Privacy Policy

SmileTap (“we,” “us,” “our”) helps dental practices share a simple, branded link hub via QR cards. This Privacy Policy explains what we collect, how we use it, and the choices you have.

In short: we collect minimal analytics about page views and button clicks, we don’t sell your data, we don’t run ads, and we don’t collect protected health information (PHI).

What we collect

• Practice account info (admins/customers): practice name, email, package tier, start date, and the content you provide for your SmileTap profile. Analytics passwords are stored as a secure hash.
• Payments: processed by Stripe. We never see or store full card numbers. Stripe provides us with billing status details (e.g., successful/failed, renewal date).
• Usage analytics: for public SmileTap pages, we record page views and button clicks with timestamps. We may store IP address, user agent, referrer, and the profile slug to detect abuse and understand aggregate usage.
• Server logs: standard logs (IP, user agent, requested URL, timestamp) for troubleshooting and security.

PHI note: SmileTap is not intended to collect or store medical records or protected health information.

How we use data

• Provide and maintain the SmileTap service.
• Show practices aggregate analytics (visits and clicks).
• Improve reliability, performance, and user experience.
• Detect, prevent, and address fraud or abuse.
• Send essential account or billing notices.

Sharing & processors

We do not sell your personal information. We share data only with service providers who help us operate SmileTap:

• Stripe for payments and billing.
• Jotform if you submit a demo or onboarding form.
• Our hosting provider(s) that store the application and database.

We may disclose information if required by law or to protect our rights, users, or the public.

Cookies

• Essential cookies: used for admin authentication/session security.
• Analytics: our pageview/click analytics are first-party (no third-party ad trackers). We may use a simple first-party cookie to remember preferences like date ranges for reports.

Data retention

• Account and billing records: retained while the account is active and as required by law.
• Analytics events (page views & clicks): typically retained up to 24 months in identifiable form, and may be aggregated thereafter.
• Server logs: typically retained for up to 90 days.

Security

• HTTPS is enforced across the site.
• Admin and analytics passwords are stored as secure hashes.
• Access to production systems is limited to authorized personnel.

No internet service is 100% secure, but we work to protect your data using reasonable safeguards.

Your choices & rights

Practice admins can request access, correction, or deletion of their profile data by contacting us. If you are a patient who scanned a practice’s SmileTap QR, we do not know who you are; analytics events are not tied to your identity.

EEA/UK/California: depending on your location, you may have additional rights (access, correction, deletion, portability). We do not “sell” or “share” personal information for cross-context behavioral advertising.

Children

SmileTap is intended for use by dental practices and their staff. It is not directed to children under 13, and we do not knowingly collect personal information from children.

International

We operate in the United States. If you access SmileTap from outside the U.S., you agree to the transfer and processing of your information in the U.S. where data protection laws may differ from those in your jurisdiction.

Changes to this policy

We may update this Privacy Policy from time to time. We’ll change the “Last updated” date above and, if changes are significant, we’ll provide additional notice.

Contact

Questions or requests? Email michael@epikore.com.