Legal

Privacy Policy

How OralAlly handles personal information and protected health information.

OralAlly, Inc.

Effective Date: May 6, 2026
Last Updated: May 6, 2026

1. Overview

OralAlly, Inc. (“OralAlly,” “we,” “us,” or “our”) provides a secure, cloud-based software platform designed for Registered Dental Hygienists in Alternative Practice (RDHAP), Dentists, and other dental professinoals to manage patient records, documentation, scheduling, billing, and related clinical workflows (the “Services”).

We are committed to protecting the privacy, confidentiality, and security of personal information, including Protected Health Information (“PHI”), in accordance with applicable laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

2. Our Role Under HIPAA

OralAlly operates as a Business Associate when we create, receive, maintain, or transmit PHI on behalf of covered entities (e.g., RDHAP and Dentist providers).

  • We enter into Business Associate Agreements (“BAAs”) with our customers where required.
  • We use and disclose PHI only as permitted under those agreements and applicable law.
  • We implement safeguards required under the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

3. Scope of This Policy

This Privacy Policy applies to:

  • Licensed dental professionals and their workforce using OralAlly
  • Visitors to our website
  • Individuals whose data is processed through our Services (e.g., patients)

Important: Dental providers (our customers) are the data controllers of patient data. OralAlly acts as a data processor/service provider.

4. Information We Collect

4.1 Account and Business Information

  • Name, email address, phone number
  • Practice or business name and details
  • Professional credentials and licensing information
  • Account login credentials
  • Billing and payment information

4.2 Patient Information (PHI)

Users may input and manage patient data, including:

  • Identifiers (name, address, date of birth)
  • Medical and dental histories
  • Clinical notes, treatment plans, and records
  • Images, x-rays, and attachments
  • Insurance and billing information

This data may constitute Protected Health Information (PHI) under HIPAA.

4.3 Automatically Collected Data

  • IP address and device identifiers
  • Browser type and operating system
  • Usage logs and session data
  • Feature interaction data
  • Cookies and similar tracking technologies

5. How We Use Information

5.1 General Use

We use information to:

  • Provide and maintain the Services
  • Authenticate users and secure accounts
  • Process payments and manage subscriptions
  • Provide customer support
  • Improve platform functionality and performance
  • Communicate service-related updates

5.2 Use of PHI (HIPAA Compliance)

We use and disclose PHI only:

  • To provide Services to our customers
  • As permitted or required by our BAA
  • As required by law

We do not:

  • Sell PHI
  • Use PHI for advertising or marketing purposes
  • Use PHI outside the scope of service delivery

6. Disclosure of Information

6.1 Service Providers (Subprocessors)

We may share data with vetted third-party vendors that support:

  • Cloud hosting and storage
  • Payment processing
  • Customer support tools
  • Security and monitoring services

All vendors with access to PHI are required to:

  • Sign BAAs where applicable
  • Maintain appropriate safeguards

6.2 Legal and Regulatory Requirements

We may disclose information:

  • To comply with applicable laws and regulations
  • In response to legal requests (e.g., subpoenas)
  • To protect the rights, safety, and integrity of OralAlly, users, or the public

6.3 Business Transfers

In the event of a merger, acquisition, or sale, data may be transferred subject to confidentiality and legal safeguards.

6.4 At Customer Direction

We may disclose data as instructed by our users (e.g., referrals, integrations, exports).

7. Data Security (HIPAA Safeguards)

OralAlly implements administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements, including:

  • Encryption of data in transit and at rest
  • Access controls (role-based permissions, least privilege)
  • Audit controls and logging
  • Multi-factor authentication (MFA) where applicable
  • Regular risk assessments and security reviews
  • Secure data backup and disaster recovery protocols

While we strive to protect all data, no system can be guaranteed 100% secure.

8. Breach Notification

In the event of a breach involving unsecured PHI, OralAlly will:

  • Notify affected customers without unreasonable delay
  • Provide required information to support breach reporting obligations
  • Comply with HIPAA Breach Notification Rule requirements

Customers are responsible for notifying patients and regulators where required.

9. Data Retention

We retain data:

  • For as long as necessary to provide Services
  • As required under applicable healthcare and legal recordkeeping laws
  • In accordance with contractual obligations

Upon termination, data may be:

  • Returned to the customer
  • Securely deleted, subject to legal retention requirements

10. User Rights and Responsibilities

10.1 Dental Providers (Customers)

Customers are responsible for:

  • Maintaining HIPAA compliance in their practice
  • Managing patient consent and authorizations
  • Responding to patient rights requests

10.2 Patient Rights

Patients should direct requests regarding their PHI (e.g., access, correction, deletion) to their dental provider.

10.3 General Privacy Rights

Depending on jurisdiction (e.g., California under CCPA/CPRA), individuals may have rights to:

  • Access personal data
  • Request deletion
  • Correct inaccuracies
  • Limit certain processing

Requests can be submitted via the contact details below.

11. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain sessions and authentication
  • Analyze usage and improve performance

Users can control cookies through browser settings.

12. Third-Party Integrations

Our Services may integrate with third-party systems (e.g., payment processors, EHRs). These third parties operate under their own privacy policies.

13. Children’s Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect data from children without appropriate authorization.

14. International Data Transfers

If data is transferred outside the United States, we implement appropriate safeguards consistent with applicable laws.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification
  • In-platform notice
  • Website updates

16. Contact Information

OralAlly, Inc.
Email: notifications@oralally.com
Address: 440 N Barranca Ave #4118, Covina, Ca 91723

17. Supplemental U.S. State Privacy Rights

Residents of certain states (e.g., California, Virginia, Colorado) may have additional rights, including:

  • Right to know categories of data collected
  • Right to delete personal information
  • Right to opt out of certain data sharing

We do not sell personal information.

18. Compliance Statement

OralAlly is committed to maintaining a privacy and security program aligned with:

  • HIPAA Privacy, Security, and Breach Notification Rules
  • Industry best practices for SaaS healthcare platforms
  • Applicable state privacy laws