Skip to main content

Privacy Policy

Effective Date: December 15, 2025

DentalNote.ai (“we,” “us,” or “our”) is a Software-as-a-Service (SaaS) platform operated in Australia, designed to assist dental practices in managing patient health information, generating treatment-related documents, and facilitating secure communication. We are committed to protecting the privacy and security of personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), as well as other applicable Australian laws, including those related to health records.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information through our app and related services. By using DentalNote.ai, you consent to the practices described in this policy. If you are a patient, your dental practice may provide you with additional notices about how your information is handled.

1. Types of Personal Information We Collect

We collect personal information necessary to provide our services, which may include:

  • Patient Health Information (Sensitive Information): Names, dates of birth, contact details (e.g., email addresses, phone numbers), medical conditions, dental treatment history, proposed and completed treatments, consent forms, and general information on dental procedures.
  • Dental Practice and Staff Information: Practice details (e.g., name, address, contact information), staff names, email addresses, and roles.
  • Technical and Usage Data: Device information, IP addresses, login timestamps, and usage patterns to improve app functionality and security.
  • Authentication Data: Passwords, one-time passwords (OTPs) delivered via SMS, and soon, biometric data (e.g., fingerprint or facial recognition) for accessing protected workspaces and patient information.

We only collect sensitive health information with explicit consent or where required for the provision of our services.

2. How We Collect Personal Information

  • Directly from Users: When dental practices or staff input data into the app, such as patient details, treatment notes, or practice information.
  • From Patients: Through consent forms, treatment documents, or communications generated and shared via the app.
  • Automatically: Via app usage, including login attempts, OTP verifications, and device interactions.
  • From Third Parties: In limited cases, such as integrated services for SMS delivery (for OTPs) or email providers, but only with your consent or as necessary for service delivery.

We do not collect personal information unless it is reasonably necessary for our functions or activities.

3. How We Use Personal Information

We use personal information for the following primary purposes:

  • To manage and store patient health records securely within the app.
  • To generate password-protected PDFs of proposed and completed dental treatments, clinical notes, consent documents, and procedure information sheets.
  • To email these documents to patients and dental practices, with appropriate security measures.
  • To enable secure access to workspaces and protected patient information via passwords, OTPs via SMS, and upcoming biometric authentication.
  • To facilitate dentist-only access to stored clinical notes.
  • For app administration, including user authentication, troubleshooting, and improving features.
  • To comply with legal obligations, such as record-keeping requirements under Australian health laws.
  • For internal analytics to enhance service quality, without identifying individuals.

We will not use sensitive health information for marketing purposes without your explicit consent.

4. Disclosure of Personal Information

We may disclose personal information in the following circumstances:

  • To Authorised Parties: To dental practices, staff, or patients as part of service delivery (e.g., emailing treatment PDFs or consent forms).
  • Service Providers: To trusted third-party providers for essential functions, such as email services, SMS providers for OTPs, or cloud storage (all based in Australia or compliant with Australian privacy standards).
  • Legal Requirements: If required by law, such as in response to a court order, or to protect the safety of users or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

We do not sell or disclose personal information overseas unless the recipient is subject to equivalent privacy protections under the APPs (e.g., through contractual agreements).

5. Storage and Security

  • Storage: Personal information is stored on secure Australian-based servers. Clinical notes are password-protected and accessible only by the authorising dentist. Workspaces require password authentication, with OTP via SMS for added security, and biometrics to be implemented soon.
  • Security Measures: We use industry-standard encryption (e.g., for PDFs and data in transit), access controls, regular security audits, and monitoring to protect against unauthorised access, loss, or misuse. Emails and documents are sent securely, and we encourage users to maintain strong passwords.
  • Retention: We retain personal information only as long as necessary for the purposes outlined, or as required by law (e.g., health records may be retained for 7 years or more under state health regulations). After this, the data is securely deleted or de-identified.

In the event of a data breach, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

6. HIPAA Compliance

We are HIPAA compliant. This means we adhere to the standards set forth in the Health Insurance Portability and Accountability Act (HIPAA) for the protection of Protected Health Information (PHI), including implementing administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of PHI. Where applicable, we enter into Business Associate Agreements (BAAs) with covered entities to ensure compliance when handling US-based patient data.

7. Access, Correction, and Deletion

You have the right to access your personal information held by us, request corrections if it is inaccurate, or request deletion where appropriate. To do so, contact us via the details below. We may require identity verification and will respond within a reasonable timeframe (usually 30 days). Access may be denied in limited circumstances, such as if it poses a risk to others’ privacy or health.

For patients, access requests should typically be directed to your dental practice, as they are the primary controller of your health records.

8. Complaints

If you believe we have breached your privacy, please contact us first to resolve the issue. If unsatisfied, you can lodge a complaint with the OAIC at www.oaic.gov.au.

9. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children without parental consent. If we become aware of such a collection, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will notify users via the app or email and post the updated version on our website. Continued use of the app constitutes acceptance of the changes.

11. Contact Us

For questions about this Privacy Policy or your personal information, contact:

DentalNote.ai Privacy Officer Email: denver@richview.com.au, Suite 1D, 419 Townsend St, Albury, NSW 2640 Website: www.dentalnote.ai

This policy was last updated on 15 December 2025

Close Menu