Legal
Privacy Policy
Last updated: June 10, 2026
The short version
- This website runs no ads, no analytics, and no tracking — and sets no cookies.
- Patient information is processed only on behalf of your dental practice, under a Business Associate Agreement, inside our HIPAA-compliant environment. It never goes to outside AI services.
- Voice recordings are deleted automatically after a limited window.
- Questions or deletion requests: info@gtron.ai.
1. Who we are
DentFlow is built and operated by GTRON, LLC ("we", "us"), based in Denver, Colorado. DentFlow listens to dental visits and turns them into clinical notes, treatment plans, and procedure codes for review by the practice's team. You can reach us anytime at info@gtron.ai.
2. What this policy covers
This policy describes how we handle information about three groups of people:
- Website visitors — anyone browsing this site.
- Practice users — dentists, front desk, and office staff who use the DentFlow product, currently through our pilot program.
- Patients — people whose health information passes through DentFlow because their dental practice uses it. This information is protected health information ("PHI") governed by HIPAA, our Business Associate Agreement with the practice, and the practice's own Notice of Privacy Practices.
3. Website visitors
We keep this simple, because the site itself is simple:
- We run no analytics, advertising, or tracking scripts on this website.
- The site has no forms. If you contact us by email or phone, you choose what to share, and we use it only to respond to you.
- Fonts and icons are loaded from third-party content delivery networks (Google Fonts and unpkg). Like any web request, those services receive your IP address in order to deliver the files. We don't receive anything from them about you.
4. Cookies
This website sets no cookies. None — not analytics, not advertising, not preferences.
The DentFlow product (the application practices sign in to) uses only strictly necessary session credentials to keep you signed in securely. It uses no advertising or cross-site tracking cookies of any kind.
5. Practice users
When your practice uses DentFlow, we collect what's needed to run the service for you:
- Your name, work email, role (for example, dentist or front desk), and sign-in records.
- Usage and audit logs — a record of who accessed or changed what, and when. HIPAA requires this, and it protects your practice too.
- Support and feedback conversations, especially during the pilot.
We use this information to operate, secure, and improve DentFlow. We never sell it.
6. Patient information (PHI)
Patient information is the heart of what DentFlow protects. Our commitments:
- We process PHI solely on behalf of your dental practice, as a business associate under HIPAA, governed by a Business Associate Agreement (BAA) with each practice.
- PHI is stored and processed inside our secured cloud environment (Amazon Web Services, in the United States) and does not leave that environment.
- Our AI runs on AWS Bedrock inside that same boundary. We never send patient data to outside AI services.
- DentFlow drafts — your team approves. Nothing is filed, billed, or synced to your practice management system without a person on the practice's team signing off.
- Email notifications to practice staff never contain patient details.
If you're a patient: your dental practice controls your records. Privacy questions or requests about your information should go to your practice, and we'll support them in responding.
7. Voice recordings
Voice recordings from visits are kept only for a limited window after the visit's documentation is finalized — 30 days by default, configurable by your practice — and are then deleted automatically. Within that window, recordings stay inside our secured environment and are used only for transcription, troubleshooting, and improving accuracy.
8. How we protect information
- Encryption in transit and at rest.
- Each practice's data is isolated from every other practice's, enforced at the database level.
- Least-privilege access controls — access to PHI is limited to what's necessary.
- A complete audit trail of data access, changes, and AI activity.
9. When we share information
We do not sell or rent anyone's information. We share it only with:
- Service providers that host and power DentFlow — principally Amazon Web Services, and our practice-management-system integration partner (Sikka) when your practice connects its PMS. Providers that touch PHI are bound by appropriate agreements.
- Legal requirements — if we're required to by law, or to protect rights and safety.
- A successor — if our business is ever acquired or reorganized, under the same protections.
10. Data retention and deletion
- Voice recordings delete automatically after the retention window described above.
- Clinical records (notes, plans, codes) are retained on behalf of your practice, per its instructions and applicable record-keeping laws.
- Account information is kept while your practice uses DentFlow and deleted or de-identified after termination, except where the law requires us to keep it.
To request deletion of your data, email info@gtron.ai with the subject "Data deletion request". If your request involves patient records, we'll coordinate with your dental practice, since the practice controls those records. We respond to all requests within 30 days.
11. Your rights
Depending on where you live, you may have the right to access, correct, or delete personal information we hold about you. Email info@gtron.ai and we'll honor those rights. For PHI, HIPAA gives patients specific rights — including access to their records — which are exercised through their dental practice.
12. Children
This website and the DentFlow product are intended for dental professionals, not children. Patient records handled through DentFlow may include minors' information; that information is PHI handled on behalf of the practice under HIPAA, as described above.
13. Changes to this policy
If we change this policy, we'll update it here and revise the date at the top. For meaningful changes affecting pilot practices, we'll tell you directly.
14. Contact
Anything at all: info@gtron.ai.