Privacy Policy

Canine ("we", "us", "our") operates the web application at caninetrack.com (the "Service"). Canine is a HIPAA Business Associate that provides practice management services to dental practices (Covered Entities). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By using the Service, you agree to the collection and use of information as described in this policy and our Terms of Service. If you do not agree, do not use the Service.

2.1 Account Information

When you create an account, we collect your name, email address, and password. Passwords are hashed and never stored in plain text.

2.2 Practice & Patient Data

You may enter patient names, case information, treatment records, referring doctor details, employee records, and revenue data. This data constitutes electronic Protected Health Information (ePHI) and is subject to HIPAA protections. See our Security & HIPAA Compliance page for details on how ePHI is safeguarded.

2.3 Authentication Data

We store session tokens, multi-factor authentication enrollment data (encrypted TOTP secrets and backup codes), and authentication event logs (login times, password changes).

2.4 Usage & Log Data

When you use the Service, we automatically collect: IP address, browser type, pages visited, timestamps, and HTTP request metadata. This data is collected through server access logs and is used for security monitoring and HIPAA audit compliance.

2.5 AI-Processed Data

If you use AI-assisted features (clinical note transcription, case search), your input is sent to AWS Bedrock or AWS Transcribe Medical for processing. This data is processed transiently and is not stored by the AI service providers beyond the processing window.

• Provide the Service — Store and display your practice data, manage authentication, and deliver application functionality
• Security & Compliance — Monitor for unauthorized access, maintain audit logs, detect suspicious activity, and comply with HIPAA requirements
• Communication — Send email verification, password reset links, and security notifications (we do not send marketing emails)
• Backup & Recovery — Create nightly encrypted backups to protect against data loss
• Improvement — Analyze usage patterns in aggregate to improve application performance and reliability

• Social Security numbers
• Financial account or credit card numbers
• Biometric data
• Precise geolocation data
• Data from minors under 18 (the Service is intended for licensed dental professionals)

Canine uses essential cookies only for authentication session management. We do not use advertising cookies, analytics trackers, or third-party tracking pixels.

We share data with the following subcontractors, solely to operate the Service. As a HIPAA Business Associate, we maintain Business Associate Agreements (BAAs) with each subcontractor that may access ePHI.

We do not sell, rent, or trade your personal information or ePHI to any third party.

• Account & practice data — Retained for as long as your account is active and as required for clinical and legal purposes
• Audit logs — 90 days in active storage, 6 years in encrypted cold storage (HIPAA requirement)
• Backups — 6 years in encrypted S3 with Glacier archival
• Server access logs — 1 year in CloudWatch

We implement administrative, technical, and physical safeguards to protect your data, including: encryption in transit (TLS 1.2+) and at rest (AES-256), multi-factor authentication, automated intrusion detection via WAF, and comprehensive audit logging. For full details, see our Security & HIPAA Compliance page.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your data, subject to legal retention requirements (e.g., HIPAA 6-year retention)
• Portability — Request your data in a structured, machine-readable format
• Opt-Out of Sale — We do not sell personal data, so no opt-out is necessary

To exercise any of these rights, contact the Privacy Officer at the address below. We will respond within 30 days.

Note: For rights related to Protected Health Information (ePHI) under HIPAA — including access, amendment, accounting of disclosures, and restriction requests — please refer to our Notice of Privacy Practices.

We may disclose your information only in the following circumstances:

• Legal obligation — When required by law, court order, or governmental regulation
• Safety — To protect the rights, safety, or property of our users or the public
• Business transfer — In connection with a merger, acquisition, or sale of assets, with equivalent privacy protections maintained
• With your consent — When you have given explicit permission

The Service is intended for use by licensed dental professionals and practice staff. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted at this page (caninetrack.com/privacy-policy) with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

For questions about this Privacy Policy or to exercise your data rights: