Privacy Policy

Version 2026-06-10.5 · Effective June 10, 2026

This Privacy Policy explains, in as much detail as we can give, what information the Chairside service (the “Service”) handles, why, who else is involved, how long it is kept, how it is protected, and the choices and rights you have. It is provided by Penusila Digital Solutions LLC, a Texas limited liability company (“Chairside,” “we,” “us”), and forms part of, and is governed by, the Terms of Service. Capitalized terms not defined here have the meaning given in the Terms.

1. The short version

No analytics, no advertising, no trackers, no sale of data — ever. We do not monetize your information in any way.
Your Workspace is stored under your own practice account, fenced by row-level security, and used for nothing except delivering the Service back to you.
We use a small, fixed set of infrastructure Providers (Supabase, Cloudflare, Google Fonts) and name every one of them in Section 8.
Staff PINs are never stored — only salted PBKDF2-SHA256 hashes computed in your browser. The Account password is handled by our authentication Provider and we never see it in readable form.
The Service is not for patient health information, and you agree not to put any in it.
This is a plain-English summary; the sections below control.

2. Who this applies to, and our role

This policy covers the Chairside application at chairsidepm.com (including the landing page and the app), and the account and synchronization features. With respect to the Workspace and to Authorized Users' personal data, the Practice is the controller (it decides what data goes in and why) and Chairside is a processor acting on the Practice's instructions. The Practice is responsible for giving its own staff any privacy notices and for collecting any consents that applicable law requires. For our own limited purposes — operating, securing, and supporting the Service — we act as a controller of the Account-level and technical data described below.

3. Information the Service handles

a. Account information. When the Practice creates an account, our authentication Provider stores the account email address and a securely hashed form of the password. We never receive or store your plaintext password. We also keep basic authentication metadata such as account identifiers, email-confirmation status, and sign-in timestamps.

b. Workspace content. The Service stores the operational content you enter, as a record tied to your account, including: the practice name; staff names and roles (and any custom roles); routines and tasks (titles, notes, due times, days, priority flags, and numeric tally goals and counts); schedules and office hours; time-clock punches (clock-in/out times and any early-clock-out reasons); time-off requests, reasons, coverage, and approvals; reminders; permission and visibility grants; the practice's record of acceptance of the Terms (version, timestamp, and the name of the person who accepted); and reporting derived from the above.

c. Staff PINs. Authorized Users sign in with a PIN. PINs are never stored. Only a salted PBKDF2-SHA256 hash (150,000 iterations) computed in the browser is kept, which cannot be reversed to recover the PIN.

d. Local cache (offline cache). The browser on each signed-in device keeps a copy of the Workspace in its local storage as an offline cache, so the board keeps working through a dropped connection, plus a short-lived session record in session storage to keep you signed in until the tab closes or the session times out. The offline cache is cleared when the account signs out on that device, and can also be cleared by clearing the browser's site data.

e. Billing information. Chairside is a paid subscription. When you subscribe, you provide your payment details (such as card information) directly to our payment processor, Stripe; we do not receive or store your full card number. From Stripe we receive only limited billing metadata — for example your plan, subscription status, billing email, the card brand and last four digits, and amounts and dates of charges — which we use to manage your subscription and keep the records the law requires.

f. Technical and connection data. Like any website, when pages and resources load, our hosting and content-delivery Provider and the fonts Provider necessarily receive standard request data — such as IP address, user-agent string, requested URL, and timestamps — to route, secure, and deliver the response. We do not use this data to build profiles or to track you across sites.

4. What we never collect

We do not collect or generate: behavioral or usage analytics; advertising or marketing identifiers; cross-site tracking data; device fingerprints; precise geolocation; contact lists; or marketing profiles. The Service sets no tracking or advertising cookies. It uses only the browser's own local storage and session storage, for the functional purposes described in Section 3(d). A strict Content-Security-Policy blocks third-party and inline scripts on the application pages.

