Privacy Policy

ToothNotes provides a website and software platform for clinicians and dental practices to capture, transcribe, draft, review, store, and manage clinical documentation.

This policy applies to personal information we collect when you use the ToothNotes website, create an account, contact support, join a waitlist or marketing list, record audio, upload content, or use the ToothNotes product.

In many cases a clinic or practice is responsible for the underlying patient relationship and for deciding what information is collected in the course of care. ToothNotes may process that information to provide the service to the relevant customer.

Depending on how you use ToothNotes, we may collect:

• account information such as your name, email address, phone number, role, and practice name
• authentication and security data, including sign-in events, device identifiers, browser details, IP-derived security signals, and account settings
• customer content, including audio recordings, transcripts, note drafts, templates, structured note content, and related metadata
• patient or consult information included by a clinician or practice when using the service
• support and communications data, including emails, contact forms, product feedback, and training or onboarding notes
• website and product usage data, including page visits, feature usage, referral source, campaign attribution, analytics preference choices, and subscription or marketing preferences

We may collect personal information:

• directly from you when you create an account, fill in forms, contact us, upload or record content, configure templates, or use product features
• from a clinic, practice, or customer administrator that creates or manages your access to ToothNotes
• from authentication, analytics, and communications providers that support the website and product
• from devices, browsers, or application logs generated when you use the website or platform

We hold personal information in cloud systems, databases, storage services, support tools, backups, and internal business systems used to operate ToothNotes.

We use personal information to:

• provide, secure, maintain, and improve ToothNotes
• authenticate users, manage accounts, control access, and prevent misuse
• process recordings, generate transcripts, create note drafts, and support template and workflow features
• communicate with customers about onboarding, support, product changes, billing, and service notices
• understand product and website usage, conversion performance, and customer engagement where you allow optional analytics
• comply with legal obligations, resolve disputes, and protect our rights, users, and systems

We do not knowingly sell personal information. Where we use service providers to help operate ToothNotes, they process information for the purposes of delivering services to us and our customers.

We may disclose personal information to:

• Amazon Web Services in Australia for hosting, storage, database, authentication, queueing, and transcription infrastructure
• analytics and performance providers such as Google Analytics, PostHog, Vercel Analytics, and Vercel Speed Insights where optional analytics are enabled
• Slack for limited operational notifications; if we introduce consent-gated marketing email, we will name the provider in this policy before use
• professional advisers, auditors, insurers, and service providers who help us operate the business
• regulators, law enforcement, courts, or other third parties where required by law or necessary to protect rights, safety, or systems
• actual or proposed acquirers or successors in connection with a business sale, restructure, or financing event

We limit disclosure to what is reasonably necessary for the relevant purpose and require service providers to handle information under appropriate confidentiality and security obligations.

ToothNotes is designed so that clinical application hosting, storage, and transcription are intended to run in AWS Australia (`ap-southeast-2`).

Some non-clinical service providers used for website analytics, product analytics, customer communications, or consent-gated email marketing may handle personal information outside Australia. Where that occurs, we take reasonable steps to work with reputable providers, give collection notices at or before collection, and document those disclosures in our privacy materials.

Based on the current vendor set and configuration, likely overseas disclosure regions may include the United States and the European Union or European Economic Area. This may change if our providers or hosting configurations change.

Current processor categories and handling practices may change over time. Material changes will be reflected in our privacy documents.

We use technical and organisational measures designed to protect personal information against loss, misuse, unauthorised access, alteration, and disclosure. These measures may include encryption in transit and at rest, role-based access controls, authentication controls, logging, network controls, and provider security features.

We retain information for as long as reasonably necessary to provide the service, comply with contractual and legal obligations, resolve disputes, maintain backups, and enforce our agreements.

Retention periods differ by data type. Draft operational defaults currently include raw-audio expiry after successful processing, shorter-lived operational logs, and longer retention for account, billing, support, and customer-controlled clinical records. Final note retention may also depend on the customer’s own professional record-keeping obligations.

ToothNotes also stores audit metadata about privacy and recording controls, including analytics choices, marketing consent state, and recording acknowledgement details captured before mobile consult-audio uploads.

You can request access to personal information we hold about you and ask us to correct inaccurate or out-of-date information by contacting support@toothnotes.com.

We may need to verify your identity before acting on a request. We aim to respond within a reasonable period and generally target 30 days for access, correction, or complaint responses.

If you believe we have handled your personal information improperly, please send a complaint with enough detail for us to investigate. We will acknowledge the complaint, review it, and respond within a reasonable time.

ToothNotes generally does not charge a fee to make a privacy request. If an unusually large or complex access request would create a significant administrative cost, we will discuss options with you before proceeding.

If you are dissatisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

For privacy-related enquiries, please contact ToothNotes in Melbourne, Victoria, Australia via support@toothnotes.com.