Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

WAVE Dental AI ("WAVE," "we," "us," or "our") provides an artificial-intelligence-powered insurance verification platform designed exclusively for dental practices. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you visit our website at wavedental.io (the "Site"), use our desktop application, or interact with any of our services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact and account information: Name, email address, practice name, practice type, job title or role, and phone number when you book a demo, request access, or contact us.
  • Practice management credentials: Login credentials for dental insurance carrier portals that you voluntarily provide to enable automated verification. These credentials are encrypted at rest and in transit and are used solely to perform verification tasks on your behalf.
  • Patient and subscriber data: Patient names, dates of birth, member identification numbers, insurance plan details, and related demographic information necessary to perform insurance benefit verification through carrier portals and practice management software.
  • Insurance benefit data: Plan coverage percentages, deductibles, maximums, frequency limitations, waiting periods, coordination of benefits details, eligibility status, and other benefit information retrieved from carrier portals during the verification process.
  • Communications: Any messages, feedback, or correspondence you send to us via email or other channels.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, verification volume, error logs, and timestamps associated with your use of the Services.
  • Device and browser data: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Cookies and similar technologies: We use cookies and local storage to maintain session state, remember preferences, and analyze usage patterns. You may control cookie settings through your browser.

2.3 Information From Third-Party Sources

  • Insurance carrier portals: Benefit data, eligibility status, plan documents, and coverage details retrieved on your behalf during the automated verification process.
  • Practice management software: Patient records, insurance plan information, subscriber details, and benefit configurations accessed through authorized API integrations with your practice management system.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Services: Automate insurance benefit verification by accessing carrier portals, retrieving benefit data, generating structured verification reports, and writing verified data back to your practice management software.
  • Generate verification documents: Produce standardized benefit breakdown PDFs and upload them to patient records in your practice management system.
  • Validate data accuracy: Cross-reference information from multiple sources using deterministic analysis and artificial intelligence to ensure the accuracy and completeness of verification results.
  • Communicate with you: Respond to inquiries, send service-related notifications, provide technical support, and deliver information about product updates.
  • Improve our Services: Analyze usage patterns, diagnose technical issues, enhance verification accuracy, and develop new features.
  • Ensure security: Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
  • Comply with legal obligations: Meet applicable legal, regulatory, and contractual requirements.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • With your practice management software: To write verified benefit data, update patient records, and upload verification documents as part of the core service functionality you have authorized.
  • With insurance carrier portals: To submit patient lookup queries and retrieve benefit information on your behalf using the credentials you provide.
  • With service providers: We engage trusted third-party providers for AI processing, cloud infrastructure, email delivery, and scheduling services. These providers are contractually bound to use your information only as necessary to perform services on our behalf and to maintain appropriate security measures.
  • For legal compliance: When required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of WAVE, our users, or the public.
  • In connection with business transfers: If WAVE is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information. These measures include:

  • Encryption of sensitive data at rest and in transit using industry-standard protocols.
  • Secure credential storage with encryption for all carrier portal and practice management system credentials.
  • Access controls that limit information access to authorized personnel and systems on a need-to-know basis.
  • Automated session management and cleanup procedures that remove temporary data after verification tasks are completed.
  • Audit logging of verification activities and data access events.
  • Regular security assessments and updates to address emerging threats.

While we strive to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may arise.

6. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Verification data: Raw carrier portal data and downloaded documents are retained temporarily during the verification session and cleaned up automatically thereafter. Only the most recent verification sessions per patient are retained locally for re-processing purposes.
  • Generated reports: Verification PDF reports are uploaded to your practice management system and may be retained locally for a limited period.
  • Account and contact information: Retained for as long as your account is active or as needed to provide the Services.
  • Audit and error logs: Retained for a limited period to support troubleshooting and quality assurance.

7. HIPAA and Protected Health Information

WAVE processes patient demographic and insurance benefit information on behalf of dental practices. To the extent that such information constitutes Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"), WAVE acts as a Business Associate of the dental practice.

We will enter into a Business Associate Agreement ("BAA") with each covered entity as required by HIPAA. Our obligations with respect to PHI are governed by the terms of the applicable BAA and HIPAA regulations, including the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

We do not use PHI for marketing purposes, do not sell PHI, and limit our use and disclosure of PHI to the minimum necessary to perform the verification services authorized by the dental practice.

8. Artificial Intelligence and Automated Processing

Our Services use artificial intelligence and machine learning technologies to assist in extracting, structuring, and validating insurance benefit information from carrier documents and portal data. Specifically:

  • AI models process document text to identify and extract coverage details, financial limits, frequency limitations, and other benefit parameters.
  • Extracted data is validated against deterministic analysis and structured schemas to ensure accuracy before being presented or written to your practice management system.
  • AI processing is used to supplement, not replace, deterministic data extraction methods. Multiple validation layers are applied to AI-derived outputs.
  • We do not use your patient data to train general-purpose AI models. Information processed by AI is used solely to deliver verification results for the specific request.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data portability: Request a machine-readable copy of your personal information.
  • Withdrawal of consent: Where processing is based on consent, you may withdraw consent at any time.
  • Opt-out of communications: You may opt out of marketing communications at any time by contacting us.

To exercise any of these rights, please contact us at info@wavedental.io. We will respond to verified requests within the timeframes required by applicable law.

10. Third-Party Services

Our Services may integrate with or rely on the following categories of third-party services:

  • AI and language model providers: For structured data extraction from insurance documents.
  • Cloud infrastructure providers: For secure hosting, storage, and computing resources.
  • Email and communication services: For delivering service notifications, two-factor authentication codes, and support communications.
  • Scheduling services: For managing demo bookings and appointments.
  • Practice management software providers: For reading and writing patient and insurance data through authorized API connections.

Each third-party provider operates under its own privacy policy. We encourage you to review the privacy practices of any third-party services that interact with our platform.

11. Children's Privacy

Our Services are designed for use by dental practice professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. The patient information processed through our Services (which may include information about minors) is provided by and controlled by the dental practice as part of the authorized verification workflow.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

WAVE Dental AI
Email: info@wavedental.io