PRIVACY POLICY
DSM Solutions Privacy Policy
DSM Solutions ("we," "us," "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website dsmsolutions.ai and use our dental practice management software services.
Information We Collect
Personal Information You Provide
- Contact information (name, email, phone, practice address)
- Practice details (practice name, specialty, number of providers)
- Account credentials (usernames, encrypted passwords)
- Payment information (processed through secure third-party providers)
- Support communications and feedback
Protected Health Information (PHI) When you use our services, we may process PHI on behalf of your dental practice as a Business Associate under HIPAA. This includes:
- Patient demographic information
- Treatment records and clinical data
- Appointment and scheduling information
- Insurance and billing information
- Any other PHI created, received, or maintained through our platform
Automatically Collected Information
- IP addresses and device identifiers
- Browser type and operating system
- Website usage patterns and analytics
- System performance and error logs
- Security monitoring data
How We Use Information
For Service Delivery
- Provide and maintain our dental practice management platform
- Process transactions and manage billing
- Provide customer support and technical assistance
- Communicate about service updates and maintenance
For Business Operations
- Improve and optimize our services
- Develop new features and functionality
- Conduct security monitoring and threat detection
- Comply with legal and regulatory requirements
Marketing and Communications (with your consent)
- Send newsletters and product updates
- Provide information about new services
- Conduct surveys and market research
- You may opt-out at any time
Information Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share information in these limited circumstances:
Service Providers We may share information with trusted third-party service providers who assist in:
- Payment processing
- Technical infrastructure and hosting
- Customer support services
- Security monitoring and backup services
All service providers are bound by confidentiality agreements and HIPAA Business Associate Agreements where applicable.
Legal Requirements We may disclose information when required by law, court order, or government regulation, or to:
- Protect our legal rights and property
- Investigate fraud or security threats
- Comply with regulatory investigations
- Protect the safety of individuals
Business Transfers In connection with any merger, acquisition, or sale of assets, personal information may be transferred, but will remain subject to privacy protections.
Protected Health Information (PHI) Handling
As a HIPAA-covered Business Associate, we:
- Process PHI only as directed by covered entities (dental practices)
- Maintain administrative, physical, and technical safeguards
- Do not use or disclose PHI except as permitted by our Business Associate Agreement
- Report any PHI breaches as required by law
- Return or destroy PHI upon termination of services
Data Security
We implement comprehensive security measures including:
- 256-bit AES encryption for data at rest and in transit
- Multi-factor authentication for all user accounts
- Regular security audits and vulnerability assessments
- SOC 2 Type II certified data centers
- 24/7 security monitoring and incident response
- Employee background checks and security training
Your Privacy Rights
Access and Control
- Request access to your personal information
- Update or correct inaccurate information
- Request deletion of your personal information (subject to legal requirements)
- Opt-out of marketing communications
- Request data portability
HIPAA Rights (for PHI) Rights regarding PHI are governed by HIPAA and your dental practice's Notice of Privacy Practices. Contact your dental provider directly for PHI-related requests.
California Residents (CCPA Rights) California residents have additional rights including:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
Data Retention
We retain personal information for:
- Active accounts: Duration of service relationship plus 7 years
- Marketing information: Until you opt-out or request deletion
- PHI: As required by HIPAA and state record retention laws
- Legal compliance: As required by applicable regulations
International Data Transfers
Our primary data processing occurs within the United States. If we transfer data internationally, we ensure appropriate safeguards including:
- Standard Contractual Clauses for EU data transfers
- Adequacy decisions by relevant authorities
- Other legally approved transfer mechanisms
Children's Privacy
Our services are designed for dental practices and are not intended for individuals under 16. We do not knowingly collect personal information from children under 16 without parental consent.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
- Email notification to account holders
- Prominent notice on our website
- In-app notifications for service users
Contact Information
For privacy-related questions or requests, contact us:
- Email: privacy@dsmsolutions.ai
- Mail: DSM Solutions Privacy Officer, 450 Park Avenue South New York, NY 10016
- Portal: Privacy request form at dsmsolutions.ai/privacy
