SmileViz logo
Smile SimulatorVirtual ConsultationSelf-SimulationPricingBlog
SmileViz logo
Smile Simulator
Virtual Consultation
Self-Simulation
Meet the Team
Pricing
SmileViz Blog
Solution
Smile Simulator
During consult - chairside previews
Virtual Consult
Pre-consult . capture leads online
Self-Simulator
In-office . patients try it themselves
Get Access Now
Book Free Demo
Login
Login
Book a Demo

Privacy Policy

On this page

Privacy Policy

Last updated June 4, 2026 · Effective June 4, 2026

SmileViz builds AI smile-preview tools for dental practices. Because our software handles patient photos and treatment information, we hold ourselves to healthcare-grade privacy and security standards. This policy explains what we collect, how we use it, and the choices you and your patients have.

1. Who we are & scope

This Privacy Policy describes how SmileViz LLC ("SmileViz," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our websites, applications, and services (collectively, the "Services"), including the Smile Simulator, Virtual Consultation, and Self-Simulation products.

It applies to two groups: practices — the dental offices, clinicians, and staff who subscribe to and use the Services — and patients — the individuals whose photos, smile concerns, and contact details are submitted to the Services by a practice or by the patient at a practice's invitation.

By using the Services, you acknowledge the practices described in this policy. If you are a patient, the dental practice you interact with controls your information and its own privacy practices also apply.

2. Our role under HIPAA

When a dental practice that is a HIPAA "covered entity" uses our Services to create, receive, store, or transmit protected health information ("PHI"), SmileViz acts as a Business Associate of that practice. In that role we will only use and disclose PHI as permitted by our Business Associate Agreement ("BAA") with the practice and by applicable law.

  • We make a BAA available to every practice whose use of the Services involves PHI, and we sign one before such use begins.
  • We apply HIPAA's "minimum necessary" principle — we use and disclose only the information needed to provide the Services.
  • The practice (covered entity) remains responsible for obtaining any patient consents and authorizations required for treatment, payment, marketing, or other uses of patient information.

HIPAA sets a national floor. More protective state privacy and record-retention laws may also apply, and we design our practices to meet both.

3. Information we collect

From practices & their staff

  • Account & profile data — name, work email, phone, practice name, role, and login credentials.
  • Billing data — plan, subscription status, and limited payment metadata. Card numbers are handled by our payment processor; we do not store full card numbers.
  • Configuration & content — your branding, lead-page settings, links, treatment templates, and notes you add to a case.
  • Usage & device data — log data, IP address, browser/device type, pages viewed, feature usage, and audit-trail events (who accessed what, and when).

From or about patients

  • Photos & images — full-face or close-up smile photos and the AI-generated previews derived from them.
  • Smile concern & intake details — the concern a patient selects (e.g., whitening, alignment, veneers) and any message they submit.
  • Contact details — name and email/phone when a patient submits a virtual consultation or self-simulation, or when a practice enters a patient's mobile number to deliver a simulation link.

4. Patient images & PHI

Patient photos that show a recognizable face, mouth, or any identifier, together with related intake details, are protected health information when handled on behalf of a covered-entity practice. We treat these as our most sensitive category of data.

  • Patient images and previews are encrypted in transit and at rest and are accessible only to the originating practice's authorized users and to the limited SmileViz personnel who need access to operate and support the Services.
  • We do not sell patient information, and we do not use patient images for advertising.
  • Patient images are not used for marketing (e.g., before/after promotion) unless the practice has obtained the patient's specific written authorization and instructs us accordingly.

5. How we use information

We use information to provide, secure, and improve the Services, including to:

  • Generate smile simulations, host lead-capture pages, and deliver consultation responses you create.
  • Authenticate users, maintain audit logs, and protect against fraud, abuse, and security incidents.
  • Provide customer support, send service and billing communications, and administer subscriptions and credits.
  • Maintain, troubleshoot, and improve the reliability and performance of the Services, consistent with our BAA.

6. AI & model training

Our simulations are produced by AI models. To protect patient privacy:

  • We do not use identifiable patient PHI to train general-purpose or third-party AI models.
  • Patient images are processed to generate the requested preview and are handled under the BAA; they are not repurposed for unrelated training without a separate, documented legal basis or de-identification in accordance with HIPAA.
  • Where we use service providers to perform AI processing, those providers are bound by contract (including a BAA where PHI is involved) to safeguard the data and use it only to provide the service to us.

7. Sharing & sub-processors

We do not sell personal information or PHI. We share information only as follows:

  • Within the practice — patient submissions flow to the authorized users of the practice that owns the account.
  • Service providers (sub-processors) — vetted vendors that host infrastructure, process payments, send communications, or perform AI processing on our behalf. Each is bound by confidentiality and data-protection terms, and a BAA where they handle PHI.
  • Legal & safety — when required by law, subpoena, or to protect the rights, safety, and security of users, the public, or SmileViz.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy and applicable BAAs.

