Last Updated: November 22, 2025 | Version: 1.0
1. Information We Collect
1.1 Information You Provide to Us
Account Information:
- Name, email address, phone number
- Business name and address
- Billing information (credit card details are processed through secure third-party payment processors)
- Job title and role within your organization
Patient Data (Processed on Behalf of Dental Clinics):
- Patient names, contact information, appointment history
- Treatment notes and preferences
- Communication records (emails, SMS messages)
- Any other information you input into our CRM system
Communications:
- Support requests, feedback, and correspondence with our team
- Survey responses and testimonial submissions
1.2 Information Collected Automatically
Usage Data:
- IP address, browser type, and device information
- Pages visited, features used, and time spent on our platform
- Login times and system activity logs
- Campaign performance metrics and analytics data
Cookies and Tracking Technologies:
We use cookies, web beacons, and similar technologies to enhance user experience:
- Analytics cookies to understand platform usage
- Functional cookies to maintain session information
- You can control cookie preferences through your browser settings
2. How We Use Your Information
We use collected information for the following purposes:
Service Delivery:
- Provide, maintain, and improve our CRM platform
- Process transactions and send transaction notifications
- Enable marketing campaign creation and execution
- Facilitate appointment reminders and patient communications
Customer Support:
- Respond to inquiries and provide technical assistance
- Troubleshoot platform issues and provide training
- Send important service updates and security notifications
Analytics and Improvement:
- Analyze platform usage to improve features and user experience
- Generate aggregate statistics and performance reports
- Conduct research and development for new features
Marketing (With Your Consent):
- Send promotional emails about new features and updates
- Provide educational content and best practices
- Invite participation in surveys and feedback sessions
Legal and Security:
- Comply with legal obligations and enforce our terms
- Prevent fraud, abuse, and security incidents
- Protect the rights and safety of EarLink LLC and our users
3. HIPAA Compliance and Protected Health Information (PHI)
3.1 Our Role as a Business Associate
When dental clinics use our platform to store and process patient health information, EarLink LLC acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA).
We commit to:
- Execute Business Associate Agreements (BAA) with covered entities
- Implement appropriate administrative, physical, and technical safeguards
- Use and disclose PHI only as permitted by the BAA and HIPAA regulations
- Report any security incidents or breaches as required by law
3.2 Security Measures for PHI
- Encryption: All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Audit Logs: Comprehensive logging of all PHI access and modifications
- Regular Security Audits: Annual third-party security assessments
- Employee Training: All staff complete HIPAA compliance training
3.3 Patient Rights
Dental clinics using our platform remain responsible for:
- Responding to patient requests for access, amendment, or deletion of PHI
- Providing notice of privacy practices to their patients
- Obtaining necessary patient authorizations
We will cooperate with our clients to facilitate patient rights requests.
4. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
Service Providers:
- Cloud hosting providers (AWS, Google Cloud)
- Payment processors (Stripe, PayPal)
- Email and SMS delivery services
- Analytics and monitoring tools
- All service providers are contractually obligated to protect your data
Legal Requirements:
- When required by law, subpoena, or court order
- To protect our legal rights and prevent fraud
- In connection with legal proceedings or investigations
Business Transfers:
- In the event of a merger, acquisition, or sale of assets
- You will be notified of any change in ownership or use of your information
With Your Consent:
- When you explicitly authorize us to share information
- For purposes you specifically approve
5. Data Retention
- Account Data: Retained for the duration of your account plus 7 years for legal and accounting purposes
- Patient Data: Retained according to your instructions and applicable healthcare record retention laws (typically 7-10 years post-treatment)
- Marketing Data: Campaign data retained for 2 years for analytics purposes
- Deletion Requests: You may request deletion of your data at any time, subject to legal retention requirements
6. Data Security
We implement industry-standard security measures:
Technical Safeguards:
- End-to-end encryption (TLS 1.3 for data in transit, AES-256 for data at rest)
- Secure cloud infrastructure with redundancy and backup systems
- Web application firewall and DDoS protection
- Regular vulnerability scanning and penetration testing
Administrative Safeguards:
- Employee background checks and confidentiality agreements
- Regular HIPAA and security training
- Incident response and disaster recovery plans
- Least-privilege access policies
Physical Safeguards:
- Secure data centers with 24/7 monitoring
- Biometric access controls
- Environmental controls and backup power systems
7. Your Rights and Choices
Access and Portability:
- Request a copy of your data in a portable format
- Review and download your account information
Correction:
- Update or correct inaccurate information through your account settings
- Request assistance from our support team
Deletion:
- Request deletion of your account and associated data
- Note: some data may be retained for legal compliance
Marketing Opt-Out:
- Unsubscribe from promotional emails via the unsubscribe link
- Contact us to opt out of other marketing communications
Cookie Management:
- Adjust cookie preferences through your browser settings
- Note: disabling certain cookies may limit platform functionality
8. International Data Transfers
EarLink LLC is based in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.
We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses (where applicable)
- Compliance with EU-U.S. Data Privacy Framework principles
- Adequate security measures regardless of data location
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.
Dental patient records may include information about minor patients, which is handled in accordance with HIPAA regulations and under the direction of the dental practice.
10. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information (subject to exceptions)
- Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights
To exercise these rights, contact us at [email protected].
11. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
Legal Basis for Processing:
- Contract performance (providing CRM services)
- Legitimate interests (improving our services, fraud prevention)
- Consent (marketing communications)
- Legal obligations (compliance with healthcare laws)
Your Rights:
- Access, rectification, erasure, and data portability
- Restriction of processing and objection to processing
- Withdraw consent at any time
- Lodge a complaint with your supervisory authority
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending email notification to registered users
- Displaying an in-platform notification
Continued use of our services after changes constitutes acceptance of the updated policy.
13. Contact Us
14. Breach Notification
In the event of a data security breach involving PHI or personal information, we will:
- Notify affected dental clinics within 24-48 hours
- Comply with HIPAA breach notification requirements (60 days)
- Provide information about the breach and steps being taken
- Cooperate with affected parties to mitigate harm
15. Dispute Resolution
Any disputes relating to this Privacy Policy will be resolved through:
- Good faith negotiation between the parties
- Binding arbitration in accordance with our Terms of Service
- Governing law: [Your State] law