Privacy Policy

SignalDMD is a practice-intelligence dashboard for dental practices, operated by Practice Evolved ("SignalDMD", "we", "us", "our"). This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have when you use our websites (signaldmd.com and practiceevolved.com), the SignalDMD web dashboard, and the SignalDMD Sync desktop application (together, the "Service").

SignalDMD is a business service for dental practices. It is not directed to consumers or the general public.

SignalDMD provides services to dental practices that are HIPAA "covered entities". When we handle protected health information (PHI) on a practice's behalf, we act as a "business associate" under a written Business Associate Agreement (BAA) with that practice.

The practice (our customer) controls its own patient information; we process it only to provide the Service to that practice, and only as permitted by the BAA and applicable law. Where the BAA conflicts with this Policy, the BAA controls for that PHI.

Account and contact information. When a practice or its staff signs up or contacts us, we collect names, work email addresses, the practice or business name, role, and authentication credentials.

Practice data synced from your practice software. With the practice's authorization, the SignalDMD Sync agent reads, strictly read-only, financial and operational data from the practice's existing practice-management system: insurance claims, write-offs, adjustments, accounts-receivable balances, appointments and recall, provider production, and related practice and insurer reference data. So a practice's own staff can work this data, a limited set of patient identifiers may be included for that practice's authorized users only, for example a patient's name and, where needed to contact a payer about an open claim, date of birth and insurance member or subscriber ID. The agent never writes to, edits, or deletes anything in the practice software.

Setup Scan and diagnostics. On first connection, SignalDMD Sync runs a read-only Setup Scan that collects the database schema (table and column names, types, relationships), system diagnostics (operating-system version, connectivity, drivers), the practice-management system type, and a consent record and logs. The Setup Scan does not collect patient records, claims, or payment exports.

Usage and technical data. When you use the dashboard or our websites, we collect standard technical data such as IP address, browser and device type, pages viewed, and log and diagnostic events, to operate, secure, and improve the Service.

We do not write to, change, or delete anything in your practice-management software. The connection is one-way and read-only.

We do not collect your database passwords (they remain on your own systems), and we do not collect Social Security numbers, clinical or treatment note text, or patient contact details such as home addresses or phone numbers, beyond the limited identifiers described above that your own staff need to do their work.

We do not sell your information, and we do not use patient information for advertising.

We use the information to provide and operate the Service (building each practice its own dashboard and worklists), authenticate users and secure accounts, provide customer support and onboarding, maintain, troubleshoot, and improve the Service, and comply with our legal obligations. We process PHI only as permitted by the applicable BAA.

We share information only as needed to run the Service, and only with appropriate safeguards.

Service providers and subprocessors. We use trusted vendors (for example, cloud hosting and infrastructure providers such as Amazon Web Services) to host and operate the Service. They are bound by contract, and where PHI is involved by business-associate terms, to protect the information and use it only to provide services to us.

Within your practice. Practice data and any included patient identifiers are visible only to the authenticated users of that same practice.

Legal and safety. We may disclose information if required by law, or to protect rights, safety, and the integrity of the Service.

Business transfers. If the business is involved in a merger, acquisition, or asset sale, information may be transferred subject to this Policy and applicable BAAs.

We do not sell or rent personal information, and we do not share it for third-party advertising.

We protect information with measures appropriate to its sensitivity, including encryption in transit and at rest, authenticated and access-controlled accounts, least-privilege and read-only database access on the practice connection, and activity logging. No method of transmission or storage is perfectly secure, but we work to protect your information and continually improve our safeguards.

We retain information for as long as needed to provide the Service to the practice, to comply with our legal and BAA obligations, resolve disputes, and enforce our agreements. On termination, we return or delete PHI as required by the applicable BAA. A practice may request deletion of its data as described below.

Practices and their authorized users may access and update account information in the dashboard or by contacting us. Depending on your location, you may have rights to access, correct, delete, or restrict the use of personal information, or to receive a copy of it.

For patient information that we process as a business associate, requests are directed to and handled by the practice (the covered entity); we assist the practice as required by the BAA. To make a request, email hello@signaldmd.com.

Our websites use a minimal set of cookies and similar technologies necessary to operate the site, keep you signed in, and understand aggregate usage. We do not use them for cross-site advertising.

The Service is a business tool intended for dental practices. It is not directed to children, and we do not knowingly collect personal information directly from children through the Service.

We honor applicable privacy laws, including U.S. state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) where they apply. We do not sell or "share" (as those laws define it) personal information. The Service is operated in the United States; if you access it from elsewhere, you consent to processing in the United States.

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Continued use of the Service after an update means you accept the revised Policy.

Questions about this Policy or your information? Email hello@signaldmd.com, or write to Practice Evolved, Weston, MA, USA.

For matters involving patient information held on a practice's behalf, please also contact your practice, which controls that information as the covered entity.