Privacy Policy

Last Updated: March 21, 2026

Purechart AI LLC (“Purechart,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website www.purechart.com, use our mobile applications, or access any of our services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

1. Data Controller & Contact Information

Purechart AI LLC is the data controller responsible for your personal information. For any questions or concerns regarding this Privacy Policy or our data practices, you may contact us at:

  • Email: privacy@purechart.com
  • Address: 30 N Gould St Ste N, Sheridan, WY 82801
  • Website: www.purechart.com

2. Information We Collect

2.1 Information You Provide Directly

We may collect the following categories of personal information that you voluntarily provide to us:

CategoryExamples
Account InformationName, email address, phone number, username, password
Business InformationPractice name, business address, NPI number, license information
Patient InformationPatient names, contact information, appointment records, treatment history, consent forms
Payment InformationCredit card numbers, billing address, bank account details
Employment InformationStaff names, roles, timeclock records, payroll data, work schedules
CommunicationsSupport tickets, feedback, survey responses, email correspondence
Identity VerificationGovernment-issued ID, professional credentials, NFC/access control data

2.2 Information Collected Automatically

When you access our Services, we may automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, browser type and version
  • Usage Data: Pages visited, features accessed, clickstream data, time spent on pages, referring URLs
  • Location Data: GPS coordinates (for timeclock verification), IP-based geolocation, Wi-Fi access point data
  • Log Data: Server logs, error reports, access timestamps, API call records
  • Cookies & Tracking Technologies: Cookies, web beacons, pixels, and similar technologies for analytics and personalization

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Identity verification services
  • Payment processing partners
  • Dental and medical laboratory partners
  • Social media platforms (when you log in via third-party authentication)
  • Business partners and referral sources

3. How We Use Your Information

We use the information we collect for the following purposes:

  1. Providing, maintaining, and improving our Services
  2. Processing appointments, scheduling, and patient management
  3. Managing timeclock, payroll, and workforce operations
  4. Processing lab orders and tracking their status
  5. Managing door access control and facility security
  6. Processing payments and billing
  7. Sending appointment reminders, notifications, and service-related communications
  8. Providing customer support and responding to inquiries
  9. Conducting analytics to improve user experience and service quality
  10. Detecting, investigating, and preventing fraud, unauthorized access, or illegal activity
  11. Complying with legal obligations, including HIPAA and state healthcare regulations
  12. Enforcing our Terms of Use and other agreements
  13. Sending promotional communications (with your consent, where required)
  14. Generating de-identified, aggregated analytics and reports

4. Legal Bases for Processing

We process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing required to provide Services under our agreement with you
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring security
  • Legal Obligation: Processing required to comply with applicable laws, regulations, and legal processes
  • Vital Interests: Processing necessary to protect someone's life or physical safety

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who assist in providing our Services (e.g., cloud hosting, payment processing, email delivery, analytics)
  • Business Partners: Dental labs, medical suppliers, and integrated third-party services that you connect through our platform
  • Within Your Organization: Other authorized users within your practice or business account
  • Legal Requirements: When required by law, regulation, legal process, or governmental request
  • Protection of Rights: To protect the rights, property, or safety of Purechart, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
  • With Your Consent: When you have provided explicit consent for a specific disclosure

6. HIPAA Compliance

Purechart understands that our healthcare customers are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”). When Purechart processes Protected Health Information (“PHI”) on behalf of a Covered Entity, we do so as a Business Associate.

We enter into Business Associate Agreements (“BAA”) with our customers as required by HIPAA. Our obligations with respect to PHI are governed by the terms of the applicable BAA, which may supplement or supersede certain provisions of this Privacy Policy with respect to PHI.

Our HIPAA compliance measures include:

  • Encryption of PHI in transit and at rest
  • Role-based access controls and authentication
  • Audit logging of all access to PHI
  • Regular security risk assessments
  • Employee training on HIPAA requirements
  • Breach notification procedures as required by the HIPAA Breach Notification Rule
  • Policies for secure disposal of PHI

7. Data Security

We implement industry-standard technical, administrative, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, or disclosure. These measures include:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA) options
  • Regular penetration testing and vulnerability assessments
  • Intrusion detection and monitoring systems
  • Secure cloud infrastructure with SOC 2 Type II certified providers
  • Access controls based on the principle of least privilege

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Specific retention periods depend on:

  • The nature of the data and the purposes for processing
  • Applicable legal, regulatory, or contractual retention requirements
  • Whether there is an ongoing business need (e.g., active account, pending dispute)
  • Your instructions or requests regarding deletion

When personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention policies.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you. Our use of cookies includes:

  • Essential Cookies: Required for the operation of our Services (e.g., authentication, security)
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
  • Functional Cookies: Enable enhanced functionality and personalization
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign performance

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

10. Communications & Marketing

We may send you service-related communications, such as appointment reminders, account notifications, and security alerts. These are necessary for the operation of our Services and cannot be opted out of while you maintain an active account.

With your consent (where required), we may also send promotional communications about new features, products, or services. You can opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at privacy@purechart.com

11. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@purechart.com, and we will take steps to delete such information.

Healthcare providers using our Services may enter patient information for minors as part of their clinical records. Such information is processed under the authority of the healthcare provider and is subject to the applicable BAA and HIPAA regulations.

12. Your Privacy Rights

12.1 U.S. State Privacy Rights (CCPA/CPRA and Similar Laws)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt Out: Opt out of the sale or sharing of your personal information (note: we do not sell personal information)
  • Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To exercise any of these rights, please contact us at privacy@purechart.com or submit a request through your account settings. We will verify your identity before processing your request.

12.2 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request restriction of processing of your data
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

13. International Data Transfers

Our Services are primarily hosted and operated in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

Where required, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

14. Third-Party Links & Integrations

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a new “Last Updated” date and, where appropriate, provide additional notice (such as email notification or in-app alert).

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@purechart.com
  • Address: 30 N Gould St Ste N, Sheridan, WY 82801
  • Website: www.purechart.com

For HIPAA-related inquiries, please contact our Privacy Officer at privacy@purechart.com with the subject line “HIPAA Inquiry.”