Privacy Policy

Natelio, Inc. ("Company", "we", "us", or "our") is committed to protecting your privacy and the privacy of patient information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use Dental Referrals.

1. Information We Collect

Account Information

When you create an account, we collect:

• Name and professional credentials
• Email address and phone number
• Practice/clinic name and address
• Professional license information
• Account credentials (securely hashed)

Protected Health Information (PHI)

In the course of using our referral services, you may submit patient information including:

• Patient names and contact information
• Medical and dental history
• Diagnostic images and documents
• Treatment plans and notes
• Insurance information

All PHI is handled in accordance with HIPAA regulations and our Business Associate Agreement.

Usage Information

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information
• Feature usage and interaction data
• Error reports and performance data

2. How We Use Your Information

We use collected information to:

• Provide and maintain our referral services
• Process and track patient referrals
• Communicate with you about your account
• Send service updates and notifications
• Improve and optimize our platform
• Ensure security and prevent fraud
• Comply with legal obligations

3. HIPAA Compliance

We are committed to protecting PHI in accordance with HIPAA requirements:

• Encryption: All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access ensures users only see authorized information
• Audit Logging: All access to PHI is logged for compliance and security
• Business Associate Agreements: We execute BAAs with covered entities
• Security Training: Our team undergoes regular HIPAA security training
• Breach Notification: We follow required procedures for any security incidents

4. Clinic Responsibilities for Data

Each clinic using our platform is responsible for:

• Obtaining appropriate patient consent before entering information into the platform
• Ensuring the accuracy of all patient data submitted
• Complying with HIPAA and applicable state privacy laws
• Training staff on proper handling of patient information
• Responding to patient requests regarding their health information
• Reporting any suspected data breaches to Natelio and appropriate authorities

Clinics remain the "covered entities" under HIPAA and maintain primary responsibility for patient privacy. Natelio acts as a Business Associate to provide the technology platform.

5. Information Sharing

We may share information with:

• Referral Recipients: Patient information shared as part of the referral process (initiated by the referring clinic)
• Service Providers: Trusted vendors who assist in operating our services (under BAAs)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with mergers or acquisitions (with notice)

We do not sell personal information or PHI to third parties. We do not use patient data for marketing or advertising purposes.

6. Data Security

We implement robust security measures including:

• End-to-end encryption for all data transmission
• Secure cloud infrastructure with SOC 2 compliance
• Multi-factor authentication options
• Regular security assessments and penetration testing
• Automated threat detection and monitoring
• Secure backup and disaster recovery procedures

7. Data Retention

We retain data according to the following guidelines:

• Account Data: Retained while your account is active and as required by law
• PHI: Retained according to HIPAA requirements (minimum 6 years from creation or last effective date)
• Audit Logs: Retained for 7 years for compliance purposes
• Usage Data: Aggregated and anonymized after 24 months

8. Your Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account (subject to retention requirements)
• Export: Receive your data in a portable format
• Restrict Processing: Limit how we use your information

To exercise these rights, contact us at privacy@natelio.com.

9. Cookies and Tracking

We use essential cookies to operate our platform:

• Authentication Cookies: To keep you signed in securely
• Security Cookies: To prevent fraud and protect your account
• Preference Cookies: To remember your settings

We do not use advertising or third-party tracking cookies.

10. Children's Privacy

Our services are intended for healthcare professionals and are not directed to children under 18. We do not knowingly collect information from children. Patient information for minors is handled according to HIPAA requirements and applicable state laws.

11. International Users

Our services are primarily designed for use in the United States. If you access our services from outside the US, you consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification at least 30 days before taking effect. The "Last updated" date indicates when the policy was last revised.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices: