Privacy Policy

Natelio, Inc. ("Company", "we", "us", or "our") is committed to protecting your privacy and the privacy of patient information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use Dental Referrals.

1. Information We Collect

Account Information

When you create an account, we collect:

• Name and professional credentials
• Email address and phone number
• Practice/clinic name and address
• Professional license information
• Account credentials (securely hashed)

Patient and Referral Information

In the course of using our referral services, you may submit patient information including:

• Patient names and contact information
• Medical and dental history
• Diagnostic images and documents
• Treatment plans and notes
• Insurance information

Patient and referral information is handled according to applicable legal obligations and customer agreements when those agreements are in place.

Usage Information

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information
• Feature usage and interaction data
• Error reports and performance data

2. How We Use Your Information

We use collected information to:

• Provide and maintain our referral services
• Process and track patient referrals
• Communicate with you about your account
• Send service updates and notifications
• Improve and optimize our platform
• Ensure security and prevent fraud
• Comply with legal obligations

3. Security and Data Protection

We use safeguards designed to protect patient and referral information:

• Encryption: Information is protected with encryption in transit and at rest
• Access Controls: Role-based access ensures users only see authorized information
• Activity Logging: Key access and workflow activity is logged for review
• Customer Agreements: We complete applicable customer and vendor agreements before production use
• Security Training: Our team receives regular privacy and security training
• Incident Response: We maintain procedures for investigating and notifying customers about security incidents

4. Clinic Responsibilities for Data

Each clinic using our platform is responsible for:

• Obtaining appropriate patient consent before entering information into the platform
• Ensuring the accuracy of all patient data submitted
• Following applicable privacy laws and internal data handling requirements
• Training staff on proper handling of patient information
• Responding to patient requests regarding their health information
• Notifying Natelio and appropriate parties about suspected security incidents

Clinics maintain primary responsibility for patient privacy and required permissions. Natelio provides the technology platform and supports the customer agreements needed for production use.

5. Information Sharing

We may share information with:

• Referral Recipients: Patient information shared as part of the referral process (initiated by the referring clinic)
• Service Providers: Trusted vendors who assist in operating our services under appropriate agreements
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with mergers or acquisitions (with notice)

We do not sell personal information or patient data to third parties. We do not use patient data for marketing or advertising purposes.

6. Data Security

We implement security measures including:

• Encrypted data transmission
• Encrypted storage for sensitive information
• Security-reviewed cloud infrastructure
• Multi-factor authentication options
• Security assessments and remediation workflows
• Automated threat detection and monitoring
• Secure backup and disaster recovery procedures

7. Data Retention

We retain data according to the following guidelines:

• Account Data: Retained while your account is active and as required by law
• Patient and Referral Data: Retained according to customer settings, applicable law, and customer agreements
• Audit Logs: Retained to support security review and account operations
• Usage Data: Aggregated and anonymized after 24 months

8. Your Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account (subject to retention requirements)
• Export: Receive your data in a portable format
• Restrict Processing: Limit how we use your information

To exercise these rights, contact us at privacy@natelio.com.

9. Cookies and Tracking

We use essential cookies to operate our platform:

• Authentication Cookies: To keep you signed in securely
• Security Cookies: To prevent fraud and protect your account
• Preference Cookies: To remember your settings

We do not use advertising or third-party tracking cookies.

10. Children's Privacy

Our services are intended for healthcare professionals and are not directed to children under 18. We do not knowingly collect information from children. Patient information for minors is handled according to applicable health privacy requirements and state laws.

11. International Users

Our services are primarily designed for use in the United States. If you access our services from outside the US, you consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification at least 30 days before taking effect. The "Last updated" date indicates when the policy was last revised.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices: