Next Patient DentalNext Patient Dental
Privacy & Data Handling

How We Protect Your Practice and Patient Data

Next Patient Dental operates with HIPAA-aware practices. This page explains what data we collect, how we protect it, how long we keep it, and who we share it with.

What Data We Collect

We collect only the information needed to deliver patient acquisition services. We do not collect protected health information (PHI) or medical records.

Practice Information

Examples: Practice name, address, phone, email, website, provider names, services offered, operatories, and market location.

Why: To build accurate campaigns, landing pages, and creative that reflects the real practice.

Campaign & Lead Data

Examples: Ad performance metrics, lead form submissions, inquiry details, cost per lead, and appointment booking outcomes.

Why: To optimize campaigns, report on performance, and improve patient acquisition cost over time.

Patient Inquiry Data

Examples: Name, phone number, email, and treatment interest submitted through lead forms or messaging.

Why: To route inquiries to the practice, support follow-up workflows, and track booking conversion.

How We Protect Data

Security is built into how we operate — not an afterthought.

256-Bit TLS Encryption

All data in transit is encrypted using industry-standard TLS 1.3. Lead form submissions, dashboard access, and API calls are secured end-to-end.

US-Based Cloud Infrastructure

Data is stored and processed on US-based servers. We do not move practice or patient data offshore.

No Data Reselling

We do not sell, rent, or share practice or patient data with third-party marketers, aggregators, or data brokers.

Role-Based Access

Only assigned team members have access to a practice's account data. Access is reviewed quarterly.

Audit-Ready Logs

Campaign and lead system activity is logged for compliance review. Practices can request performance and handling reports.

Vendor Vetting

All vendors, tools, and platforms we use are evaluated for security posture and data handling practices before integration.

Data Retention

We keep data only as long as necessary to provide services and meet legal obligations.

Active Accounts

Campaign, lead, and performance data is retained for the life of the active engagement plus 90 days.

Account Closure

Upon written request or account closure, practice-specific data is deleted or anonymized within 30 business days, unless legal retention requirements apply.

Backups

Encrypted backups are retained for 90 days for system recovery, then purged automatically.

Who We Share Data With

We share data only with service providers directly involved in running campaigns and supporting bookings.

Meta / Google

Ad platforms receive the minimum data needed to run campaigns: audience signals, conversion events, and campaign configuration. No patient medical records are shared.

AI Follow-Up Tools

Lead contact details may be processed through HIPAA-aware AI communication tools to support automated follow-up. These tools are bound by data processing agreements.

Virtual Assistants

When booking support is included, trained virtual assistants access lead contact information only for the purpose of scheduling and confirming appointments.

No Unauthorized Sharing

We do not share data with unrelated third parties, advertisers, or data resellers.

Your Rights

Practices have the right to:

  • Request a copy of the data we hold about their practice
  • Request correction or deletion of inaccurate or outdated information
  • Request an export of campaign and lead performance data
  • Withdraw consent for data processing (subject to contractual and legal obligations)
  • Ask questions about how data is handled at any time

Important Disclaimer

Next Patient Dental is a marketing services agency, not a covered entity under HIPAA. We do not access, store, or transmit protected health information (PHI) or electronic protected health information (ePHI). The data we handle is limited to marketing, campaign, and lead contact information. Practices remain responsible for their own HIPAA compliance within their patient care and record-keeping systems.

Questions about privacy or data handling? Contact us at privacy@nextpatientdental.com

Last updated: May 18, 2026

See also our Cookie Policy.