Home Policies Privacy Policy

Privacy Policy

Effective Date: August 10, 2025

Last Updated: August 10, 2025

1. Introduction

Jaxson is an AI-powered chat application designed specifically for dental front office staff to ask questions about office policies and procedures using uploaded documents. This Privacy Policy explains how we collect, use, protect, and share information when you use our service.

This policy applies to dental practices and their staff who use Jaxson ("you" or "users") and describes our practices regarding the personal information and data we process through our platform.

2. Information We Collect

2.1 Account Information

  • User Accounts: Email addresses, encrypted passwords, user roles (Admin, Employee), account status, creation timestamps, and last login times
  • Organization Data: Dental practice name, organization keys, and account status
  • Authentication Data: JWT tokens, session information, and security tokens for password resets and admin invitations

2.2 Document Content

  • Uploaded Documents: Files you upload including PDFs, Word documents, text files, and other practice-related documents
  • Google Docs Integration: Content from Google Docs you choose to sync with our system via OAuth integration
  • Document Metadata: File names, upload timestamps, file types, processing status, and document indexing information
  • AI Processing Data: Semantic embeddings and chunks created from your documents for search functionality

2.3 Chat Interactions

  • Conversation Data: Questions you ask, AI responses provided, conversation history within chat sessions
  • Usage Analytics: Response times, source documents referenced, query frequency, and effectiveness metrics
  • Session Information: Chat session IDs, timestamps, and interaction patterns

2.4 Technical and Security Data

  • Security Information: IP addresses (for rate limiting and security), user agents, login attempts, and authentication logs
  • System Logs: API usage, error logs, performance metrics, and system diagnostic information
  • Analytics Data: Aggregated usage statistics, feature utilization, and system performance data

3. How We Use Your Information

3.1 Core Service Functionality

  • AI-Powered Assistance: Process your questions using artificial intelligence to provide relevant answers from your practice documents
  • Document Search: Create searchable indexes of your documents using semantic analysis and vector embeddings
  • User Authentication: Verify user identity and maintain secure access to your organization's data
  • Content Organization: Organize and categorize your documents for efficient retrieval

3.2 System Operations

  • Performance Monitoring: Analyze system performance and optimize response times
  • Security Protection: Monitor for unauthorized access, prevent abuse, and maintain system security
  • Service Improvement: Understand usage patterns to enhance features and user experience
  • Technical Support: Diagnose and resolve technical issues

3.3 Administrative Functions

  • User Management: Enable organization administrators to manage user accounts and permissions
  • Analytics and Reporting: Provide usage insights and system analytics to organization administrators
  • Compliance Support: Maintain audit logs and documentation to support regulatory compliance efforts

4. Data Storage and Security

4.1 Infrastructure Security

  • Cloud Infrastructure: We use Amazon Web Services (AWS) cloud infrastructure with enterprise-grade security
  • Data Encryption: All documents are encrypted using AES encryption before storage in AWS S3
  • Transmission Security: All data transmitted between your browser and our servers is protected using HTTPS/TLS encryption
  • Access Controls: Multi-layered access controls ensure only authorized users can access organization data

4.2 HIPAA-Aligned Security Features

Our platform includes technical safeguards designed to support HIPAA compliance requirements:

  • Encryption at Rest and in Transit: All practice documents are encrypted both when stored and transmitted
  • Access Controls: Role-based access controls with user authentication and organization-level data isolation
  • Audit Logging: Comprehensive logging of user activities, data access, and system events
  • Data Segregation: Organization-level data isolation ensures practice data remains separate
  • Secure Authentication: BCrypt password hashing, JWT tokens, and secure session management

Important Note: While Jaxson provides HIPAA-aligned technical safeguards, dental practices are responsible for ensuring their overall use of the system complies with HIPAA requirements, including obtaining necessary Business Associate Agreements and implementing appropriate administrative safeguards.

4.3 Data Organization

  • Organization Isolation: Each dental practice's data is completely isolated from other organizations
  • User Permissions: Access to data is restricted based on user roles and organization membership
  • Vector Database Security: AI embeddings are stored in AWS OpenSearch with organization-specific access controls

5. Third-Party Services

5.1 Amazon Web Services (AWS)

We use the following AWS services to operate our platform:

  • Amazon S3: Encrypted document storage
  • Amazon OpenSearch: Vector database for semantic search capabilities
  • Amazon Bedrock: AI language model services for generating responses
  • Amazon SES: Email delivery for password resets and notifications
  • AWS CloudFront: Content delivery network for improved performance

5.2 Google Services

  • Google Drive/Docs Integration: When you choose to connect Google Docs, we access only the specific documents you authorize through OAuth
  • Google OAuth: Secure authentication for Google services integration
  • Data Scope: We only access documents you explicitly configure for synchronization

5.3 Email Services

  • SMTP Providers: We use secure email services to send password reset emails and administrative notifications
  • Email Security: All emails are sent using TLS encryption and include security warnings about link expiration

6. Data Retention

6.1 Active Account Data

  • User Accounts: Maintained while your organization's account is active
  • Documents: Stored until explicitly deleted by authorized users
  • Chat History: Retained for analytics and service improvement purposes

6.2 Deleted Data

  • Account Deletion: When users are deleted, their account data is marked as deleted but may be retained for audit purposes
  • Document Deletion: Documents are removed from our systems when deleted by authorized users
  • Organization Termination: All organization data is securely deleted upon account termination

6.3 Legal and Compliance Retention

Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Your Rights and Controls

7.1 Access and Control

  • Data Access: Organization administrators can access all data associated with their practice
  • User Management: Administrators can create, modify, and deactivate user accounts
  • Document Control: Authorized users can upload, view, and delete documents

7.2 Data Portability

  • Document Export: You can download your uploaded documents at any time
  • Data Export: Upon request, we can provide your organization's data in a machine-readable format

7.3 Deletion Rights

  • Individual Documents: Users can delete specific documents from the system
  • Account Data: Organization administrators can request deletion of user accounts
  • Complete Deletion: Organizations can request complete deletion of all their data

8. Data Sharing and Disclosure

8.1 No Sale of Data

We do not sell, rent, or trade your personal information or document content to third parties.

8.2 Service Providers

We may share data with trusted service providers (like AWS) who help us operate our platform, subject to confidentiality agreements and security requirements.

8.3 Legal Requirements

We may disclose information if required by law, legal process, or to protect our rights, property, or safety.

9. International Data Transfers

Our services are hosted in the United States using AWS infrastructure. By using our service, you consent to the transfer and processing of your data in the United States, which may have different privacy laws than your jurisdiction.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to organization administrators
  • Updating the "Last Updated" date at the top of this policy

11. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
Email: boller002@gmail.com

For technical support or account-related inquiries, please contact your system administrator or our support team.

12. Compliance and Certifications

12.1 Healthcare Data Protection

Our platform is designed with healthcare data protection in mind and includes technical safeguards that align with HIPAA requirements. However, achieving full HIPAA compliance requires both technical and administrative safeguards that must be implemented by your dental practice.

12.2 Industry Standards

We follow industry best practices for data security and privacy protection, including:

  • SOC 2 Type II compliance principles
  • GDPR privacy by design principles
  • CCPA consumer rights protections

This Privacy Policy is designed to be transparent about our data practices while supporting your dental practice's compliance obligations. If you have specific compliance questions, please consult with your legal counsel.

← Back to Home