LEGAL · PRIVACY

Privacy Policy

How CHAIRSIDE collects, uses, and protects information across our website and platform. Patient PHI is governed separately by HIPAA and our Business Associate Agreements.

EFFECTIVE · APRIL 29, 2026 · VERSION 1.0 · BIT9 IT SOLUTIONS LLC

01 Scope & Your Privacy

Bit9 IT Solutions LLC, doing business as CHAIRSIDE (“CHAIRSIDE,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect information when dental practices, their team members, and visitors interact with the CHAIRSIDE platform and our website at chairsideplatform.ai.

A Note for Patients If you are a patient of a dental practice that uses CHAIRSIDE, your patient information is governed by your practice’s Notice of Privacy Practices and HIPAA — not this Privacy Policy. Direct questions about your records to your dental practice. CHAIRSIDE handles patient information as a Business Associate, in accordance with the BAA we sign with each practice.

02 Information We Collect

From Subscribed Practices

When a dental practice subscribes to CHAIRSIDE, we collect business contact information, billing details, and information about authorized users (name, email, phone, role, login credentials).

Patient Data via Practice Management Systems

With the practice’s authorization, we ingest data from the practice’s practice management system (Dentrix, Open Dental, Eaglesoft, etc.) through Sikka Software Corporation. This data may include patient demographics, clinical notes, treatment history, scheduling, billing, insurance information, and dental imaging. This information is PHI and is governed by HIPAA and the BAA between CHAIRSIDE and the practice.

Information You Provide Directly

When you contact us, request a demo, sign up for our newsletter, or interact with our website, we collect your name, email, phone, practice name, and any details you choose to share.

Automatically Collected

When you use the Service or visit our website, we automatically collect IP address, device and browser information, pages visited, time spent, login activity, and similar usage data. We use cookies and similar technologies — see Cookies & Tracking.

03 How We Use Information

We use information to:

  • Provide, maintain, and improve the Service
  • Authenticate users and secure accounts
  • Generate AI-assisted clinical decision support, summaries, treatment plan suggestions, and analytics for the practice
  • Process billing and manage subscriptions
  • Communicate about the Service — support, updates, security notices
  • Develop and improve our products, including by creating de-identified datasets
  • Comply with legal obligations and enforce our agreements
  • Send marketing communications you have consented to receive

04 AI Processing

The Service uses artificial intelligence to generate clinical decision support outputs, summaries, and analytics. AI processing is performed using third-party AI providers (currently Anthropic PBC) under written agreements that prohibit the AI provider from using practice data to train its general-purpose models.

AI Outputs are decision-support information only. All clinical decisions are the sole responsibility of the licensed clinician at your practice. See our Terms of Service for the full clinical decision support disclaimer.

05 Colorado AI Act Disclosure

This disclosure is provided in accordance with the Colorado Artificial Intelligence Act (C.R.S. §§ 6-1-1701 through 6-1-1707), which takes effect June 30, 2026.

AI Systems Identification

CHAIRSIDE develops and provides AI-assisted features within the Service that may be used by dental practices to inform clinical and administrative decisions, including AI-generated treatment plan suggestions, clinical and patient-history summaries, scheduling and operational recommendations, and analytics outputs.

Intended Uses

These AI features are intended to provide decision support to licensed clinicians and authorized practice staff. They are not intended to replace independent clinical judgment, and they are not intended to make autonomous diagnostic, treatment, prescribing, or coverage decisions.

Known Limitations

AI Outputs may contain errors, omissions, or inaccuracies. They are generated based on patterns in data provided by the practice and may not reflect the most current clinical guidelines, individual patient context, or factors not captured in the data. AI Outputs are not a substitute for examination by a licensed clinician.

Risk Management

CHAIRSIDE has implemented and maintains measures designed to identify, document, and mitigate known or reasonably foreseeable risks of algorithmic discrimination, including:

  • Testing of AI features prior to release
  • Ongoing monitoring of outputs
  • Data governance procedures applied to training data sources
  • Human-in-the-loop design that requires clinician review of AI Outputs before any clinical action

Notice When Interacting With AI

Where AI features of the Service interact directly with consumers, CHAIRSIDE provides configurable in-product notifications informing the consumer that they are interacting with an AI system. Practices using the Service are responsible for enabling and presenting these notifications as required by law.

