Your Data. Protected.

We take security and privacy seriously. Here's how we protect your information and what you can expect from us.

Our Security Commitment

We're a focused company building tools for dental practices—not a data company looking to monetize your information. Security isn't an afterthought; it's foundational to how we operate.

Secure by Design

Industry-standard encryption protects your data in transit and at rest.

Transparent Practices

Clear policies on what we collect, how we use it, and who has access.

Your Data, Your Rights

You own your data. We don't sell it. You can delete it anytime.

Data Security

Technical safeguards that protect your information at every layer.

Encryption in Transit

All data transmitted to and from our service is encrypted using TLS 1.3+ protocols.

Encryption at Rest

Stored data is encrypted using AES-256 encryption standards.

SOC 2 Type II Hosting

Our infrastructure is hosted in SOC 2 Type II certified data centers.

Multi-Factor Authentication

MFA is available to add an extra layer of protection to your account.

Vulnerability Scanning

Automated security scanning helps identify and address potential vulnerabilities.

Breach Notification

In the event of a data breach, we notify affected users within 72 hours.

Privacy Principles

We believe your data belongs to you. Our privacy practices reflect that.

  • We don't sell your data. Ever. Your information is not a product.
  • You own your data. You retain full ownership of everything you submit.
  • We use de-identified data only to improve our methodology and benchmarks.
  • Your practice data stays confidential. We don't share identifiable information with competitors or third parties.

No Patient Data (PHI)

We do NOT collect, store, or process Protected Health Information (PHI) as defined under HIPAA.

CapexGPT is designed strictly for equipment and financial analysis. We do not offer a HIPAA Business Associate Agreement (BAA).

Do not submit patient records, names, dates of birth, treatment histories, or any individually identifiable health information to our service.

Data Retention

Account Data

90 Days

After account termination, then permanently deleted

Capex Reports

24 Months

For quality assurance and methodology validation

Payment Records

7 Years

For tax and regulatory compliance

Your Rights

You have control over your data. Here's what you can do.

Right to Access

Request a copy of the data we have about you.

Right to Delete

Request deletion of your personal information.

Right to Correct

Update or correct inaccurate information.

Right to Opt Out

Unsubscribe from marketing communications anytime.

Questions About Security or Privacy?

We're happy to answer any questions about how we protect your data.

Privacy Policy Terms of Service

Or email us directly at support@capexgpt.com