Skip to main content

Privacy Policy

Last Updated: March 15, 2026

EOXLABS LLC ("we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use DDSHARED and our related services.

Zero-Knowledge Architecture

DDSHARED is built on zero-knowledge encryption. Your files are encrypted client-side with AES-256-GCM before upload. Your encryption keys travel only in URL fragments — they are never sent to our servers. We cannot decrypt or access your files, even if compelled to do so. This is fundamental to our architecture, not a policy choice.

Information We Collect

Personal Information

Name, email address, billing address, and payment information when you create an account or make a purchase. Practice name and role when you register a dental practice.

Usage Data

Information about how you interact with our services, including IP address, browser type, device information, pages visited, and timestamps. We do not use third-party analytics tracking services.

Cookies & Local Storage

We use essential cookies and browser storage for authentication, session management, and user preferences. See our Cookie Policy for details.

How We Use Your Information

We use the information we collect to:

  • Process transactions and send related communications
  • Provide, maintain, and improve our services
  • Respond to customer service requests and support needs
  • Send administrative communications (with your consent, where required)
  • Monitor and analyze usage trends and preferences
  • Detect, prevent, and address technical issues or fraudulent activity
  • Comply with legal obligations, including HIPAA requirements

Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers

Third-party vendors who perform services on our behalf. These providers are contractually obligated to protect your information and are bound by Business Associate Agreements where applicable.

Legal Requirements

When required by law, regulation, legal process, or governmental request. Due to our zero-knowledge architecture, we cannot provide decrypted file contents even under legal compulsion.

Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Third-Party Services

We use the following third-party services that may process your information. Each provider is contractually obligated to protect your data:

Service Purpose Privacy Policy
Stripe Payment processing and subscription billing stripe.com/privacy
Supabase Authentication and database services supabase.com/privacy
Cloudflare CDN, file storage (R2), and edge computing cloudflare.com/privacypolicy
Vercel Web application hosting vercel.com/legal/privacy-policy
Resend Transactional email delivery resend.com/legal/privacy-policy
Google Fonts Typography rendering policies.google.com/privacy

HIPAA & Protected Health Information

DDSHARED is designed for HIPAA-compliant file sharing for dental practices. Due to our zero-knowledge architecture:

  • PHI is encrypted client-side before upload — our servers never see plaintext protected health information
  • Business Associate Agreements (BAAs) are included with every plan and executed digitally
  • Append-only audit logs track every file access for compliance reporting
  • Role-based access control enforces minimum necessary access to PHI

Data Security

We implement industry-standard security measures including AES-256-GCM client-side encryption, TLS 1.3 for transport, server-side encryption at rest, and strict access controls. Our zero-knowledge architecture provides defense-in-depth: even if our servers were compromised, your files remain encrypted with keys only you control.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. For HIPAA-regulated dental records, you control retention policies — we do not delete your encrypted files unless you request it.

Your Rights and Choices

Depending on your location, you may have the right to:

Access, correct, or delete your personal information
Opt out of marketing communications
Request data portability
Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@eoxlabs.io.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

EU/EEA Residents (GDPR)

If you are accessing our services from the European Union or European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Your information may be transferred to, stored, and processed in the United States where our servers are located. Contact us to exercise these rights.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, contact us at:

EOXLABS LLC

Email: support@eoxlabs.io

Website: https://eoxlabs.io

See also: Terms of Service · Cookie Policy · Full Legal Page