Last updated: March 2026

Privacy Policy

This Privacy Policy describes how Sightline DX (“we,” “us,” or “our”) collects, uses, and protects information in connection with the Sightline DX platform and related services.

1. Overview

Sightline DX is a B2B SaaS platform that provides dental industry intelligence, practice analytics, and acquisition research tools to dental service organizations, private equity firms, dental group operators, and individual dental professionals (collectively, “Customers”).

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, you may not use the Service. This Policy applies to all users of the platform, including individual account holders and members of organizational workspaces.

This Policy does not apply to data about dental practices themselves (such as publicly available business information). Section 5 describes how we handle that category of data separately.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

When you create an account, we collect the information you provide through our authentication provider, Clerk. This includes:

  • Your name and email address
  • Authentication credentials (passwords are hashed by Clerk; we never see them)
  • Organization name and role, if you create or join a workspace
  • Profile information you optionally provide (title, firm name, phone)

2.2 Usage & Activity Data

We automatically collect data about how you use the Service:

  • Pages visited, features used, and actions taken within the platform
  • Search queries (geographic areas, practice names) submitted through the UI
  • Scan configurations, polygon definitions, and filter preferences
  • Timestamps of key actions (scan creation, crawl requests, report generation)
  • CRM pipeline activity (stage changes, notes, follow-up dates)
  • Outreach drafts and email personalization data you enter

2.3 Billing & Payment Data

If you subscribe to a paid plan, billing is handled by our payment processor, Stripe. We do not collect or store credit card numbers or banking information. We receive and store:

  • Stripe Customer ID and Subscription ID (opaque references, not payment details)
  • Subscription tier and status (free, pro, enterprise)
  • Billing email associated with your Stripe account

2.4 API Cost & Usage Metrics

For operational purposes, we log the API calls your workspace generates through the platform, including estimated cost, token counts, and the event type (e.g., “crawl-extraction,” “email-draft”). This data is used for internal cost management, billing validation, and service optimization. It is never shared with third parties.

2.5 Technical & Device Data

We may collect standard technical data including IP address, browser type, operating system, and referrer URL. This data is used for security monitoring, debugging, and analytics. We do not build individual behavioral profiles from this data.

2.6 Sender Profile Data

If you use the outreach features, you may optionally enter a sender profile including your name, title, firm, phone, email, and scheduling links. This information is used solely to personalize AI-generated email drafts within your account. It is not used for any other purpose.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Authenticate your identity and maintain your session
  • Provision and operate your workspace
  • Execute scan jobs, crawl dental practice websites, and generate scores and reports
  • Store and display your CRM pipeline data, outreach drafts, and personalization settings
  • Process subscription upgrades and manage feature access

3.2 Product Improvement

  • Analyze aggregate usage patterns to improve platform features and performance
  • Monitor error rates, latency, and API costs to maintain service quality
  • Prioritize product roadmap decisions based on feature adoption

We do not use individual user data to train AI models or sell insights to third parties.

3.3 Communications

  • Send transactional emails (account confirmation, billing receipts) via Clerk and Stripe
  • Respond to support requests and inquiries you submit
  • Notify you of material changes to the Service or this Policy

We do not send marketing emails without your opt-in consent. If we introduce a marketing communications program, you will be given the opportunity to opt in separately.

3.4 Security & Compliance

  • Detect and prevent unauthorized access, fraud, or abuse
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations and respond to lawful requests from authorities

4. Third-Party Services

The Service integrates with several third-party providers. By using the Service, you acknowledge that data may be transmitted to these providers as described below. We select providers that meet our standards for data handling and security.

Clerk

Authentication and identity management. Handles user sign-in, session tokens, and organization management. Clerk stores your email, name, and hashed credentials.

Privacy Policy

Stripe

Subscription billing and payment processing. Handles all payment card data. We receive only opaque customer and subscription references.

Privacy Policy

Google Places API

Retrieves publicly available dental practice business data (name, address, phone, rating, reviews) for scan results. Queries are scoped to geographic areas you define.

Privacy Policy

Mapbox

Interactive map rendering and geographic polygon tools. Map interactions may transmit viewport and tile request data to Mapbox servers.

Privacy Policy

Anthropic (Claude)

AI-powered extraction of dental practice data from websites, review summarization, and outreach email drafting. Webpage content from crawled practice sites is sent to Anthropic's API. Anthropic does not use API inputs to train its models.

Privacy Policy

U.S. Census Bureau (ACS)

Public demographic data (income, age, population) fetched by practice location for market intelligence. No personal data is transmitted to the Census API.

Privacy Policy

We do not sell access to our third-party integrations to other customers and do not permit third-party providers to use your data for their own marketing or advertising purposes beyond what is described in their respective privacy policies.

5. Practice & Market Data

A core function of Sightline DX is collecting and processing information about dental practices. This section explains how that data is handled.

5.1 Sources of Practice Data

  • Google Places API — publicly listed business information (name, address, phone, hours, ratings, reviews)
  • Practice websites — publicly accessible web pages crawled using a headless browser (Playwright); data extracted includes provider names, services, insurance, scheduling, and social media links
  • OIG LEIE database — the publicly available Office of Inspector General List of Excluded Individuals and Entities, checked for named providers
  • U.S. Census ACS — public demographic and economic data by census tract

5.2 Nature of Practice Data

Practice data collected by Sightline DX consists of publicly available business information. It is not personal data in the consumer privacy sense; it describes commercial entities and licensed professionals in their professional capacity. Provider names associated with practices are professional identifiers sourced from public-facing business listings and practice websites.

