Plain-English summary
- No tracking cookies. We do not set cookies for analytics, advertising, or remarketing.
- No third-party analytics. We do not run Google Analytics, Facebook Pixel, Hotjar, or similar.
- No data sale, no data sharing for ads. DentalNPI does not sell, rent, or trade your information.
- Affiliate clicks store a hashed IP. When you click an affiliate link to a booking partner, we log the partner, the provider you came from, a truncated SHA-256 hash of your IP, and a truncated user-agent string. The IP itself is never stored.
- Mapbox serves the optional map on dentist profile pages. Their privacy policy applies to that embed.
Who is the data controller
DentalNPI (referred to as “we” / “us” in this policy) operates https://www.dentalnpi.com. For privacy questions or to exercise your rights, email contact@dentalnpi.com.
What we collect
Information you provide
Search queries on /search are processed server-side to return matching providers and are not persisted with an identifier linked to you.
Information collected automatically
- Server logs. Standard request logs from our hosting provider include your IP address, user agent, referrer, and the path you requested. These are retained for security and operational troubleshooting and rotated on a rolling basis (typically 30 days).
- Affiliate-click events. When you click a referral link to a booking or insurance partner, our redirect endpoint stores a single record containing: the provider NPI, the partner ID, an opaque click ID we generate, a 32-character SHA-256 hash of your IP (peppered with a non-public secret), and the first 512 characters of your user agent. We use this to verify referral attribution and detect abuse. The plain-text IP is never stored.
What we do not collect
We do not collect names, email addresses, phone numbers, payment information, health information, login credentials, browsing history across other sites, or location data. We do not maintain user accounts.
How we use information
- To return search results and render provider pages.
- To attribute affiliate referrals to the correct partner and prevent fraudulent click inflation.
- To diagnose performance and security issues from server logs.
- To generate aggregate, non-identifying statistics about which pages are popular.
We do not use your information for behavioral advertising, profiling, or automated decision-making with legal effect.
Third parties
- Hosting — pages are served from a US-based hosting provider, which processes your request and may temporarily log IP and user-agent for DDoS protection.
- Mapbox — when a dentist profile page renders the optional map, Mapbox serves map tiles directly to your browser. Their loading exposes your IP to Mapbox; see mapbox.com/legal/privacy.
- Affiliate partners — when you click a partner link, you are redirected to that partner's site. Their privacy policy applies to anything that happens after the redirect.
Your rights
Because we do not maintain identifiable accounts and the IP we store in lead-event records is irreversibly hashed, we generally cannot identify you in our database. If you have a specific question about data on you (for example, you submitted a complaint and want to know what we retained from that thread), email contact@dentalnpi.com.
Depending on where you live, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), the EU/UK General Data Protection Regulation (GDPR), or similar laws — including the right to access, delete, correct, or opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising; nonetheless, we honor verifiable requests within 30 days.
Children
This site is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from minors. If you believe a minor has provided personal information, contact us and we will delete it.
Security
We use HTTPS for all traffic, hashed IPs (peppered SHA-256) for affiliate-click records, parameterized SQL for all database queries, and least-privilege database roles. No system is perfectly secure, so we do not promise zero risk — but we follow industry-standard practices and disclose breaches as required by law.
Changes
We update this policy when our practices change. The “Last reviewed” date at the top reflects the most recent meaningful revision. Material changes will be announced in the site footer for at least 30 days.
Contact
Privacy questions, deletion requests, breach reports: contact@dentalnpi.com. See contact for response SLAs.