5. Patient health information

The Service is operational staff-tasking software, not a patient-records system. It is not designed or offered for protected health information (PHI), we do not knowingly collect PHI, we are not a HIPAA business associate, and we do not offer Business Associate Agreements. Under the Terms of Service, the Practice agrees not to enter PHI; anything the Practice types into free-text fields is under the Practice's sole control and responsibility. If we become aware of data we believe to be PHI, we may remove it and/or suspend the account.

6. How and why we use information, and our legal bases

We use the information above only for these purposes:

To provide the Service — authenticate the account, store and synchronize the Workspace across devices, and show it back to you. Legal basis: performance of our contract with you.
To secure the Service — protect against unauthorized access, abuse, and fraud, including rate-limiting and lockouts. Legal basis: our legitimate interests and legal obligations.
To bill you — process subscription payments through Stripe, manage renewals and cancellations, and keep billing and tax records. Legal basis: performance of our contract and legal obligation.
To support you — respond to your requests and send rare, strictly service-related messages (for example, a security notice, a billing notice, or a material change to the Terms). Legal basis: legitimate interests / contract.
To comply with law — meet legal obligations and respond to lawful requests. Legal basis: legal obligation.

We do not use your data to train artificial-intelligence or machine-learning models, to build profiles, to advertise, or to sell or rent to anyone. We have no legitimate interest in, and do not engage in, any such use.

7. Cookies, local storage, and similar technologies

The Service does not use advertising or analytics cookies. It relies on: (a) local storage to hold the offline cache of the Workspace and the configuration the app needs to run; and (b) session storage to keep an Authorized User signed in until the browser tab closes or the idle timeout elapses. Our infrastructure Providers may set strictly necessary cookies or tokens required for security and to keep you authenticated. You can clear local and session storage at any time through your browser; doing so signs you out and removes the offline cache on that device.

8. Providers and sub-processors — who else touches data

Chairside relies on a small, fixed set of third-party Providers — these and no others — each acting as our processor or sub-processor and handling data only to deliver the Service:

Supabase, Inc. — provides account authentication and the database that holds your Workspace row. Access is fenced by row-level security so each account can reach only its own row, and all traffic uses TLS. Supabase receives the account email, the hashed password, the Workspace data, and authentication and connection metadata.
Cloudflare, Inc. — hosts and serves the application at chairsidepm.com and sits in front of all traffic as the network edge, content-delivery network (CDN), and DNS provider, and supplies the site's TLS certificate. As host and CDN, Cloudflare processes the connection metadata (IP address, user-agent, requested URL, timestamps) needed to route, secure, and deliver every request.
Stripe, Inc. — processes subscription payments. When you subscribe, your payment-method details go directly to Stripe, which acts as the payment processor and as a controller of that payment data under its own privacy policy. We receive only the limited billing metadata described in Section 3(e) and never the full card number.
Google LLC (Google Fonts) — the pages load two font families from Google's servers, which receive the standard web request (including IP address and user-agent) needed to deliver the font files.
Marketing-page video (content-delivery network) — the public landing page embeds a short promotional clip served from a CDN; loading that page sends the CDN the standard request data needed to stream the file. The application itself (app.html) loads no such media.

These Providers operate their own infrastructure and are bound by their own terms and privacy and security commitments. We may change, add, or remove Providers as the Service evolves and will keep this list current here. Apart from these Providers, we do not share, disclose, sell, rent, or trade your information with anyone, except: (a) to comply with law, legal process, or enforceable governmental request; (b) to protect the rights, property, or safety of you, us, or others, or to investigate fraud or a security incident; or (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the successor to honor this policy and will notify you of any change of controller. Where lawful, we will give you notice before disclosing your data in response to legal process.

9. International data transfers

We and our Providers are based in, and primarily process data in, the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States and other countries where we or our Providers operate, which may have data-protection laws different from those in your jurisdiction. Where required, transfers rely on appropriate safeguards such as the Providers' standard contractual clauses.

