← Back to Sign In

Privacy Policy

Last updated: April 10, 2026

1. Introduction

EOXLABS LLC ("we," "us," or "our") operates DDSAi, an AI-powered dental intelligence platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

We are committed to protecting the privacy of dental professionals and their patients. This policy is designed to comply with applicable data protection laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Email address
  • Full name
  • Professional role and dental specialty (optional)
  • Practice affiliation (optional)

2.2 Usage Data

We automatically collect:

  • IP address and approximate geographic location
  • Device type, browser, and operating system
  • Session duration and interaction patterns
  • Feature usage analytics (which modes and tools you use)
  • Performance metrics (response times, error rates)

2.3 Conversation Data

When you interact with DDSAi, we process:

  • Text messages you send to the AI
  • Voice recordings (if you use voice input), which are transcribed and discarded
  • AI-generated responses
  • Archived conversations you choose to save

2.4 Authentication Data

We collect session tokens, one-time passwords (OTPs), and device identifiers to secure your account. OTPs are automatically deleted after verification or expiration (5 minutes).

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process your queries, generate AI responses, and maintain your conversation history
  • Authenticate and secure: Verify your identity, prevent unauthorized access, and detect abuse
  • Improve the Service: Analyze aggregated, de-identified usage patterns to improve response quality and user experience
  • Communicate: Send transactional emails (OTP codes, account notifications) and, with your consent, product updates
  • Comply with legal obligations: Respond to lawful requests from authorities and comply with applicable regulations

4. AI Model Training

We do not use your individual conversations to train AI models without your explicit, opt-in consent.

Aggregated, fully de-identified data may be used to evaluate and improve response quality. This data cannot be traced back to any individual user or patient.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • AI Model Providers: Your queries are sent to third-party AI providers (e.g., Anthropic) to generate responses. These providers process data under their own privacy policies and data processing agreements. We do not send your account information or identity to these providers.
  • Infrastructure Providers: We use Cloudflare (hosting, CDN, database), Supabase (vector search), and Resend (transactional email). These providers process data as sub-processors under data processing agreements.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.

6. HIPAA Compliance

DDSAi is designed as a clinical reference and decision-support tool. Do not input individually identifiable patient health information (PHI) into DDSAi unless you have a Business Associate Agreement (BAA) in place with us.

If your organization requires a BAA, contact us at legal@eoxlabs.io to discuss HIPAA-compliant deployment options.

When used as intended (without PHI), DDSAi operates outside the scope of HIPAA-regulated activities.

7. Data Retention

  • Conversations: Stored as long as your account is active. You can delete individual conversations at any time.
  • Account data: Retained for the duration of your account plus 30 days after deletion for recovery purposes.
  • Voice recordings: Transcribed in real-time and immediately discarded. We do not store audio files.
  • OTP codes: Automatically deleted after 5 minutes or successful verification.
  • Session data: Expires after 7 days of inactivity.
  • Analytics data: Aggregated and de-identified data is retained indefinitely for Service improvement.

8. Data Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • Encryption at rest for databases and storage
  • Password hashing using bcrypt with appropriate work factors
  • Rate limiting and brute-force protection on authentication endpoints
  • Regular security audits and dependency vulnerability scanning
  • Principle of least privilege for internal access controls

No system is 100% secure. If you discover a security vulnerability, please report it to security@eoxlabs.io.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@eoxlabs.io. We will respond within 30 days.

10. Cookies and Tracking

DDSAi uses:

  • Essential cookies: Session authentication tokens (required for the Service to function)
  • Local storage: Theme preference and email for convenience (stays on your device)

We do not use third-party advertising cookies or cross-site tracking pixels.

11. Children's Privacy

DDSAi is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors. If you believe a minor has provided us with personal information, contact us and we will promptly delete it.

12. International Data Transfers

Your data may be processed in the United States and other countries where our infrastructure providers operate. By using DDSAi, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

For privacy-related questions or requests:

EOXLABS LLC
Privacy: privacy@eoxlabs.io
Security: security@eoxlabs.io
General: legal@eoxlabs.io