Privacy Notice

YM Dental Lab ("YM," "we," "us") provides the YM Design Portal — a web service that lets dental professionals submit intraoral scans and supporting case data so our certified designers can build digital restorations. This Privacy Notice describes what information we collect, why, and how we handle it.

1. Information we collect

• Account information: name, email, phone, practice name and address, dental license number, NPI.
• Case information: patient first name, last name (or initials), tooth numbers, restoration type, intraoral scans (STL / PLY / DCM), photos, and any clinical notes you provide.
• Payment information: handled by Stripe Checkout. The card itself never reaches our servers — Stripe holds it; we hold only Stripe's tokenized customer + payment-method references so we can charge you next time without re-typing the card.
• Usage data: timestamps of logins, file uploads, downloads, and other portal actions, recorded for security and audit purposes.

2. How we use it

• To design the restoration you've submitted and deliver the finished design files.
• To bill you for the service via Stripe (or via monthly statement for Net-30 customers).
• To verify your professional credentials with public registries (e.g., NPPES) before activating your account.
• To respond to your support requests and operate the portal (security, error monitoring, abuse prevention).

3. Patient information

Patient information you submit through the portal may, depending on what your practice chooses to send, qualify as Protected Health Information under HIPAA. If your practice requires a Business Associate Agreement, email info@ymdental.com — the BAA, not this notice, governs that relationship. As a practical matter, please send the minimum patient information needed for the design (e.g., chart number or initials rather than full names where it works for your records).

4. Sharing

We do not sell or rent your data or your patients' data. We share only with:

• Service providers under contract — Stripe (payments), AWS (hosting + storage), Twilio (SMS, when you opt in), Sentry (error monitoring with PHI scrubbing).
• Authorities — only when required by valid legal process and only the narrowest information responsive.

5. Storage & security

Files are encrypted in transit (TLS) and at rest (AES-256 server-side). Access is gated by per-user authentication, role-based authorization, and audit logging. We retain case files in line with HIPAA's six-year minimum and applicable state dental records statutes.

6. Your choices

• You can update your profile information at /doctor/profile at any time.
• SMS alerts are off by default and require explicit opt-in. You can revoke consent on the same page.
• To request deletion of your account, email info@ymdental.com. Some records (invoices, audit logs, completed case files) may be retained for the legal retention period.

7. Cookies

We use cookies for authentication and session integrity. We do not use third-party advertising or tracking cookies. See Cookies for details.

8. Changes

If we materially change this notice, we'll email registered users at the address on file and update the "Last updated" date above. Continued use after the change constitutes acceptance.

9. Contact

YM Dental Lab · 14100 Park Meadow Drive, First Floor · Chantilly, VA 20151
Email: info@ymdental.com · Phone: 703-330-1990