A current list of sub-processors is available on request at support@smileviz.com.

8. SMS communications

SmileViz powers SMS notifications on behalf of dental practices. When a patient receives a text message from a SmileViz number, the message is sent at the direction of the dental practice that captured the patient's photo and generated their smile simulation.

How consent is obtained

Patients give consent to receive SMS messages from their dental practice in one of the following ways:

  • Verbally during their in-office visit, when providing their mobile number to the dentist.
  • On the practice's written intake form.
  • On a digital consent form provided by the practice.

Dental practices using SmileViz are required by our Terms of Use to obtain explicit consent before entering any patient's mobile phone number into the SmileViz platform. SmileViz does not initiate SMS communications with anyone whose number has not been entered by a consent-bound practice.

Message content & frequency

Messages contain a one-time secure link to view a personalized smile simulation generated by the patient's dentist. Frequency is variable — typically one message per simulation. SmileViz does not send marketing or promotional content via SMS.

Sample message: "Your smile preview from Dr. Sarah Patel at Bright Smile Dental is ready: https://app.smileviz.com/view/[secure-token]. Reply STOP to opt out. Msg & data rates may apply."

Sender

Messages are sent from a SmileViz toll-free phone number on behalf of the patient's dental practice. The practice and (where available) the doctor's name appear in the message body so recipients can identify the source. The simulation itself lives behind a token-gated, expiring link — no clinical detail appears in the SMS body.

Opt-out

Reply STOP to any message to opt out of future SMS communications immediately. Reply HELP for help, or contact your dental practice directly. Message and data rates from your mobile carrier may apply.

Phone number privacy

SmileViz does not sell, share, or use patient phone numbers for any purpose other than sending the simulation link at the dentist's direction. Phone numbers are stored encrypted at rest and accessed only by authorized practice staff and SmileViz systems acting on behalf of the practice.

Questions about SmileViz SMS practices: support@smileviz.com. Questions about your specific text messages, or to revoke consent outside of replying STOP: contact your dental practice directly.

9. Security safeguards

We maintain administrative, physical, and technical safeguards designed to meet the HIPAA Security Rule, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls — unique user IDs, role-based and least-privilege access, and multi-factor authentication.
  • Audit logging of access and export events, with monitoring for unusual activity.
  • Risk assessments conducted and documented at least annually, with remediation tracking.
  • Workforce training and confidentiality obligations for all personnel with access to PHI.

No method of transmission or storage is perfectly secure, but we work continuously to protect your information and to respond quickly if an issue arises.

10. Retention & deletion

We retain information for as long as needed to provide the Services and as required by our BAA and applicable law.

  • Practices control patient records within their account and can delete cases, leads, and images at any time.
  • On termination, we will return or destroy PHI in accordance with the BAA, subject to legal retention requirements.
  • We retain HIPAA-required compliance documentation for at least six years.
  • Backups are purged on a rolling schedule after deletion from active systems.

11. Your rights & choices

Patients: your dental practice is the controller of your health information. To access, correct, restrict, or delete your records, or to withdraw a consent, contact the practice directly. We will support the practice in honoring valid requests.

Practices & staff: you may access and update account information in your settings, or contact us for help. Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal data, and to object to certain processing.

Marketing emails include an unsubscribe link; transactional and security messages are necessary to operate the Services. To stop SMS messages, reply STOP to any message.

12. Breach notification

If we discover a breach of unsecured PHI, we will notify the affected practice without unreasonable delay and no later than the timeframe required by the BAA and HIPAA, and we will provide the information the practice needs to meet its own notification obligations. We assess incidents using a documented risk assessment and cooperate with the practice's response.

13. Other terms

Children

The Services are intended for use by dental practices. Patient information about minors is submitted by a practice with appropriate parental or guardian consent obtained by the practice.

Changes to this policy

We may update this policy from time to time. We will post the revised version with a new "Last updated" date and, for material changes, provide additional notice to practices.

Data location

We process and store data on infrastructure located in the United States. Where data is transferred across borders, we use appropriate safeguards.

14. Contact us

Privacy / HIPAA inquiries: support@smileviz.com

SmileViz LLC · Texas, USA

To request our current sub-processor list or a Business Associate Agreement, email the address above.

SmileViz logo

AI smile previews that help patients say yes, before, during, and after the consult.

Solutions
Smile SimulatorVirtual ConsultSelf-Simulation
Company
Meet the Team
© 2026 SmileViz LLC
Terms of UsePrivacy Policysupport@smileviz.ai