We take your privacy seriously and we don't hide behind legalese to do it. Here's the short version: We only access the data we need to fill your open appointments, we never sell your information to anyone, and we follow strict healthcare privacy rules (HIPAA) to keep it safe. The full details are below.

FillChairs, LLC (“FillChairs,” “we,” “our,” or “us”) provides a software-as-a-service (“SaaS”) platform that helps dental practices automatically fill cancelled and open appointment slots by notifying eligible patients via SMS text messages. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website (fillchairs.com), our platform, and related services (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

FillChairs operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, including the HITECH Act. We enter into a Business Associate Agreement (“BAA”) with each dental practice (“Covered Entity”) before accessing, receiving, or transmitting any Protected Health Information (“PHI”).

We are committed to:

•  Implementing administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule.

•  Using and disclosing PHI only as permitted by the applicable BAA and HIPAA regulations.

•  Reporting any Breach of Unsecured PHI to the Covered Entity without unreasonable delay and in no event later than sixty (60) calendar days after discovery.

•  Ensuring that any subcontractors or agents that access PHI on our behalf agree to substantially similar restrictions and conditions as those imposed on us under our BAAs.

•  Making PHI available to individuals upon request as required by the HIPAA Privacy Rule.

•  Maintaining audit logs and access records as required by the HIPAA Security Rule.

Through our integration with dental practice management systems we may receive the following patient information on behalf of, and at the direction of, the dental practice:

•  Patient name (first and last).

•  Mobile telephone number.

•  Appointment details, including date, time, provider, and status.

•  SMS consent preferences (opt-in/opt-out status).

•  Recall and treatment schedule data.

•  Patient communication logs.

When a dental practice subscribes to FillChairs, we collect:

•  Practice name, address, and contact information.

•  Authorized representative name and email address.

•  Billing and payment information (processed by our third-party payment processor).

•  API credentials and configuration data.

When you visit fillchairs.com, we may automatically collect:

•  IP address and approximate geolocation.

•  Browser type, operating system, and device information.

•  Pages visited, time spent on pages, and referring URLs.

•  Cookies and similar tracking technologies (see Section 9).

We collect and retain records of SMS messages sent and received through the Service, including message content, delivery status, timestamps, and opt-in/opt-out responses. This data is used exclusively for Service delivery and compliance purposes.

We use the information we collect for the following purposes:

•  Service Delivery: To operate the FillChairs platform, including identifying open appointment slots, matching eligible patients, sending SMS notifications, and processing patient responses.

•  Practice Administration: To manage practice accounts, process payments, and provide customer support.

•  Compliance: To fulfill our obligations under HIPAA, the Telephone Consumer Protection Act (“TCPA”), and other applicable laws.

•  Service Improvement: To analyze usage patterns (in de-identified or aggregated form only) to improve the Service.

•  Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.

•  Communications: To send administrative notices, updates, and support messages to dental practices (not to patients, unless as part of the Service).

FillChairs sends SMS text messages to patients solely on behalf of and at the direction of the subscribing dental practice. The dental practice is the originator of all patient-facing messages and is responsible for obtaining and maintaining proper patient consent.

The dental practice warrants that it has obtained prior express written consent from each patient before patient data is made available to FillChairs for SMS communications, in compliance with the Telephone Consumer Protection Act (47 U.S.C. § 227) and all applicable FCC regulations.

Patients may opt out of receiving SMS messages at any time by replying STOP to any message. Upon receipt of an opt-out request, FillChairs will immediately cease sending messages to that patient and update the patient’s preferences accordingly. The dental practice will be notified of the opt-out.

Message frequency varies based on appointment availability. Messages are limited to appointment-related notifications. FillChairs does not send marketing, promotional, or advertising messages to patients. Standard message and data rates may apply.

