information will not be shared with any third parties. Mobile phone numbers and SMS opt-in data are never sold, rented, shared, or transferred to any third party or affiliate for any purpose, and are never shared with any third party or affiliate for marketing or promotional purposes.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

6. Data retention

We retain account information for as long as the practice maintains an active subscription. Patient data is retained as needed to provide the Service and to comply with the practice’s recordkeeping obligations. Practices may request deletion of their data at any time, subject to legal retention requirements. Backups containing deleted data are purged on our standard rolling schedule.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit (TLS) and encryption at rest for sensitive credentials. Access to production systems is restricted, logged, and reviewed. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. HIPAA

For practices handling Protected Health Information, DentalRecovery operates as a Business Associate. We will execute a Business Associate Agreement with each covered-entity practice prior to processing PHI in production.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, or to object to or restrict certain processing. Practice users can manage account information directly in the dashboard. Patients should direct requests to their dental practice, which controls the underlying record. We will assist the practice in fulfilling valid requests.

10. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect information directly from children. Patient data imported by a practice may include minors; that information is handled under the practice’s authority and the BAA.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above. If changes are material, we will provide additional notice (for example, by email or in-app banner).

12. Contact us

Questions about this Privacy Policy or our data practices can be directed to:

AI Automation LLC
Email: privacy@getdentalrecovery.com