10. Data retention

Workspace and account: retained for as long as the account exists, so the Service can show your data back to you. When you delete the Workspace or the account, the associated cloud data is deleted as described in Section 11.
Offline cache: persists on a device only until the account signs out there or the browser's site data is cleared.
Security and operational logs held by our Providers (such as connection logs) are retained for the limited period those Providers keep them for security and reliability.
Billing records (invoices, payment metadata) are retained as long as required for accounting, tax, and legal purposes, even after the account is closed.
We may retain limited records longer where necessary to comply with law, resolve disputes, or enforce our agreements.

11. Deleting your data

You can read and edit everything the Service holds about the Practice directly in the app, and remove staff, tasks, and other records there. To delete the cloud copy of the Workspace and the account itself, contact us at the address in Section 16; we will delete them within 30 days, except for records we are required to keep by law. Signing out clears the offline cache on that device. Because the offline cache lives on your own devices, you control its deletion through your browser.

12. Security

PINs and passwords are never stored in readable form; PINs are salted PBKDF2-SHA256 hashes (150,000 iterations) computed in the browser, and the account password is held only as a secure hash by our authentication Provider.
Sessions are held in session storage and expire when the tab closes; idle sessions lock after 15 minutes; repeated wrong PINs trigger a temporary lockout.
A strict Content-Security-Policy blocks third-party and inline scripts; every input is validated and output is escaped; cloud rows are guarded by row-level security; and all traffic to our Providers uses TLS.
Role- and permission-based access controls are enforced in the data layer, not merely hidden in the interface.
No system is perfectly secure. We cannot guarantee absolute security, which is one reason the Service must never hold PHI. You are responsible for safeguarding credentials and the devices you use.

13. Your privacy rights

Depending on where you live, you may have rights over personal data, including the rights to access, correct, delete, restrict or object to processing, and to data portability, and the right not to be discriminated against for exercising them. Because the Practice is the controller of the Workspace and of Authorized Users' data, staff should direct requests to their Practice in the first instance; we will assist the Practice with data held in our systems. You can exercise rights, or ask us to help, by contacting us at the address in Section 16; we will respond as required by applicable law and may need to verify your identity first.

For residents of California (CCPA/CPRA): in the prior 12 months we have not sold or “shared” personal information as those terms are defined, and we do not use or disclose sensitive personal information for purposes requiring a right to limit. The categories we handle, our purposes, and the Providers we disclose to for business purposes are described in Sections 3, 6, and 8. California residents may exercise access, deletion, correction, and opt-out rights as above, and may use an authorized agent.

For residents of Texas and other U.S. states with comprehensive privacy laws (for example, the Texas Data Privacy and Security Act): you have analogous rights of access, correction, deletion, portability, and to opt out of targeted advertising, sale, and certain profiling. We do not engage in targeted advertising, the sale of personal data, or such profiling. You may appeal a decision on a request by replying to our response.

For individuals in the EEA/UK: where the GDPR or UK GDPR applies and we act as processor, we assist the Practice (as controller) in responding to data-subject requests; where we act as controller, you may exercise the rights above and may lodge a complaint with your supervisory authority.

14. Children

The Service is workplace software for dental practices and is not directed to children. It is not intended for, and we do not knowingly collect personal information from, anyone under 16. If you believe a child's information has been provided to us, contact us and we will delete it.

15. Changes to this policy

We may update this policy from time to time. When we do, we will revise the version identifier and effective date at the top and post the updated policy here, and for material changes we will use reasonable efforts to provide additional notice within the Service. Your continued use after the effective date constitutes acceptance of the updated policy.

16. Contact us

For privacy questions, requests, or to exercise a right:
Penusila Digital Solutions LLC (Texas, U.S.A.)
bobitho69@gmail.com

We will respond within the time required by applicable law. If you are unsatisfied with our response, you may have the right to contact your local data-protection or consumer-protection authority.