DentalMarketScout

Legal

Privacy Policy

How DentalMarketScout (“DentalMarketScout,” “we,” “us,” or “our”) collects, uses, and shares the information we receive from you and from public data sources.

Last updated:

1. Overview

DentalMarketScout is a competitive-intelligence service for dental practices in the United States and Canada. We help practice owners understand their local market by combining information you provide with publicly available data from Google, the US National Provider Identifier (NPI) registry, the US Census, the Meta Ads Library, and other public sources.

This Privacy Policy describes the information we collect, how we use and share it, the choices you have, and the steps we take to protect it. If you have questions, email us at hello@dentalmarketscout.com.

2. Information we collect

Information you provide to us

  • Account information: name, email address, role at your practice (owner, office manager, marketing lead, etc.), and password (stored hashed).
  • Practice information: practice name, address, website, and other details you enter during onboarding so we can identify your practice on Google Maps and the NPI registry.
  • Service request information: when you order a productized report (Market Scan, Acquisition Dossier, Website Audit, or Local SEO Snapshot) or request a website-services scoping call, we collect the inputs you submit (target URL, target practice, preferred contact information, pain points).
  • Payment information: processed by Stripe. We do not store your full card number. We retain only Stripe's session and customer identifiers, plus the last four digits and expiration date Stripe shares with us.
  • Communications: any messages, support questions, or feedback you send us.

Information collected automatically

  • Product analytics: we use PostHog to understand how users interact with the dashboard so we can improve the product. This includes pages visited, features used, button clicks, and session duration. PostHog stores a per-session cookie.
  • Device and connection information: IP address, browser type, device type, operating system, referring URL, and timestamps, captured automatically by our hosting provider and analytics tools.
  • Cookies: see the Cookies & tracking section below.

Information we obtain from public sources

A core part of our service is aggregating publicly available data about dental practices. We pull from:

  • Google Places & Maps APIs:business names, addresses, phone numbers, opening hours, ratings, review counts, photos, and editorial summaries for dental practices in the area you're analyzing.
  • US National Provider Identifier (NPI) Registry: publicly listed dental providers, their credentials, and taxonomy classifications.
  • US Census Bureau: demographic statistics (population, income, age) for the geographic areas covered by Market Scan reports.
  • Meta Ads Library: publicly disclosed Facebook and Instagram ads run by competitor practices.
  • Competitor websites (via Firecrawl): publicly accessible pages from competitor practice websites for technology detection (e.g., online booking widgets) and content analysis.

None of this third-party data is personal information about you — it is information about other dental practices in your competitive set, drawn from public registries and publicly accessible web pages.

3. How we use information

  • Service delivery: generate the competitive-intelligence dashboard, reports, and insights you have access to under your subscription tier.
  • Productized reports: generate the one-time PDFs (Market Scan, Acquisition Dossier, Website Audit, Local SEO Snapshot) you order, using AI inference via Anthropic.
  • Communication: send transactional emails (account confirmation, report delivery, billing receipts, support replies) via Resend. We do not send marketing email at this time; if we add a marketing list in the future this policy will be updated and you will be asked to opt in.
  • Payment processing: handled by Stripe per their privacy policy.
  • Product improvement: aggregated and de-identified usage data via PostHog to understand which features are working and where users struggle.
  • Security and fraud prevention: detect and prevent unauthorized access, abuse, or misuse of the service.
  • Legal compliance: comply with applicable laws, respond to valid legal requests, and enforce our Terms of Service.

4. How we share information

We do not sell your personal information. We share information only with the following categories of recipients, all under contractual confidentiality and data-protection obligations:

Subprocessors

  • Vercel — hosting and serverless infrastructure (United States)
  • Supabase — Postgres database, auth, and file storage (United States)
  • Stripe — payment processing (United States)
  • Resend — transactional email delivery (United States)
  • PostHog — product analytics (United States, EU options available)
  • Anthropic — AI inference for report generation and opportunity-gap analysis (United States)
  • Firecrawl — automated retrieval of publicly accessible competitor web pages (United States)
  • Google — Maps and Places APIs for competitor data lookup (United States)

Legal disclosures

We may disclose information when required by law, to respond to lawful subpoenas or court orders, to enforce our Terms of Service, to protect our rights or the safety of others, or in connection with a merger, acquisition, or sale of all or part of our business. In the latter case you will be notified and the acquiring entity will be bound by this Privacy Policy.

5. Data retention

We retain your account information for as long as your account is active. If you delete your account, we delete your personal information within 30 days of receiving the deletion request, except where we are required to retain it by law (for example, billing records under tax law).

Aggregated and de-identified data — that cannot be linked back to you — may be retained indefinitely for analytics and product-improvement purposes.

Public data we have collected about competitor practices (from Google Places, NPI, etc.) is not personal information and is retained as part of our service database.

6. Your rights

Depending on where you live, you may have rights under applicable privacy laws (including the EU/UK GDPR and the California Consumer Privacy Act). These may include the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your information (subject to legal-retention exceptions)
  • Export your information in a portable format
  • Object to or restrict certain processing
  • Opt out of any future marketing communications
  • Withdraw consent where we rely on consent as the basis for processing

To exercise any of these rights, email hello@dentalmarketscout.com. We will verify your identity (typically by confirming control of the account email address) and respond within 30 days.

7. Cookies & tracking

We use a small number of cookies and similar technologies:

  • Essential cookies— required for login/session management (Supabase Auth) and for Stripe's checkout. The service will not function without these.
  • Analytics cookies— set by PostHog to measure feature usage and improve the product. You can block these with your browser's tracking-protection settings or with browser extensions; doing so will not affect the functionality of your account.

We do not use advertising cookies, third-party retargeting pixels, or similar tracking on the dashboard side of the product.

8. International transfers

Our service and subprocessors are based in the United States. If you access the service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on standard contractual safeguards and the appropriate legal mechanisms for international transfers as required by applicable law.

9. Children's privacy

Our service is intended for adults aged 18 or older who are authorized representatives of dental practices. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact us at hello@dentalmarketscout.com and we will delete it.

10. Security

We take reasonable technical and organizational measures to protect your information:

  • All traffic is encrypted in transit (HTTPS / TLS).
  • Database access is restricted via Supabase Row-Level Security policies — for example, you can only see your own orders and your own practice's data.
  • Passwords are stored hashed by Supabase Auth; we never store cleartext passwords or have access to them.
  • Payment information is handled exclusively by Stripe; we do not store full card numbers or CVV codes.
  • Administrative access is restricted to authorized personnel and audited.

No internet service is 100% secure. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service offering, or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last changed.

For material changes, we will provide additional notice (such as an in-app notification or email) before the changes take effect.

12. Contact

Questions about this Privacy Policy or about how we handle your information? Get in touch:

You can also review our Terms of Service.