1. Who We Are
This Privacy Policy explains how Branda LLC ("BrandaCare", "we", "us", or "our") collects, uses, and protects your personal information when you visit brandacare.com, use our AutoVerify service, or otherwise interact with us.
BrandaCare provides automated dental insurance eligibility verification ("AutoVerify") and related services to dental practices in the United States. We are a Florida-registered limited liability company.
2. Information We Collect
2.1 Information You Provide Directly
When you sign up for AutoVerify or contact us, we collect:
- Practice information: practice name, address, NPI number, tax ID
- Contact information: name, role, email address, phone number
- Authentication credentials: Open Dental customer number, API access tokens
- Signed documents: Service Agreement, Business Associate Agreement (BAA), with electronic signature, IP address, and timestamp for audit trail
- Communications: messages sent through email, WhatsApp, or contact forms
2.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Device information: browser type, operating system, screen resolution
- Usage data: pages visited, time on page, scroll depth, referring URL
- IP address and approximate location (city / region level)
- Cookies and similar technologies: see our Cookie Policy
2.3 Protected Health Information (PHI)
When you are an active AutoVerify customer, we receive and process Protected Health Information about your patients (member ID, date of birth, insurance carrier information, etc.) solely to perform eligibility verifications on your behalf.
HIPAA Notice: All PHI is handled under a Business Associate Agreement and protected per HIPAA Security Rule (45 CFR Part 164, Subpart C). We do not use PHI for any purpose other than performing the contracted Service. See our HIPAA Compliance Statement.
2.4 Payment Information
Payment processing is handled by Stripe, Inc. We do not store your credit card numbers, CVV, or full bank account details on our servers. Stripe maintains PCI-DSS compliance for all payment data. See Stripe's Privacy Policy.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the AutoVerify service
- Process payments and manage your subscription
- Communicate with you about your account, support requests, service updates, and important notices
- Comply with legal obligations (HIPAA, IRS, applicable state laws)
- Detect, prevent, and address technical issues, fraud, and security incidents
- Analyze website usage to improve our content and user experience
- Measure the performance of marketing activities (with your consent for marketing cookies)
We do not sell your personal information. We do not use PHI for marketing under any circumstances.
4. How We Share Information
We share information only with the following categories of recipients, and only as necessary:
4.1 Service Providers (Sub-processors)
We work with vetted service providers ("sub-processors") to operate our service. Each provider only receives the minimum information needed for their function and is bound by appropriate data processing agreements (and where applicable, Business Associate Agreements). The categories of providers we use include:
| Category | Purpose |
|---|---|
| Payment processor | Subscription billing, invoice generation, fraud prevention |
| Cloud hosting provider | Website hosting, backups, infrastructure |
| Healthcare clearinghouse partner | Real-time eligibility transactions (ASC X12 270/271) |
| Email and productivity provider | Email communications and internal document collaboration |
| Form submission service | Contact and onboarding form processing |
| Web analytics platform | Aggregated, anonymized usage analysis (with your consent) |
| Marketing analytics platform | Conversion tracking and campaign measurement (with your consent) |
You may request the specific identity of any sub-processor by emailing legal@brandacare.com. We will respond within 30 calendar days.
4.2 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or other legal process, or to protect our rights, property, or safety.
4.3 Business Transfers
If BrandaCare is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5. Data Retention
We retain different types of data for different periods, based on legal, regulatory, and operational requirements:
| Data Type | Retention Period | Reason |
|---|---|---|
| PHI (patient eligibility data) | Returned or destroyed upon termination of services | HIPAA / BAA requirement |
| Practice records and signed agreements (BAA, Service Agreement) | 7 years | HIPAA, IRS, business records standard |
| Billing records (Stripe transactions, invoices) | 7 years | IRS / accounting requirements |
| Technical logs (eligibility verification logs) | 90 days post-cancellation | Operational, audit, dispute resolution |
| Marketing analytics data (cookies, GA, Pixel) | 26 months (Google Analytics default) | CCPA standard, marketing performance |
| Email correspondence | Active subscription + 3 years | Legal claims defense |
| Account contact information | Active subscription + 3 years | Reactivation, legal claims |
6. Your Privacy Rights
Subject to applicable law, you have the following rights regarding your personal information:
- Right to access: request a copy of the personal data we hold about you
- Right to correct: request correction of inaccurate or incomplete data
- Right to delete: request deletion of personal data, subject to legal retention requirements (e.g., HIPAA, IRS)
- Right to portability: request a copy of your data in a structured, machine-readable format
- Right to opt-out of marketing: withdraw consent for marketing cookies and emails at any time
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
To exercise any of these rights, email legal@brandacare.com. We will respond within 30 calendar days. We may need to verify your identity before processing certain requests.
7. California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:
- Right to know what categories of personal information we collect, use, disclose, and sell
- Right to delete personal information (subject to exceptions)
- Right to correct inaccurate information
- Right to opt-out of the sale or sharing of personal information
- Right to limit use of sensitive personal information
BrandaCare does not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising without your explicit consent (which you provide or decline through our cookie banner).
To exercise your CCPA rights, email legal@brandacare.com with subject line: CCPA Request. You may also designate an authorized agent to make a request on your behalf with proof of authorization.
8. Security
We implement industry-standard administrative, physical, and technical safeguards to protect your information, including:
- HTTPS / TLS encryption for all data in transit
- Encryption at rest for stored PHI and sensitive data
- Access controls limiting who can view PHI on a need-to-know basis
- Regular security reviews and audits
- Breach notification procedures consistent with HIPAA and applicable state laws
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notify affected parties promptly in the event of a confirmed breach.
9. Children's Privacy
BrandaCare's services are intended for dental practices and business users. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact legal@brandacare.com and we will promptly delete it.
10. Third-Party Services and Links
Our website may link to third-party websites or services not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any personal information.
11. International Users
BrandaCare is based in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your country. By using our services, you consent to such transfer.
We currently do not target users in the European Economic Area (EEA), United Kingdom, or Switzerland and have not established GDPR-specific compliance procedures. If you reside in these regions and believe your data is being processed by us, please contact legal@brandacare.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active customers by email at least 30 days before the changes take effect
- Post a prominent notice on our website if changes are significant
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
Branda LLC (BrandaCare)
Privacy & Legal: legal@brandacare.com
General Support: hello@brandacare.com
Mailing address: Available upon written request to legal@brandacare.com
Website: brandacare.com