Privacy Policy
Effective Date: October 22, 2025
1) Who We Are
The Oncall Bot LLC (“The Oncall Bot,” “we,” “us,” or “our”) provides mobile and web applications that deliver dental education, after-care guidance, and related tools for patients and dental practices. We are located in the State of New York, USA.
Support contact: support@theoncallbot.com
2) Scope
This Privacy Policy explains how we collect, use, disclose, and protect information when you use our websites, mobile apps, and services (the “Services”). By using the Services, you agree to this Policy.
3) Information We Collect
a) Information you provide
- Account details (name, email, password).
- Practice information (for dentist accounts): practice name, role, business email.
- Messages and inputs you submit to the app (e.g., symptom descriptions, content selections, language settings, feedback).
- Support requests and communications.
b) Information collected automatically
- Device and app data (device type, OS version, app version, language, time zone).
- Usage analytics (screens viewed, taps, session duration).
- Log data and diagnostics (crash logs, performance metrics).
- Approximate location (from IP) for localization and compliance. We do not collect precise GPS location unless a feature clearly requests it.
c) Information from third parties (if you opt in)
- Single sign-on providers (e.g., Apple/Google) for basic profile details.
- Payment processors (if you purchase a subscription): we receive payment status but not full card details.
Health & Sensitive Data: If you enter information that could relate to your health (e.g., symptoms, procedure type, after-care needs), we treat it as sensitive and protect it accordingly. The Services are designed for education and guidance—not diagnosis or treatment.
4) How We Use Information
- Provide, maintain, and personalize the Services.
- Deliver educational content and after-care guidance you request.
- Communicate with you (account notices, service updates, support).
- Process subscriptions and verify eligibility.
- Monitor security, prevent fraud/abuse, and fix bugs.
- Analyze aggregate usage to improve quality and features.
Legal bases (EEA/UK): contract performance, legitimate interests (service improvement, security), consent where required, and legal obligations.
7) Data Retention
We retain personal information only as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion at any time (see §10).
8) Children’s Privacy
The Services are not directed to children under 13 (or under the age required by local law). We do not knowingly collect personal information from children without verifiable parental consent. If you believe a child has provided personal information, contact us and we will take appropriate action.
9) International Transfers
We may process information in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border data transfers.
10) Your Rights & Choices
Depending on your location, you may have rights to access, correct, delete, or port your data, and to object or restrict certain processing.
Requests: email support@theoncallbot.com with the subject “Privacy Request.”
Account Deletion: Request in-app (Account → Delete Account) or by email. We will verify your request and delete or anonymize your personal data, except where retention is required by law (e.g., transaction records).
11) U.S. State Disclosures (incl. NY; CCPA/CPRA)
Where applicable, you may have the right to know categories/specific pieces of personal information collected; request deletion; correct inaccuracies; and opt out of “selling” or “sharing” (we do not sell). We honor authorized agent requests as required by law and do not discriminate for exercising rights.
12) Security
We use administrative, technical, and physical safeguards designed to protect personal information (encryption in transit, access controls, least-privilege practices, and monitoring). No system is 100% secure—please use strong passwords and keep them confidential.
13) HIPAA Notice
The Oncall Bot is not intended to store electronic Protected Health Information (ePHI) as a covered entity system. If a dental practice integrates the Services in a way that involves PHI, The Oncall Bot LLC may enter into a Business Associate Agreement (BAA) where required. We apply heightened safeguards to sensitive entries.
14) Third-Party Services (including OpenAI)
To operate core features, we use trusted third parties. These include analytics, hosting, payments, error logging, email/SMS providers, and AI processing vendors such as OpenAI (for generating or improving responses to your prompts). When AI features are used, the text you input and necessary metadata may be sent to these providers to generate results and to monitor for abuse and quality.
- OpenAI: We may send user prompts and app outputs to OpenAI’s API to process your request. OpenAI’s policies: openai.com/policies. We do not knowingly send PHI unless you choose to include it.
- Other processors: SSO (Apple/Google), payments, analytics, and crash reporting—each governed by their own privacy policies and bound by processor terms with us.
Your choices: Avoid entering sensitive personal information you do not want processed by third-party AI vendors. If your organization requires special terms (e.g., BAA), contact us.
15) Changes to This Policy
We may update this Policy from time to time. Material changes will be notified in-app or via email. Continued use after the effective date constitutes acceptance.
16) Contact Us
The Oncall Bot LLC
New York, USA
Email: support@theoncallbot.com
Privacy Policy Adendum
- Who we are
- Information we collect
- How we use your information
- Patient data handled on behalf of dental practices
- Who we share information with
- We do not sell your information
- SMS / text messaging
- How long we keep information
- Security
- Your privacy rights (California, EU/UK, and elsewhere)
- Children
- Changes to this policy
- Contact us
1. Who we are
The Oncall Bot LLC (\”The Oncall Bot,\” \”we,\” \”us,\” or \”our\”) operates theoncallbot.com and the PractCom Marketing Suite software-as-a-service application at marketing.practcom.com (collectively, the \”Services\”). This Privacy Policy explains what information we collect, how we use it, and the rights you have. It applies to anyone who visits our website, creates a PractCom account, or receives a text message or email that we send on behalf of a subscribing dental practice.
2. Information we collect
2.1 Information you give us directly
- Account information — name, business name, email address, password (hashed), and phone number when you register for PractCom.
- Practice profile — practice name, address, phone number, website, logo, brand colors, and other information you enter to personalize your marketing content.
- Billing information — your billing address and the last four digits of your card. Full payment details are processed by Stripe, Inc. and never touch our servers.
- Uploaded content — images, patient rosters, or other files you upload for use in the Services.
- Support communications — messages you send to support@practcom.com, along with any attachments.
2.2 Information collected automatically
- Log data — IP address, browser type, device type, pages viewed, referring URL, and timestamps.
- Cookies and similar technologies — we use first-party cookies for authentication and session management, and privacy-respecting analytics to understand how the product is used. We do not use third-party advertising trackers.
- Usage data — the features you use inside PractCom (which posts you generate, how often you send newsletters, etc.). This is used to compute your credit usage and to improve the product.
2.3 Information from third parties
- Stripe shares subscription status, invoice history, and card metadata with us.
- OpenAI, Anthropic, Google, and other AI providers return AI-generated images, captions, or newsletter text based on prompts we send them. These providers do not retain your prompts for model training under the enterprise agreements we operate under.
- Twilio shares delivery status for text messages we send on your behalf, including \”opt-out\” (STOP) events from recipients.
- SendGrid shares delivery, bounce, and unsubscribe status for emails we send on your behalf.
3. How we use your information
We use the information we collect to:
- Provide, operate, and maintain the Services;
- Process payments and manage subscriptions;
- Generate AI content (images, captions, newsletters) on your behalf;
- Send transactional emails and text messages (welcome, password reset, receipts, service notices);
- Send optional marketing emails about product updates — you can opt out at any time via the unsubscribe link;
- Diagnose bugs, monitor performance, and improve the product;
- Comply with legal obligations, enforce our Terms of Service, and prevent fraud or abuse.
We rely on the following legal bases (where applicable, e.g., GDPR): performance of a contract with you, our legitimate interests in operating a secure service, your consent (for optional marketing and cookies), and compliance with legal obligations.
4. Patient data handled on behalf of dental practices
Patient contact information (first name, email, mobile phone) is:
- Stored encrypted at rest inside our database;
- Used only to send the specific newsletter or communication the practice initiates;
- Never combined with data from other practices, sold, rented, or used to build advertising audiences;
- Deleted from our systems when the practice deletes it from their roster, deletes their account, or upon written request.
We treat patient contact information as sensitive and apply reasonable administrative, technical, and physical safeguards consistent with the HIPAA Security Rule where applicable. If your practice requires a Business Associate Agreement (BAA), please contact support@practcom.com.
5. Who we share information with
We share information only with service providers that need it to help us run the Services, and only under written agreements that restrict their use of the data. Our current sub-processors include:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing information, purchase history |
| Twilio, Inc. | SMS delivery | Recipient phone number, message text |
| Twilio SendGrid | Email delivery | Recipient email, message content |
| OpenAI, LLC | Image and text generation | Prompts you submit; no personal data unless you include it |
| Anthropic PBC | Text generation (Claude) | Prompts you submit |
| Google LLC (Gemini) | Image generation | Prompts you submit |
| Pexels | Stock photography | Search keywords (no personal data) |
| MongoDB, Inc. (Atlas) | Database hosting | All application data at rest |
| Emergent | Application hosting infrastructure | All application data in transit |
We may also disclose information (i) to comply with a court order, subpoena, or other legal process; (ii) to enforce our Terms of Service or protect our rights, property, or safety; or (iii) in connection with a merger, acquisition, or sale of assets, in which case we will provide notice before your information becomes subject to a different privacy policy.
6. We do not sell your information
The Oncall Bot LLC does not sell, rent, or trade personal information to third parties for their own marketing purposes. We do not participate in advertising networks and we do not share personal information with data brokers.
7. SMS / text messaging
Detailed terms for our SMS program are set out in our SMS & Text Messaging Terms. In summary:
- You will only receive text messages from PractCom if (a) you register for an account and provide your mobile number, or (b) a subscribing dental practice adds you to their patient roster because you are their patient and they have obtained your consent to receive marketing communications.
- Reply
STOPto any message to unsubscribe. ReplyHELPfor assistance or contact support@practcom.com. - Message and data rates may apply. Message frequency varies but is typically no more than one message per month per program.
- Mobile phone numbers are never shared with third parties for marketing purposes and are not used for any purpose other than the specific program the recipient opted in to.
8. How long we keep information
- Account data — retained while your account is active plus 24 months after cancellation, then deleted or anonymized.
- Billing records — retained for 7 years to meet tax and accounting requirements.
- Patient rosters uploaded by practices — retained only as long as the practice keeps them in the Services; deleted immediately when the practice removes them or on written request.
- SMS/email delivery logs — retained 12 months for troubleshooting and abuse prevention.
- Public newsletter images — automatically deleted 30 days after generation.
- Backups — encrypted backups may retain data for up to 90 days after deletion from the live system.
9. Security
We implement industry-standard safeguards to protect your information, including HTTPS encryption in transit, encryption at rest, strict access controls, password hashing (bcrypt), token-based authentication, and audit logs of administrative actions. No online service can be 100% secure; if we ever become aware of a breach affecting your information we will notify you and any applicable regulators as required by law.
10. Your privacy rights
Depending on where you live you may have some or all of the following rights over the personal information we hold about you:
- Access — receive a copy of the information we hold about you.
- Correction — ask us to fix inaccurate information.
- Deletion — ask us to delete your information, subject to limited exceptions (e.g., tax records).
- Portability — receive your information in a machine-readable format.
- Objection / restriction — object to or restrict certain processing.
- Withdrawal of consent — where we rely on your consent (e.g., for marketing).
- Non-discrimination — you will not receive different pricing or a lower level of service for exercising your rights (California residents).
To exercise any of these rights, email us at support@practcom.com from the email address associated with your account. We will respond within the timeframes required by applicable law (typically 30 days).
California residents: The categories of personal information we collect and disclose are described in Sections 2 and 5 above. We do not sell personal information as defined by the CCPA and we do not knowingly process the personal information of California residents under 16 for cross-context behavioral advertising.
EU / UK residents: You have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is [YOUR EU/UK LEAD DPA, or delete this line if you do not have EU customers].
11. Children
The Services are intended for use by dental practices and their staff, not by individuals under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will update the \”Last updated\” date at the top of this page and, if the changes are significant, notify you by email or through the Services. Continued use of the Services after an update means you accept the updated policy.
13. Contact us
For questions about this Privacy Policy or to exercise any of your rights, please contact us at:
The Oncall Bot LLC
47 Hamlet Woods Drive St. James NY 11780
Email: support@practcom.com
Website: theoncallbot.com