Dentina.Ai Privacy Policy

VitalAI, Inc. (the “Company”), makers of Dentina (“Dentina”), provides a commercial website, software platform, and related communications services for dental practices and other healthcare customers. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use, share, and safeguard the personal information you provide to us when you visit our website, request a demo, communicate with us, create or administer an account, or otherwise interact with us in a business-to-business or commercial context.

This Privacy Policy also describes certain processing we perform on behalf of our healthcare customers when we provide outbound calling and texting workflows, such as appointment reminders, confirmations, recalls, reactivations, and similar customer-directed communications. For purposes of this Agreement, “Site” refers to the Company’s website, which can be accessed at https://dentina.ai. “Service” refers to the Company’s services accessed via the Site, in which users can use an AI powered virtual dental reception assistant. The terms “we,” “us,” and “our” refer to the Company. “You” refers to you, as a user of our Site or our Service.

If we process protected health information (“PHI”) or other regulated patient information on behalf of a HIPAA covered entity or other healthcare customer, we do so as a service provider, processor, or business associate under our contract and business associate agreement with that customer. In those circumstances, the customer’s notice of privacy practices and its direct relationship with the patient generally govern the customer’s collection and use of PHI, while this Privacy Policy governs Dentina’s own website, commercial, and direct business-contact processing unless the context clearly indicates otherwise.

1. INFORMATION WE COLLECT

2. HOW WE USE AND DISCLOSE INFORMATION

3. DATA RETENTION AND SECURITY

4. YOUR PRIVACY RIGHTS

5. THIRD-PARTY SITES AND INTEGRATIONS

6. CHANGES TO THIS PRIVACY POLICY

7. CONTACT US

I. INFORMATION WE COLLECT

We collect personal information directly from you, automatically from your browser or device, from our customers and their authorized users, and from vendors or other third parties acting on our behalf. Depending on the context, the information we collect may include:

• Identifiers and contact details, such as name, business email address, phone number, company name, title, mailing address, and account credentials.

• Commercial and customer relationship information, such as subscription details, contract history, product interest, customer support requests, and implementation information.

• Internet or network activity information, such as IP address, device identifiers, browser type, operating system, usage logs, pages viewed, referring URLs, interactions with our Site, and cookie or similar technology data.

• Communications data, such as emails, chat messages, call recordings, voicemail, SMS or MMS content, transcripts, call metadata, appointment-related communications, opt-in and opt-out records, and communication preferences, including do-not-call and do-not-text preferences, where applicable.

• Protected health information or similar healthcare-related data only when our customer directs us to process it through the Service and only as permitted by our contract, business associate agreement, and applicable law.

Information Collected Automatically

We and our vendors may use cookies, pixels, software development kits, session replay tools, APIs, logs, and similar technologies to collect information about use of the Site and Service, including authentication activity, preferences, pages viewed, feature usage, browser settings, timestamps, and diagnostic data. We use this information to operate the Site and Service, remember your settings, analyze traffic and performance, secure our systems, detect fraud, maintain logs, and improve functionality.

Cookie and Browser Privacy Controls: Browser-based “Do Not Track” signals do not operate consistently across the industry. Where required by applicable law, we recognize legally required opt-out preference signals, such as Global Privacy Control, for processing subject to those laws. We may offer separate cookie settings or consent tools on the Site.

Information You Provide To Us

You may provide us information when you request a demo, contact sales or support, sign up for communications, contract with us, create or administer an account, upload information into the Service, or otherwise communicate with us. This may include your name, business contact information, organization, phone number, email address, scheduling information, and any content you choose to provide. By providing information about other individuals, you represent you have authority to do so.

Information We Process On Behalf Of Customers

When our customers use the Service to automate outbound calls and texts, we and our service providers may process customer-provided contact information, appointment information, communication preferences, call recordings, transcripts, and related data at the customer’s direction. In that context, we generally act as a service provider, processor, or business associate and process the information only on behalf of and under instructions from the customer, subject to our contract, any applicable business associate agreement, and applicable law.

Children’s Privacy

The Site is intended for business users and is not directed to children under 13. We do not knowingly collect personal information directly through the Site from children under 13. If you believe a child has provided personal information to us through the Site, please contact us at support@dentina.ai so we can review and delete the information as appropriate. This section does not limit a healthcare customer’s independent relationship with its own patients or guardians.

II. HOW WE USE AND DISCLOSE INFORMATION

We may use and disclose personal information for the following purposes, subject to applicable law and, where relevant, our contractual obligations to customers:

• To provide, maintain, secure, and improve the Site and Service, including onboarding, account administration, customer support, billing, implementation, analytics, troubleshooting, quality assurance, and product development.

• To send or facilitate customer-directed calls, texts, voicemails, emails, appointment reminders, confirmations, recalls, reactivations, and other communications requested by our customers.

• To respond to inquiries, schedule demos, market our services, and manage our business relationships with current and prospective customers, partners, and vendors.

• To personalize user experiences, monitor performance, prevent fraud, enforce our agreements, establish or defend legal claims, comply with law, and protect the rights, safety, and security of Dentina, our users, customers, and others.

• To create aggregated, deidentified, or anonymized information, where permitted by law and contract. We will not attempt to reidentify deidentified information except as permitted by law.

Service Providers: We may disclose personal information to service providers, contractors, processors, business associates, professional advisors, cloud and communications vendors, analytics providers, and other third parties that support our operations. We may also disclose information as part of a corporate transaction, to comply with law, to respond to lawful requests, to protect rights and security, or with your direction or consent. We do not sell personal information for monetary consideration. Some of the service providers we may use include:

• Google Analytics. For information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt out of Google Analytics’ use of your personal information, please click here.