We do not sell, rent, or trade patient information or PHI to any third party. We may disclose information only in the following circumstances:

•  Service Providers and Subcontractors: We use carefully selected third-party service providers and cloud infrastructure providers, that are bound by contractual obligations to protect data and, where applicable, have executed BAAs with us.

•  Dental Practices: Patient data processed through the Service is accessible to the subscribing dental practice that is the original source of such data.

•  Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, including to comply with HIPAA breach notification requirements.

•  Business Transfers: In connection with a merger, acquisition, or sale of assets, information may be transferred as part of the transaction, subject to the same privacy protections described herein.

•  Protection of Rights: We may disclose information to protect the rights, property, or safety of FillChairs, our users, or the public as required or permitted by law.

We implement industry-standard administrative, technical, and physical security measures to protect information from unauthorized access, disclosure, alteration, and destruction, including:

•  Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256).

•  Role-based access controls with least-privilege principles.

•  Regular vulnerability assessments and security audits.

•  Secure API authentication and credential management.

•  Automatic session timeouts and multi-factor authentication for administrative access.

•  Incident response plan with documented procedures for identifying, containing, and remediating security events.

While we strive to protect all information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain patient data and PHI only for as long as necessary to provide the Service and comply with our legal obligations. Specifically:

•  Active patient data is retained for the duration of the dental practice’s subscription.

•  Upon termination of a practice’s subscription, all associated PHI is securely deleted or returned to the practice within ninety (90) days, unless retention is required by law.

•  SMS message logs and delivery records are retained for a minimum of six (6) years to comply with HIPAA audit requirements.

•  Website analytics data is retained in de-identified or aggregated form and does not contain PHI.

Our website uses cookies and similar technologies to enhance your browsing experience. We use:

•  Essential Cookies: Required for the website to function properly (e.g., session management, authentication).

•  Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). These cookies collect information in an aggregated, anonymous form.

•  Preference Cookies: Used to remember your settings and preferences.

We do not use advertising or behavioral tracking cookies. You may control cookie preferences through your browser settings. Disabling essential cookies may impair website functionality.

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale or sharing of personal information (note: we do not sell personal information); and (d) not be discriminated against for exercising your privacy rights. PHI handled pursuant to HIPAA is exempt from CCPA/CPRA. To exercise your rights, contact us at the address below.

FillChairs complies with applicable state privacy laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the Texas Data Privacy and Security Act (TDPSA). Residents of these states may exercise applicable rights by contacting us.

Our website respects Do Not Track (“DNT”) browser signals. When we detect a DNT signal, we disable non-essential analytics tracking for that session.

The FillChairs website and dashboard are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13 through our website. Note that dental practices may include minor patients in their appointment systems; any such data is PHI governed by the applicable BAA and HIPAA, and is processed solely at the direction of the dental practice (the Covered Entity).

Our Service integrates with the following categories of third-party services:

•  Practice Management Software: For patient and appointment data.

•  SMS Delivery Providers: For delivering text messages to patients.

•  Cloud Infrastructure Providers: For hosting and data storage.

•  Payment Processors: For subscription billing.

Each third-party provider is selected based on its security posture and, where applicable, willingness to execute a BAA. We encourage you to review the privacy policies of these third-party services.

Dental Practices: You may access, correct, or request deletion of your account information at any time by contacting us. You may also request a copy of all data we hold relating to your practice.

Patients: If you are a patient who has received an SMS from FillChairs on behalf of your dental practice, you may: (a) reply STOP to opt out of future messages; (b) contact your dental practice directly to update or correct your information; or (c) contact us with questions about how your data is processed.

FillChairs operates exclusively within the United States. All data is stored and processed within the United States. We do not transfer data outside the United States.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: (a) update the “Last Updated” date at the top of this policy; (b) provide notice through the Service dashboard for dental practice users; and (c) where required by law, obtain your consent. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

FillChairs, LLC

Email: info@fillchairs.com

Website: fillchairs.com

For HIPAA-related inquiries, please direct correspondence to our Privacy Officer at the email address above.