Consumer Rights

If you are a Colorado consumer (including a patient of a Colorado dental practice using the Service) and an AI feature has been a substantial factor in a consequential decision affecting your access to, or the cost or terms of, healthcare services, you may have rights under the Colorado AI Act, including:

  • The right to be notified of the use of AI in the decision
  • The right to be informed of the principal reasons for the decision
  • The right to appeal an adverse decision where required by law

Because the practice (not CHAIRSIDE) is the entity making clinical and administrative decisions about patient care, direct any such requests to your dental practice. CHAIRSIDE supports practices in responding to these requests as required by law.

06 How We Share Information

We do not sell personal information or PHI. We share information only as follows:

Service Providers

We share information with third-party service providers that help us deliver the Service, bound by written contracts that restrict their use of information and require appropriate safeguards. Where required, these providers have signed BAAs with us.

Within the Practice

Information is shared among authorized users of the same practice in accordance with the practice’s configuration of the Service.

Legal Requirements

We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.

Business Transfers

If CHAIRSIDE is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of the transaction. We will notify affected practices to the extent required by law.

De-Identified Data

We may use, share, and commercialize de-identified information that does not identify any individual or practice in accordance with applicable law and the BAA.

07 Subprocessors

We use the following subprocessors to deliver the Service:

Provider Purpose Location BAA
Amazon Web Services (AWS) Cloud infrastructure, database hosting, encrypted storage United States Yes
Anthropic PBC AI processing for clinical decision support United States Yes
Sikka Software Corporation Practice management system data integration United States Yes

An up-to-date list is maintained at chairsideplatform.ai/subprocessors.

08 Data Retention

We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. PHI is retained in accordance with the BAA and HIPAA. Upon termination of a practice’s subscription, we will return or destroy PHI in accordance with the BAA. De-identified data may be retained indefinitely.

09 Security

We implement administrative, physical, and technical safeguards designed to protect information, including:

  • Encryption of data at rest and in transit using managed key infrastructure
  • Access controls and multi-factor authentication
  • Audit logging
  • Regular security assessments and dependency monitoring
  • Workforce training on HIPAA and security best practices
  • Incident response and breach notification procedures

While we strive to protect information, no system is completely secure. We cannot guarantee the absolute security of any information.

10 Your Rights & Choices

Practice Personnel

Authorized users may update account information through the Service or by contacting CHAIRSIDE support. To request deletion of your account, contact your practice administrator or CHAIRSIDE support.

Patients

Patients should direct any requests regarding their PHI — including access, amendment, and accounting of disclosures under HIPAA — to their dental practice.

Marketing Communications

You may opt out of marketing emails using the unsubscribe link in those emails or by contacting us. Even after opting out, we may still send transactional or service-related communications (such as security alerts).

11 State Privacy Rights

Residents of certain states (including California, Colorado, Connecticut, Utah, and Virginia) may have additional rights with respect to personal information under applicable state law, including the rights to access, correct, delete, and obtain a portable copy of personal information, and to opt out of certain processing activities.

These state privacy rights generally do not apply to PHI, which is governed by HIPAA. To exercise applicable state-law rights or appeal a denial of a request, contact us at support@bit9itsolutions.com.

12 Children's Privacy

The Service is not directed to individuals under thirteen (13) years of age. We do not knowingly collect personal information from children outside of PHI provided by a dental practice in connection with treating pediatric patients — which is governed by HIPAA and the practice’s privacy practices, not by this Privacy Policy.

13 International Users

The Service is operated from and intended for use within the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

14 Cookies & Tracking

We use cookies and similar technologies on our website and within the Service for:

  • Essential cookies — authentication, session management, security
  • Functional cookies — remembering preferences and settings
  • Analytics cookies — understanding site usage to improve the Service

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

15 Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be posted at chairsideplatform.ai/privacy with a new effective date. Material changes will be communicated to subscribed practices in advance.

16 Contact Us

Bit9 IT Solutions LLC d/b/a CHAIRSIDE
Attn: Privacy Officer
Colorado
Email: support@bit9itsolutions.com