PatientLoop Privacy Policy

‍Effective Date: January 1, 2025

Last Updated: December 8, 2025

This Privacy Policy explains how PatientLoop, Inc. (“PatientLoop,” “we,” “us,” “our”) collects, uses, discloses, and protects information when you visit patientloop.com or use the PatientLoop marketing analytics platform, applications, and related services (collectively, the “Service”).

PatientLoop is intended for business users such as dental practices, DSOs, and their authorized marketing agencies. Patients do not use PatientLoop directly.

1) Information We Collect

A. Information You Provide

We may collect information you provide directly, including:

• Account information: name, business email, phone number, role, practice/agency name, credentials, and settings.
  
  
• Support and communications: information shared when you contact support, submit forms, or communicate with us.
  
  
• Billing and contracting info: billing contacts, payment details (processed via third-party processors), and contract metadata.
  
  

B. Information From Integrations You Connect

When you connect third-party tools, we ingest and process data from those tools to provide the Service.

Google integrations (read/ingest only)

• Google Search Console
  
  
• Google Analytics
  
  
• Google Ads
  
  
• Google PageSpeed Insights
  
  

Meta integrations (read/ingest only)

• Meta Business Suite
  
  
• Meta Ads
  
  

Practice systems

• Patient Management Systems (PMS) and other practice tools you authorize.
  
  

Data from these sources may include campaign metrics, traffic and conversion events, lead identifiers, appointment outcomes, and revenue fields relevant to attribution.

Important – Ingest Only / No Sending Back:

PatientLoop only reads/ingests data from Google and Meta. We do not send, share, upload, or sync any data from PatientLoop back to Google or Meta, including any customer lists, offline conversion uploads, enhanced conversions, CAPI events, audience data, or PHI. 

Google Analytics and Ads policies prohibit sending personally identifiable information (PII) or sensitive health information into their systems. You are responsible for ensuring your own tracking configurations comply with those policies. 

C. Automatically Collected Information

We automatically collect:

• Device and usage data: IP address, browser type, device identifiers, log files, pages/screens viewed, timestamps, clickstream and feature usage.
  
  
• Cookies / similar tech: to maintain sessions, remember preferences, and understand Service use.
  
  

2) How We Use Information

We use information to:

1. Provide and operate PatientLoop, including lead tracking, attribution, and marketing ROI reporting.
   
   
2. Process and sync integrations you authorize (ingest-only connections).
   
   
3. Improve accuracy and performance of analytics and attribution models.
   
   
4. Secure the Service, prevent fraud, and enforce our Terms.
   
   
5. Provide support, respond to requests, and communicate about updates.
   
   
6. Comply with law and protect rights and safety.
   
   

We do not use data for advertising to patients or for any non-authorized secondary purpose.

3) HIPAA, PHI, and Limited Purpose Use

PatientLoop may process Protected Health Information (PHI) when dental practices connect PMS or other systems.

• PatientLoop acts as a Business Associate to Practices (Covered Entities) when PHI is involved.
  
  
• Scope limitation: We process PHI only to measure marketing performance and ROI for the applicable Practice(s).
  
  
• No ad-platform disclosure: We do not disclose PHI to Google, Meta, or any advertising platform for their independent use.
  
  
• No sending back policy: As stated above, PatientLoop does not upload or transmit any PatientLoop data to Google or Meta.
  
  

Marketing agencies accessing PHI through PatientLoop represent that they hold direct BAAs with each applicable Practice authorizing such access and use.

4) How We Share Information

We share information only as described below:

A. With Dental Practices and Authorized Agencies

We provide analytics and reporting to:

• the Practice that owns the data, and
  
  
• its authorized marketing agency users.
  
  

B. With Service Providers

We use vetted vendors to operate PatientLoop (e.g., hosting, monitoring, customer support tooling). They may access data only to provide services to us and must protect it under contract, including HIPAA obligations where applicable.

C. For Legal, Safety, and Compliance

We may disclose information if required by law, court order, or to protect rights, safety, and security (including demonstrating HIPAA compliance). 

D. Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality protections.

We do not sell personal data.

5) Cookies and Tracking Technologies

We use cookies and similar technologies to:

• keep you logged in,
  
  
• remember preferences, and
  
  
• analyze Service usage.
  
  

You can control cookies through your browser settings, though some features may not function properly without them.

Because PatientLoop supports healthcare marketing analytics, you must ensure any tracking deployed through your websites or landing pages complies with HIPAA and platform policies. 

6) Third-Party Platforms and Their Policies

PatientLoop relies on third-party platforms you connect. Your use of those platforms is governed by their terms.

• Google: You must not send PII/PHI or sensitive health data into Google Analytics/Ads.
  
  
• Meta: Meta has implemented healthcare data restrictions limiting use of sensitive health-related conversion data.
  
  

PatientLoop is not responsible for third-party availability, outages, API changes, or data accuracy.

7) Data Retention

We retain Customer Data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Upon termination, we will make Customer Data available for export for a limited period (where feasible), after which we may delete it unless required to retain it by law or contract.

8) Security

We implement administrative, physical, and technical safeguards designed to protect data, including PHI. No system can be guaranteed 100% secure.

You are responsible for:

• maintaining secure credentials,
  
  
• enabling MFA if provided,
  
  
• ensuring only authorized users access PatientLoop, and
  
  
• notifying us promptly of any suspected incident.
  
  

9) Rights and Choices

A. Business Users

You may:

• access and update your account/profile information,
  
  
• manage integration connections, and
  
  
• request export or deletion of Customer Data where contractually and legally permitted.
  
  

B. Patients

Patients do not use PatientLoop directly. Patient rights under HIPAA are handled through the relevant dental Practice’s patient-facing processes. PatientLoop supports Practices in fulfilling those rights when required under HIPAA and BAAs. 

10) Children’s Privacy

PatientLoop is not directed to children under 13 and we do not knowingly collect information from children. If you believe a child’s information was collected improperly, contact us.

11) International Users

PatientLoop is operated from the United States. If you access the Service from outside the U.S., you understand your information may be transferred to and processed in the U.S.

12) Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice via the Service or email. Continued use after the effective date means you accept the updated Policy.

13) Contact Us

Questions or requests about privacy or security can be sent to:

PatientLoop Privacy Team

Email: privacy@patientloop.com

Phone: 1-888-448-8149

Address: 5703 Oberlin Dr Ste 306, San Diego, CA 92121

‍