Privacy · Last updated May 2026

Your data stays yours.

DDSText is a HIPAA-covered dental communication platform. We collect only what we need to run the service, never sell it, and protect it with the same care you extend to your patients.

Who we are

DDSText is operated by THE DDS COMPANY, incorporated in Wyoming. Our platform helps dental practices communicate with patients over SMS, RCS, WhatsApp, and Instagram DM. Because we handle protected health information (PHI) on behalf of dental practices, we operate as a HIPAA Business Associate and sign a BAA with every paid customer. See our HIPAA BAA page for details.

Information we collect

  • Account information — name, practice name, email address, and password hash when you create a DDSText account.
  • Practice & patient data — contact records, message history, and appointment data synced from your practice management system (PMS). This data is PHI and handled under the terms of your BAA.
  • Billing information — payment card details collected and tokenised by Stripe. We store only the last four digits and card brand — never the full card number.
  • Usage data — pages visited, features used, error logs, and device / browser metadata collected to operate and improve the service.
  • Communications — emails you send to our support or compliance addresses, and messages submitted through any in-app feedback tools.

How we use your information

  • Provide, maintain, and improve the DDSText platform and its features
  • Process payments and send billing receipts via Resend / Stripe
  • Deliver transactional emails (OTP codes, password resets, account alerts)
  • Route SMS, RCS, and messaging channel traffic through Telnyx on your behalf
  • Power DDSAi auto-reply — PHI is redacted before any AI inference prompt
  • Respond to support requests and comply with legal obligations
  • Detect and prevent fraud, abuse, and security incidents

Third-party services

  • Resend — transactional email delivery. Privacy policy
  • Telnyx — SMS, MMS, and RCS carrier infrastructure. Privacy policy
  • Anthropic — AI inference for DDSAi auto-replies. Zero data retention configured; PHI is redacted pre-prompt. Privacy policy
  • Stripe — payment processing and subscription management. Privacy policy
  • Vercel — edge hosting and serverless functions. HIPAA-eligible infrastructure; BAA available on enterprise tier. Privacy policy
  • AWS S3 / Vercel Blob — patient media storage with signed URLs, 24-hour TTL, and full audit logging.

Cookies and local storage

We use session cookies required for authentication and security (CSRF protection). We do not use third-party advertising or tracking cookies. No cookie consent banner is shown because we do not set non-essential cookies.

We use browser local storage to persist your UI preferences (sidebar state, theme settings). This data never leaves your device.

Data retention

  • Account data is retained for the lifetime of your subscription plus 90 days after cancellation, then deleted.
  • Patient PHI (messages, contact records) follows the same 90-day post-cancellation deletion window, consistent with your BAA obligations.
  • Audit logs are retained for 12 months by default (configurable to 90 days on request).
  • Billing records are retained for 7 years to comply with financial regulations.
  • You may request deletion at any time by emailing compliance@ddstext.com. We complete deletion requests within 30 days.

Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data; object to or restrict processing; and withdraw consent where processing is based on consent.

California residents (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale. We do not sell personal information.

EU / EEA residents (GDPR): You may exercise rights of access, rectification, erasure, restriction, portability, and objection by contacting us at compliance@ddstext.com.

HIPAA rights: As a patient whose PHI is processed by a dental practice using DDSText, your HIPAA rights (access, amendment, accounting of disclosures) are exercised through that practice, not directly through DDSText.

Data security

  • AES-256 encryption at rest for all patient records, messages, and media files
  • TLS 1.3 for every data-in-transit hop
  • Role-based access control with per-team-member unique logins enforced by the platform
  • Full details at our Security page

Children's privacy

DDSText is a business-to-business platform for dental practices. It is not directed at individuals under 13 and we do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to the account owner at least 14 days before taking effect. The "Last updated" date in the eyebrow above reflects the most recent revision.

Contact us

  • General privacy questions: hello@ddstext.com
  • HIPAA / BAA / compliance requests: compliance@ddstext.com
  • THE DDS COMPANY · Wyoming, USA

Ready to upgrade your patient texting?

Questions? Email us
hello@ddstext.com · we respond within one business day