• Hotjar (Session Replay Analytics). We use Hotjar’s session replay analytics services. This allows us to record and replay an individual’s interaction with the Services. For more information about how Hotjar uses your personal information, please visit the “Personal Data collected from a visitor of a Hotjar Enabled Site” section of Hotjar’s Privacy Policy. To learn more about how to opt-out of Hotjar’s use of your information, please click here.

• LinkedIn Analytics. For information about how LinkedIn uses your personal information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt-out of LinkedIn’s use of your information, please click here.

• Meta (formerly, Facebook) Connect. For information about Meta’s use of your personal information, please visit Meta’s Data Policy. To learn more about how to opt out of Meta’s use of your information, please click here while logged in to your Meta account.

• Mixpanel. We use Mixpanel to analyze how you interact with our Services (e.g., pages visited on our Services) so we can improve your experience with our Services. For information about Mixpanel’s use of your personal information, please visit Mixpanel’s Privacy Policy.

Advertising Partners: We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “personalized advertising”, or “targeted advertising.” Some of the advertising Technologies we may use include:

• Instagram. For information about Instagram’s use of your personal information, please visit Instagram’s Data Policy To learn more about how to opt-out of Instagram’s use of your information, please click here while logged in to your Instagram account

• Meta (formerly, Facebook) Connect. For information about Facebook’s use of your personal information, please visit Meta’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.

• TikTok. For information about TikTok’s use of your personal information, please visit TikTok’s Data Policy. To learn more about how to opt-out of TikTok’s use of your information, please click here.

• X (formerly Twitter). For information about X’s use of your personal information, please visit X’s Privacy Policy. To learn more about how to opt-out of X’s use of your information, please click here.

1. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

2. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

Communications, Calling, and Texting Disclosures

If you provide a mobile number or other telephone number to us, to one of our customers through our Service, or through a form, workflow, or other interaction that clearly contemplates follow-up communications, you or the applicable customer may use that number for informational, transactional, operational, account, support, and, where permitted by law and with the required consent, marketing or promotional calls and texts. Such communications may be placed or sent using an automatic telephone dialing system, artificial or prerecorded voice technology, AI-generated voice technology, or other automated means where permitted by law. Your consent to receive automated calls or texts is not a condition of purchase. Message frequency may vary. Message and data rates may apply. You may opt out of marketing texts by replying STOP, and you may seek assistance by replying HELP where that functionality is offered. You may also contact the sender directly to update your preferences.

We will maintain records of opt-ins, opt-outs, and related communication preferences where appropriate. Our customers are responsible for determining the lawful basis for the communications they direct us to send, including obtaining and documenting any consent, honoring revocations, maintaining internal do-not-call requests, and complying with applicable caller identification, disclosure, time-of-day, content, and campaign rules. Dentina may rely on customer instructions and representations concerning contact permissions, except to the extent law requires otherwise. Calls, emails, webchats, and other communication mechanisms may be monitored and/or recorded by Dentina or our service providers, and texts or call transcripts may be recorded, stored, reviewed, and disclosed for customer service, quality assurance, training, compliance, security, analytics, and legal purposes, in each case subject to applicable law and contract.

III. DATA RETENTION AND SECURITY

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Site and Service, maintain records, honor preferences, resolve disputes, enforce our agreements, and comply with legal obligations. Retention periods vary based on the nature of the information, the context in which it was collected, customer instructions, and applicable law.

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, and disclosure. No method of transmission or storage is completely secure and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and notifying us promptly of any suspected unauthorized access.

IV. YOUR PRIVACY RIGHTS

Depending on where you live and subject to applicable law, you may have the right to request that we:

• Confirm whether we process your personal information and provide access to it.

• Correct inaccurate personal information.

• Delete personal information, subject to legal and operational exceptions.

• Obtain a portable copy of certain personal information.

• Opt out of the sale of personal information, sharing for cross-context behavioral advertising, targeted advertising, certain profiling, or certain uses or disclosures of sensitive personal information, if those laws apply and those activities occur.

• Appeal a refusal to take action on your request where applicable law provides an appeal right.

You may submit requests by contacting us at support@dentina.ai. We may need to verify your identity before responding. You may authorize an agent to submit certain requests on your behalf where permitted by law. We will not discriminate against you for exercising applicable privacy rights. If we process personal information solely on behalf of a customer, we may direct you to that customer because it controls the underlying data and the response process.

Marketing Choices:We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

California Shine the Light: We do not share your personal information with third parties for the third parties’ direct marketing purposes.

You can opt out of marketing emails by using the unsubscribe link in the message received. You can opt out of marketing texts by replying STOP where available and you can ask not to receive future marketing calls or texts by following the instructions in the communication or contacting the sender. We may still send service, transactional, security, and other non-marketing communications.

V. THIRD-PARTY SITES AND INTEGRATIONS

As part of the Service, VitalAI may use and/or integrate third-party sites and services to enhance, like Calendly to schedule appointments or demonstrations, the functionality and user experience of Dentina. These sites and services are subject to their own privacy policies and terms of service, which we encourage you to review. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain.

VI. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will post the updated policy, revise the “Effective Date” and provide any additional notice required by law.

VII. CONTACT US

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to support@dentina.ai.

Effective Date: April 8, 2026

Version: Privacy Policy 3.0