5.3 Data Ownership by Customer

Scan results, CRM records, annotations, notes, and outreach drafts created by your workspace belong to you. Upon termination of your account, you may request a data export in CSV format within 30 days. After 30 days post-termination, your workspace data may be permanently deleted.

5.4 Aggregated Insights

We may compute aggregated, de-identified statistics across the platform (e.g., average scores by region, adoption rates of scheduling systems) for internal analysis or product development. These aggregated insights do not identify individual users or specific practice records tied to a customer workspace.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We do not sell or license practice intelligence data compiled within your workspace to other customers.

We may share information in the following limited circumstances:

  • Service providers — as described in Section 4, data is shared with third-party infrastructure providers (Clerk, Stripe, Anthropic, Mapbox, Google) solely to operate the Service
  • Legal obligations — if required by law, court order, or government request, or to protect the rights, property, or safety of Sightline DX, our customers, or the public
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred to a successor entity. We will notify you via email or prominent notice on the Service prior to such transfer and give you the opportunity to delete your account
  • With your consent — for any other sharing not described here, we will seek your explicit consent first

7. Data Retention

7.1 Account Data

Account information is retained for the duration of your subscription plus a reasonable period to resolve disputes and comply with legal obligations (typically 90 days after account deletion).

7.2 Workspace & Scan Data

Scan results, CRM records, and market intelligence data are retained indefinitely while your account is active. If your subscription lapses, data is retained for 90 days in a suspended state during which you may reactivate or export. After 90 days, workspace data may be permanently deleted.

7.3 API Usage Logs

API cost and usage logs are retained for 24 months for billing audit purposes and are then deleted or anonymized.

7.4 Billing Records

Stripe transaction records are subject to Stripe's own retention policies, which may require retaining certain financial data for up to 7 years for tax and compliance purposes.

7.5 Deletion Requests

You may request deletion of your personal data at any time by contacting us at briantoh888@gmail.com. We will complete deletion within 30 days, except for data we are required to retain by law or for legitimate business purposes (e.g., resolving an open billing dispute).

8. Security

We implement industry-standard technical and organizational measures to protect your information:

  • All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
  • Authentication is managed by Clerk, which provides bcrypt password hashing, secure session management, and supports multi-factor authentication
  • Our database is hosted on a managed PostgreSQL service with encryption at rest and access controls limiting exposure to application infrastructure only
  • API keys and secrets are stored as environment variables, never hardcoded in the application
  • Workspace data is scoped by workspace ID at the database query level — users can only access their own organization's data
  • Access to administrative functions is restricted to specifically authorized email addresses

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a data breach that affects your personal data, we will notify you in accordance with applicable law.

If you discover a security vulnerability, please report it to briantoh888@gmail.com. We appreciate responsible disclosure and will work with you to address the issue promptly.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you
CorrectionRequest correction of inaccurate or incomplete personal data
DeletionRequest deletion of your personal data (the "right to be forgotten"), subject to legal and contractual retention obligations
PortabilityRequest your workspace data in a machine-readable format (CSV export)
ObjectionObject to processing of your data for certain purposes, such as analytics
RestrictionRequest that we limit processing of your data in certain circumstances

To exercise any of these rights, contact us at briantoh888@gmail.com with your request. We will respond within 30 days. We may need to verify your identity before processing certain requests.

If you are located in the European Economic Area (EEA) or United Kingdom, you may also have the right to lodge a complaint with your local data protection authority. We are committed to cooperating with applicable regulatory authorities to resolve any complaints that cannot be resolved directly between us.

10. Cookies & Tracking

10.1 Session Cookies

Sightline DX uses session cookies to maintain your authenticated state. These cookies are set by Clerk and are strictly necessary for the Service to function. They cannot be disabled without logging out of the platform. Session cookies do not track you across third-party websites.

10.2 Functional Cookies

We may use cookies to remember user preferences such as selected polygon, active organization, or filter settings. These are first-party cookies scoped to the Sightline DX domain.

10.3 Analytics

We do not currently use third-party analytics trackers (e.g., Google Analytics, Mixpanel) that set cross-site tracking cookies. If we introduce analytics tooling in the future, we will update this Policy and provide appropriate notice.

10.4 No Ad Tracking

We do not use advertising cookies or tracking pixels. We do not share data with advertising networks. The Service contains no display advertisements.

Most browsers allow you to control cookies through their settings. Blocking session cookies will prevent you from logging in to the Service.

11. Children's Privacy

Sightline DX is a professional B2B platform intended solely for business use by adults. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. If you believe we have collected information from a child, please contact us at briantoh888@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post the revised Policy on this page
  • Send a notification email to the primary contact email on file for your account

Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Policy. If you do not agree to the updated Policy, you should discontinue use and may request deletion of your account.

For minor changes that do not materially affect your rights (e.g., typographical corrections, clarifications), we may update the Policy without separate notice.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us:

Sightline DX

Email: briantoh888@gmail.com

We endeavor to respond to all privacy-related inquiries within 5 business days. For deletion or data access requests, please allow up to 30 days for processing.

← Back to homeTerms of Service →
?

Help & Documentation

Contact Support →