Privacy Policy.

Last updated · May 28, 2026

This Privacy Policy explains how Bagheera AI LLC (“Bagheera AI,” “we,” “us,” or “our”) collects, uses, stores, protects, and shares information when we operate our software platform on behalf of dental practices in the United States. We are a Florida limited liability company with our principal place of business at 215 W College Ave #601, Tallahassee, FL 32301.

1. Who we are, and what we do

Bagheera AI is a business-to-business (B2B) software platform that helps dental practices follow up with their patients who have unscheduled treatment plans. We are the technology vendor; the dental practice is the healthcare provider. Under HIPAA, the dental practice is a Covered Entity, and Bagheera AI is its Business Associate, operating under a signed Business Associate Agreement (BAA).

2. Information we receive

On behalf of each dental practice customer, Bagheera AI receives the following categories of information from that practice’s practice management system (PMS):

• Patient identifiers — first and last name, date of birth, mobile phone number, and email address (if available).
• Treatment plan information — recommended procedures, treatment status (open/accepted/declined), and associated fees.
• Appointment information — past, upcoming, and rescheduled appointment dates and statuses.
• SMS consent status — whether the patient has provided written consent to receive SMS messages from the practice.
• SMS communications — the content of outbound and inbound SMS messages sent on the practice’s behalf, including replies and opt-out keywords.

This information may include Protected Health Information (PHI) as defined under HIPAA. We handle PHI strictly in accordance with our BAA with the dental practice and applicable law.

3. How we use information

We use the information described above solely to operate the Bagheera AI platform on behalf of the dental practice, which includes:

• Identifying patients who are eligible to receive a Treatment Chaser follow-up message.
• Composing and sending personalized SMS messages on behalf of the practice.
• Receiving, recording, and routing patient replies and opt-outs.
• Maintaining an audit trail of every message sent, received, and opt-out received.
• Providing the practice with metrics and reports about platform performance.
• Detecting and preventing abuse, fraud, and unauthorized access.

We do not use patient information for our own marketing, for training general-purpose AI models, or for any purpose unrelated to providing the contracted service to the dental practice.

4. SMS-specific privacy commitments

In addition:

• SMS messages are sent only to patients who have provided affirmative, written, prior express consent on the dental practice’s intake form, with an unchecked default checkbox.
• Patients can unsubscribe at any time by replying STOP, UNSUBSCRIBE, or CANCEL to any message. Opt-outs are permanent and immutable.
• Outbound SMS content is limited to non-clinical follow-up text. Procedure codes, costs, and clinical details are not sent over SMS.

5. How we share information

We share information only as necessary to operate the platform, and only with parties that have entered into appropriate confidentiality and (where applicable) Business Associate Agreements with us. These categories include:

• Cloud infrastructure providers that host our application and database, under signed BAAs.
• Practice management system integration partners that connect our platform to the dental practice’s PMS, under signed BAAs.
• SMS carriers and aggregators that deliver text messages to patient phones. These providers act as conduits and/or business associates under their own contractual obligations.

We never share information with third parties for marketing, advertising, analytics, retargeting, or for sale.

6. How we protect information

• All patient data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Access to the database is scoped per practice and requires authenticated service accounts. No human credentials are used in production.
• Logs and error messages reference internal IDs only and do not contain patient identifiers or clinical details.
• We follow the principle of least privilege: every system component has only the permissions it requires to do its job.

7. Data retention

Patient information is retained for as long as we are providing services to the dental practice, plus a reasonable period thereafter for audit, billing, and legal purposes. SMS message bodies are retained for 24 months. Opt-out records are retained indefinitely, as required by HIPAA and carrier rules.

Upon termination of our agreement with the dental practice, we will return or destroy all patient information in accordance with the BAA, except as required to be retained by law.

8. Your rights

If you are a patient of a dental practice that uses Bagheera AI and you wish to exercise any rights with respect to your information — including access, correction, or deletion — please contact the dental practice directly, as they are the Covered Entity and the data controller for your information. You may also contact us at hello@bagheera-ai.com and we will work with the practice to honor your request.

9. Children’s privacy

Our platform is operated solely on behalf of dental practices and is not directed to children under 13. We do not knowingly collect personal information from children except as part of records the dental practice maintains for their own patients of any age, in which case that information is treated under HIPAA.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated to dental practice customers in advance via email.

11. Contact us

For questions about this Privacy Policy, our HIPAA practices, or any privacy concern:

Bagheera AI LLC
215 W College Ave #601
Tallahassee, FL 32301
United States

Email: hello@bagheera-ai.com
Phone: (734) 474-9277