OralAlly, Inc.
Effective Date: May 6, 2026
Last Updated: May 6, 2026
1. Overview
OralAlly, Inc. (“OralAlly,” “we,” “us,” or “our”) provides a secure, cloud-based software platform designed for Registered Dental Hygienists in Alternative Practice (RDHAP), Dentists, and other dental professinoals to manage patient records, documentation, scheduling, billing, and related clinical workflows (the “Services”).
We are committed to protecting the privacy, confidentiality, and security of personal information, including Protected Health Information (“PHI”), in accordance with applicable laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
2. Our Role Under HIPAA
OralAlly operates as a Business Associate when we create, receive, maintain, or transmit PHI on behalf of covered entities (e.g., RDHAP and Dentist providers).
- We enter into Business Associate Agreements (“BAAs”) with our customers where required.
- We use and disclose PHI only as permitted under those agreements and applicable law.
- We implement safeguards required under the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
3. Scope of This Policy
This Privacy Policy applies to:
- Licensed dental professionals and their workforce using OralAlly
- Visitors to our website
- Individuals whose data is processed through our Services (e.g., patients)
Important: Dental providers (our customers) are the data controllers of patient data. OralAlly acts as a data processor/service provider.
4. Information We Collect
4.1 Account and Business Information
- Name, email address, phone number
- Practice or business name and details
- Professional credentials and licensing information
- Account login credentials
- Billing and payment information
4.2 Patient Information (PHI)
Users may input and manage patient data, including:
- Identifiers (name, address, date of birth)
- Medical and dental histories
- Clinical notes, treatment plans, and records
- Images, x-rays, and attachments
- Insurance and billing information
This data may constitute Protected Health Information (PHI) under HIPAA.
4.3 Automatically Collected Data
- IP address and device identifiers
- Browser type and operating system
- Usage logs and session data
- Feature interaction data
- Cookies and similar tracking technologies
5. How We Use Information
5.1 General Use
We use information to:
- Provide and maintain the Services
- Authenticate users and secure accounts
- Process payments and manage subscriptions
- Provide customer support
- Improve platform functionality and performance
- Communicate service-related updates
5.2 Use of PHI (HIPAA Compliance)
We use and disclose PHI only:
- To provide Services to our customers
- As permitted or required by our BAA
- As required by law
We do not:
- Sell PHI
- Use PHI for advertising or marketing purposes
- Use PHI outside the scope of service delivery
6. Disclosure of Information
6.1 Service Providers (Subprocessors)
We may share data with vetted third-party vendors that support:
- Cloud hosting and storage
- Payment processing
- Customer support tools
- Security and monitoring services
All vendors with access to PHI are required to:
- Sign BAAs where applicable
- Maintain appropriate safeguards
6.2 Legal and Regulatory Requirements
We may disclose information:
- To comply with applicable laws and regulations
- In response to legal requests (e.g., subpoenas)
- To protect the rights, safety, and integrity of OralAlly, users, or the public
6.3 Business Transfers
In the event of a merger, acquisition, or sale, data may be transferred subject to confidentiality and legal safeguards.
6.4 At Customer Direction
We may disclose data as instructed by our users (e.g., referrals, integrations, exports).
7. Data Security (HIPAA Safeguards)
OralAlly implements administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements, including:
- Encryption of data in transit and at rest
- Access controls (role-based permissions, least privilege)
- Audit controls and logging
- Multi-factor authentication (MFA) where applicable
- Regular risk assessments and security reviews
- Secure data backup and disaster recovery protocols
While we strive to protect all data, no system can be guaranteed 100% secure.
8. Breach Notification
In the event of a breach involving unsecured PHI, OralAlly will:
- Notify affected customers without unreasonable delay
- Provide required information to support breach reporting obligations
- Comply with HIPAA Breach Notification Rule requirements
Customers are responsible for notifying patients and regulators where required.
9. Data Retention
We retain data:
- For as long as necessary to provide Services
- As required under applicable healthcare and legal recordkeeping laws
- In accordance with contractual obligations
Upon termination, data may be:
- Returned to the customer
- Securely deleted, subject to legal retention requirements
10. User Rights and Responsibilities
10.1 Dental Providers (Customers)
Customers are responsible for:
- Maintaining HIPAA compliance in their practice
- Managing patient consent and authorizations
- Responding to patient rights requests
10.2 Patient Rights
Patients should direct requests regarding their PHI (e.g., access, correction, deletion) to their dental provider.
10.3 General Privacy Rights
Depending on jurisdiction (e.g., California under CCPA/CPRA), individuals may have rights to:
- Access personal data
- Request deletion
- Correct inaccuracies
- Limit certain processing
Requests can be submitted via the contact details below.
11. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain sessions and authentication
- Analyze usage and improve performance
Users can control cookies through browser settings.
12. Third-Party Integrations
Our Services may integrate with third-party systems (e.g., payment processors, EHRs). These third parties operate under their own privacy policies.
13. Children’s Privacy
Our Services are not directed to individuals under 13. We do not knowingly collect data from children without appropriate authorization.
14. International Data Transfers
If data is transferred outside the United States, we implement appropriate safeguards consistent with applicable laws.
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email notification
- In-platform notice
- Website updates
16. Contact Information
OralAlly, Inc.
Email: notifications@oralally.com
Address: 440 N Barranca Ave #4118, Covina, Ca 91723
17. Supplemental U.S. State Privacy Rights
Residents of certain states (e.g., California, Virginia, Colorado) may have additional rights, including:
- Right to know categories of data collected
- Right to delete personal information
- Right to opt out of certain data sharing
We do not sell personal information.
18. Compliance Statement
OralAlly is committed to maintaining a privacy and security program aligned with:
- HIPAA Privacy, Security, and Breach Notification Rules
- Industry best practices for SaaS healthcare platforms
- Applicable state privacy laws
