Privacy Policy | Retaine

1. Data We Collect

Retaine collects information you provide directly, including your name, email address, practice name, role, phone number, and information about your practice management software. When you use our platform, we also collect treatment plan data synced from your PMS, patient contact information, message delivery and engagement data, and usage analytics.

2. How We Use Your Data

We use your information to provide and improve our treatment plan follow-up services, send automated patient communications on your behalf, generate analytics and revenue recovery reports, communicate with you about your account and our services, and ensure compliance with HIPAA and other applicable regulations.

3. HIPAA Compliance

Retaine is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We sign a Business Associate Agreement (BAA) with every customer practice. Protected Health Information (PHI) is encrypted at rest using AES-256 and in transit using TLS 1.2+. PHI is never included in outbound SMS or email messages — patients access treatment details only through secure, token-based portal links.

4. Third-Party Services

We use the following third-party services to deliver our platform:

Supabase — database hosting and authentication, with row-level security (RLS)
Twilio — SMS and voice message delivery
Brevo (Sendinblue) — email delivery and contact management
Vercel — application hosting
Anthropic (Claude) — AI-powered message generation

All third-party vendors are vetted for HIPAA compliance where applicable, and BAAs are in place as required.

5. Data Retention & Deletion

We retain your data for as long as your account is active. Upon account termination, we will delete all associated data within 30 days unless a longer retention period is required by law. You may request deletion of your data at any time by contacting us.

6. Contact

For privacy-related inquiries, please contact us at privacy@retaine.com.