Legal

Privacy Policy

Your privacy matters. This policy explains how Axon Health (“Axon Dental,” “we,” “us,” or “our”) collects, uses, and protects your information.

Effective date: July 8, 2026

1. Who We Are

Axon Health operates the Axon Dental platform, accessible at axondds.com, providing AI-powered practice management tools for dental practices, including reception, billing, clinical documentation, marketing, and patient engagement services. This Privacy Policy applies to our website, platform, and all related services.

2. Information We Collect

Information you provide directly

  • Contact information: name, email address, phone number, and practice name when you book a demo, contact us, or create an account.
  • Account information: login credentials, billing details, and practice configuration data.
  • Communications: messages, feedback, and support requests you send us.

Information collected automatically

  • Usage data: pages visited, features used, clicks, session duration, and referring URLs.
  • Device information: browser type, operating system, screen resolution, and device identifiers.
  • Log data: IP address, access timestamps, and server logs.
  • Cookies and similar technologies: we use cookies, pixels, and session replay tools (see Section 6).

Protected Health Information (PHI)

When dental practices use our platform to manage patient data, we may process Protected Health Information as defined by HIPAA. Our handling of PHI is governed by our Business Associate Agreement (BAA) with each covered entity and is subject to the additional protections described in Section 4.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve our platform and services.
  • Process transactions and manage your account.
  • Communicate with you about your account, updates, and support requests.
  • Analyze usage patterns to improve product experience and performance.
  • Detect, prevent, and address technical issues, fraud, and security threats.
  • Comply with legal obligations and enforce our terms of service.
  • With your consent, send marketing communications about products and features you may find useful.

We do not sell your personal information or PHI to third parties. We do not use PHI for marketing purposes.

4. HIPAA Compliance

Axon Health is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act.

  • Business Associate Agreements: we execute a BAA with every dental practice that uses our platform to process PHI, as required by HIPAA.
  • Minimum necessary standard: we limit access to PHI to only what is necessary to provide our services.
  • Administrative safeguards: workforce training, access controls, security officer designation, and incident response procedures.
  • Technical safeguards: encryption in transit (TLS 1.2+) and at rest (AES-256), audit logging, automatic session timeouts, and multi-factor authentication.
  • Physical safeguards: our infrastructure is hosted on AWS, which maintains SOC 2 Type II, ISO 27001, and HIPAA compliance certifications.
  • Breach notification: in the event of a breach of unsecured PHI, we will notify affected covered entities without unreasonable delay and no later than 60 days after discovery, as required by the HIPAA Breach Notification Rule.

5. Data Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • All data at rest is encrypted using AES-256 encryption.
  • Access to production systems is restricted by role-based access controls and requires multi-factor authentication.
  • We maintain detailed audit logs of system access and data modifications.
  • We conduct regular security assessments and vulnerability scanning.
  • Our infrastructure runs on AWS with automatic backups, redundancy, and disaster recovery capabilities.

While no method of electronic transmission or storage is 100% secure, we take reasonable and appropriate measures to protect your data consistent with industry standards and regulatory requirements.

6. Cookies & Analytics

We use cookies and similar technologies to operate our website and understand how visitors interact with it.

Essential cookies

Required for the website to function. These cannot be disabled.

Analytics

We use PostHog for product analytics and session replay to understand how visitors use our website and to improve user experience. PostHog collects usage data such as page views, clicks, and session recordings. This data is processed in accordance with PostHog’s privacy practices. You can opt out of session recording by enabling “Do Not Track” in your browser settings.

Managing cookies

Most browsers allow you to control cookies through their settings. Restricting cookies may affect your experience on our website.

7. Third-Party Services

We may share information with the following categories of third-party service providers:

  • Cloud infrastructure: Amazon Web Services (AWS) for hosting, storage, and computing.
  • Analytics: PostHog for website analytics and product insights.
  • Payment processing: payment processors to handle billing securely (we do not store full payment card details).
  • Communication tools: email and scheduling platforms to facilitate demos and support.

Each third-party provider is contractually obligated to protect your data and may only use it to provide the services we have engaged them to perform. Where PHI is involved, we maintain appropriate BAAs with sub-processors.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymize it.

PHI is retained in accordance with HIPAA requirements and the terms of our BAA with each covered entity. Upon termination of services, we will return or destroy PHI as specified in the applicable BAA.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion of your personal information, subject to legal retention requirements.
  • Data portability: receive your data in a structured, commonly used format.
  • Opt out: opt out of marketing communications at any time by clicking “unsubscribe” or contacting us.
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at team@axondds.com. We will respond within 30 days.

Patient rights under HIPAA

If you are a patient of a dental practice that uses our platform, your rights regarding your health information (including access, amendment, accounting of disclosures, and restrictions) are governed by your provider’s Notice of Privacy Practices. Please contact your dental provider directly for health-information requests.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

  • Right to know: what personal information we collect, use, disclose, and sell.
  • Right to delete: request deletion of your personal information.
  • Right to opt out: opt out of the sale or sharing of personal information. We do not sell personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.
  • Right to correct: request correction of inaccurate personal information.
  • Right to limit: limit the use and disclosure of sensitive personal information.

To exercise these rights, contact us at team@axondds.com.

11. Children’s Privacy

Our website and services are not directed at children under 13. We do not knowingly collect personal information from children under 13 through our website. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Dental practices using our platform may store records for minor patients as part of their clinical operations. Such data is treated as PHI and protected under HIPAA and our BAA.

12. International Data Transfers

Our services are hosted in the United States. If you access our website from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to the transfer of your information to the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” at the top of this page and, where required, notify you by email or through a notice on our website. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or would like to exercise your privacy rights, contact us:

Axon Health

Email: team@axondds.com

Website: axondds.com