Privacy Policy

Last updated: March 1, 2026 · Effective: March 1, 2026

Plain-language summary: We collect only what we need to deliver your faxes securely. We never sell your data. We never read your faxes. All transmissions are encrypted end-to-end. We are fully HIPAA compliant.

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing & Disclosure
  5. HIPAA & Protected Health Information
  6. Data Security
  7. Data Retention
  8. Your Rights
  9. Cookies & Tracking
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Who We Are

DDSFAX ("we," "our," or "us") is a HIPAA-compliant cloud faxing service built exclusively for dental practices in the United States. We provide unlimited fax sending and receiving through our web-based platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Practice name and contact person name
  • Email address
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Fax number(s) assigned to your account

Fax Transmission Data

When you send or receive faxes, we process:

  • Sender and recipient fax numbers
  • Date, time, and duration of transmission
  • Number of pages transmitted
  • Transmission status (delivered, failed, pending)
  • The fax content itself (documents, images) — stored encrypted

Billing Information

Payment processing is handled by PayPal. We do not store credit card numbers on our servers. PayPal's privacy policy governs the handling of your payment information.

Usage Data

We collect anonymized usage metrics including pages visited, features used, and general platform performance data. This data cannot be tied to individual fax content.

3. How We Use Your Information

We use your information exclusively to:

  • Deliver your fax transmissions reliably
  • Maintain and secure your account
  • Process your subscription payments
  • Provide customer support when you contact us
  • Send critical service notifications (outages, security alerts, billing)
  • Comply with HIPAA audit and compliance requirements
  • Improve our service through anonymized, aggregated usage patterns

We will never: Sell your data to third parties. Use your data for advertising. Read or analyze the content of your faxes. Share your data with anyone except as required by law or as described in this policy.

4. Information Sharing & Disclosure

We share information only with:

  • Telnyx — Our carrier-grade fax transmission provider. Telnyx processes fax data solely to deliver your faxes and is bound by a Business Associate Agreement (BAA).
  • PayPal — Our payment processor. PayPal receives only billing information necessary to process your subscription.
  • Law enforcement — Only when compelled by valid legal process (subpoena, court order). We will notify you unless legally prohibited from doing so.

5. HIPAA & Protected Health Information

As a service handling fax transmissions for dental practices, we recognize that faxes may contain Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

  • We maintain a comprehensive HIPAA compliance program
  • We execute Business Associate Agreements (BAAs) with all covered entities
  • All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to PHI is strictly limited to automated systems required for transmission
  • We maintain detailed audit logs of all access to PHI
  • Our workforce receives annual HIPAA training

For more details, see our HIPAA Compliance page and Business Associate Agreement.

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit: All data transmitted to and from DDSFAX is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data, including fax documents, is encrypted using AES-256
  • Infrastructure: Our systems run on SOC 2 compliant infrastructure with 99.99% uptime SLA
  • Access controls: Role-based access control (RBAC) with multi-factor authentication for all administrative access
  • Monitoring: 24/7 intrusion detection and automated alerting
  • Incident response: Documented incident response plan with breach notification procedures compliant with HIPAA Breach Notification Rule

7. Data Retention

We retain your data as follows:

  • Fax content: Stored for 90 days after transmission, then permanently deleted. You can delete faxes earlier from your dashboard.
  • Transmission logs: Retained for 7 years to meet HIPAA audit requirements (metadata only — not fax content)
  • Account data: Retained while your account is active and for 30 days after account closure
  • Billing records: Retained for 7 years as required by tax law

8. Your Rights

You have the right to:

  • Access your personal data by logging into your account or contacting us
  • Correct inaccurate information through your account settings
  • Delete your account and associated data by contacting support
  • Export your fax history and account data
  • Opt out of non-essential communications at any time

California residents have additional rights under the CCPA. Contact us at privacy@ddsfax.com to exercise any of these rights.

9. Cookies & Tracking

We use only essential cookies required for:

  • Session authentication (keeping you logged in)
  • Security tokens (CSRF protection)
  • Theme preferences (light/dark mode)

We do not use advertising cookies, tracking pixels, or third-party analytics that identify individual users.

10. Children's Privacy

DDSFAX is a business service designed for dental practices. We do not knowingly collect information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address on file for your account at least 30 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact Us

For privacy-related questions or requests: