Ark DDSArk The DDS Network
Contact Sales

[ PRIVACY POLICY ]

Your data, handled with care

This Privacy Policy explains what data DDSArk processes, why, how long we keep it, and the choices you have. It applies to our websites and the DDSArk platform operated by DentalDrive, Inc.

Last updated June 20, 2026 Effective June 20, 2026

The short version

We collect the minimum we need to run backups and keep your account secure. We never sell your data, never use your backups to train AI, and we sign a HIPAA Business Associate Agreement to protect patient information.

01

Scope of this policy

This policy covers personal data we process as a controller (for example, the account details of console users and website visitors). When we process backup content and patient data on your behalf, we act as a processor and HIPAA business associate, governed by your agreement and our BAA.

02

What we collect

Account dataName, work email, role, and organization for the people who use the console.
Usage dataLogins, actions taken in the console, device and browser metadata, and IP address — used to secure and improve the Service.
Backup contentThe files and systems you choose to protect. We treat this as confidential Customer Data and only process it to run backups and restores.
Billing dataCompany billing contact and invoice details. Card payments are handled by our PCI-compliant payment processor; we do not store card numbers.
03

How we use data

We use the data above only to:

  • Provide, secure, monitor, and improve the Service.
  • Authenticate users, prevent fraud, and detect threats such as ransomware.
  • Send service, security, and billing communications.
  • Meet our legal and compliance obligations.
We do not sell personal data, we do not run advertising, and we never use your backup content to train machine-learning models.
04

Patient & health data

Backups of dental-practice systems may contain protected health information (PHI). We process PHI strictly as your business associate under HIPAA: it is encrypted end to end, access is tightly restricted and logged, and we use it only to provide backup and recovery. We do not access the contents of your backups except as needed to operate or restore the Service, or as you direct.

05

Sharing & subprocessors

We do not share personal data except with vetted subprocessors that help us run the Service — such as cloud storage and infrastructure providers — each bound by confidentiality and data- protection obligations. Backup storage is replicated across independent providers (including Backblaze, Wasabi, and Cloudflare R2). We will disclose data if required by law, and we will notify you unless legally prohibited.

06

Retention

We keep account and usage data for as long as your account is active and as needed to meet legal obligations. Backup content is retained according to the retention policy you configure. After termination, you have a 30-day export window, after which Customer Data is securely deleted.

07

Security

We protect data with AES-256 encryption at rest, TLS in transit, least-privilege access, continuous monitoring, and HIPAA-aligned safeguards. See our Security overview for the full picture.

08

Your rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise any right, contact us and we will respond within the time required by law. Where we act as a processor, we will direct patient-data requests to you, the controller.

09

Contact

Reach our privacy team at [email protected]. DentalDrive, Inc. is the data controller for the purposes of this policy.

Questions about this document?

Our team responds to legal and compliance inquiries within two business days.

[email protected] Back to Trust Center