Privacy Policy

Introduction

DDSINTEL ("we", "us", or "our") is a proprietary dental intelligence platform operated by EOXLABS. This Privacy Policy describes how we collect, use, store, and protect information related to your use of our platform and services.

Access to DDSINTEL is strictly by invitation. This policy applies to all invited users, prospective applicants who request access, and visitors to our public marketing pages. By requesting or accepting access, you acknowledge and agree to the practices described below.

Information We Collect

We collect two categories of information: (1) information you provide directly, and (2) information generated automatically when you interact with the platform.

Information you provide includes: your name, organization, professional role, business email, stated use case, budget range, and any free-text fields submitted through the Request Access wizard. Approved members additionally provide authentication credentials, billing and invoicing contacts, and API-key metadata.

Information we generate automatically includes: IP address, approximate geolocation, user-agent string, referrer URL, session identifiers, authentication timestamps, API request and response metadata (endpoint, latency, status code), and audit-log events describing actions taken within the platform.

Provider Intelligence Data

DDSINTEL aggregates information about dental providers and practices that is lawfully obtained from public federal and state registries, licensing boards, regulatory databases, public records, and commercial data partners. This data describes licensed professionals and business entities in their professional capacity; it is not intended to constitute personal information about consumers.

Individual dental professionals are identified by credentials such as name, NPI, license number, and practice address — all of which are public record in the jurisdictions where we source them. If you are a dental professional whose record appears in our system and you believe the source data is inaccurate, please contact us at the address below.

How We Use Information

We use information to: (a) evaluate and respond to access requests; (b) operate, maintain, and secure the platform; (c) authenticate users and prevent abuse; (d) personalize dashboards and deliver signal feeds; (e) invoice approved customers; (f) communicate service announcements, incident notifications, and material policy changes; and (g) comply with legal obligations.

We do not sell personal information. We do not use your submitted information to train public large-language models. We do not share member data with other members absent explicit, purpose-specific consent.

Legal Bases for Processing (EEA/UK)

For users in the European Economic Area and United Kingdom, we process personal data under the following lawful bases: (i) performance of a contract, where processing is necessary to provide you with the services you have requested; (ii) legitimate interests, for securing the platform, preventing abuse, and developing product improvements; (iii) legal obligation, where processing is required by applicable law; and (iv) consent, where explicitly requested.

How We Share Information

We share information only with vetted service providers acting as processors on our behalf, bound by written agreements and equivalent or stronger security requirements. Categories of subprocessors include: cloud infrastructure (Cloudflare, Supabase), transactional email (Resend), product analytics (PostHog, self-hosted where possible), and error monitoring.

We may disclose information when required by valid legal process, to protect the rights, property, or safety of DDSINTEL, our members, or the public, or in connection with a merger, acquisition, financing, or sale of company assets. In the event of a corporate transaction, we will provide notice before information is transferred and becomes subject to a different privacy policy.

Data Security

DDSINTEL runs entirely on edge infrastructure with defense-in-depth controls: TLS 1.3 in transit, AES-256 encryption at rest, hardware-isolated compute, role-based access controls, mandatory MFA for operators, centralized audit logging, and continuous anomaly monitoring. API keys are hashed, never stored in plaintext.

No system is impenetrable. In the event of a confirmed data incident affecting your information, we will notify affected parties and applicable supervisory authorities within the timelines required by law.

Data Retention

Access request submissions that do not result in admission are retained for 24 months, then deleted or anonymized. Approved member account records are retained for the duration of the relationship plus 7 years following termination, to satisfy tax, audit, and legal-defense obligations. Audit logs are retained for 13 months. API request logs are retained in detailed form for 30 days and in aggregate form for 24 months.

Your Rights

Depending on your jurisdiction you may have rights to: access a copy of the personal information we hold about you; correct inaccurate data; request deletion ("right to be forgotten"); restrict or object to processing; withdraw consent; receive your data in a portable format; and lodge a complaint with a supervisory authority.

California residents have additional rights under the CCPA/CPRA, including the right to know the categories and specific pieces of personal information collected, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" (we do neither), and the right to non-discrimination for exercising these rights.

To exercise any right, contact [email protected]. We respond within 30 days and may request identity verification.

Cookies and Similar Technologies

We use strictly necessary cookies to authenticate sessions, remember preferences, and protect against CSRF and bot attacks. We use first-party analytics cookies to measure aggregate platform usage. We do not set third-party advertising or cross-site tracking cookies.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in.

International Data Transfers

DDSINTEL operates on a globally distributed edge network. Your data may be processed in data centers located outside your country of residence. Where required, we rely on Standard Contractual Clauses and equivalent safeguards to protect cross-border transfers.

Children's Privacy

DDSINTEL is a business-to-business platform intended exclusively for licensed professionals and organizations. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected such information, contact us immediately and we will delete it.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, applicable law, or services offered. When we make material changes, we will post the updated policy with a revised effective date and, where appropriate, notify active members by email. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Contact Us

Questions, requests, or complaints about this Privacy Policy or our data practices may be directed to:

DDSINTEL · EOXLABS — Privacy Office Email: [email protected] Response time: 5 business days (acknowledgement) · 30 days (substantive response)