Privacy Policy

Information We Collect

1. Authentication Information

User credentials (email and encrypted password) for login purposes
Authentication tokens generated by AWS Cognito
Session information to maintain your logged-in state

2. Practice and Patient Data

Patient names and IDs from Dentrix Ascend
Referral information you create or manage
Appointment data related to referrals
Treatment plans and dental procedure codes
Comments and notes added to referrals

3. Usage Information

Current location within Dentrix Ascend
Active tab information to provide contextual features
Extension preferences and settings
Token refresh timestamps for security purposes

4. Technical Information

Chrome browser storage for caching and offline functionality
Extension version information
Error logs for troubleshooting

How We Use Your Information

We use the collected information to:

1. Provide Core Functionality

Authenticate users securely
Display and manage dental referrals
Synchronize data between Dentrix Ascend and our backend
Send notifications about referral status changes

2. Improve User Experience

Maintain user session across browser restarts
Remember user preferences
Provide contextual information based on current patient

3. Security and Compliance

Maintain secure authentication with automatic token refresh
Protect against unauthorized access
Comply with healthcare data protection requirements

4. Technical Operations

Debug and fix technical issues
Monitor system performance
Ensure data synchronization

Data Storage and Security

Local Storage

Authentication tokens are stored locally in your browser using Chrome's secure storage API
User preferences are cached locally for faster access
No sensitive patient data is permanently stored in the browser

Remote Storage

Patient and referral data is transmitted to and stored on our secure servers at https://bs-api.getfurca.com
All data transmission uses HTTPS encryption
Our backend infrastructure is hosted on AWS with enterprise-grade security

Security Measures:

End-to-end encryption for data in transit
Secure authentication via AWS Cognito
Automatic token expiration and refresh mechanisms
No storage of passwords in the extension

Third-Party Services

We use the following third-party services:

AWS Cognito

Purpose: User authentication and identity management

Data Shared: Email addresses, encrypted credentials

Privacy Policy: AWS Privacy Notice

Dentrix Ascend

Purpose: Integration with practice management system

Data Accessed: Patient information, appointments (with your permission)

Note: We only access data within pages you actively visit

Our Backend API (bs-api.getfurca.com)

Purpose: Store and synchronize referral data

Data Stored: All referral-related information you create

Security: HTTPS encryption, secure authentication required

Data Sharing and Disclosure

We do NOT:

Sell your data to third parties
Share patient information with advertisers
Use your data for purposes other than providing our service
Access your Dentrix Ascend data outside of the extension's functionality

We MAY share data only in these limited circumstances:

With Your Consent: When you explicitly authorize sharing
Legal Requirements: If required by law or legal process
Service Providers: With trusted partners who help operate our service (under strict confidentiality)
Business Transfer: In the event of a merger or acquisition (users will be notified)

Healthcare Compliance

HIPAA Considerations

We implement appropriate safeguards for protected health information (PHI)
Access controls and audit logs are maintained
Business Associate Agreements (BAAs) are established with covered entities
Users are responsible for ensuring their use complies with their organization's HIPAA policies

Data Minimization

We only collect data necessary for referral management functionality
Patient data is only accessed when you navigate to specific pages in Dentrix Ascend

Your Rights and Choices

Access and Control

View Your Data: Access all your referral data through the extension
Modify Data: Edit or update referrals at any time
Delete Data: Remove referrals you've created
Export Data: Request a copy of your data by contacting support

Account Management

Logout: Clear local session data at any time
Uninstall: Remove the extension and all local data
Account Deletion: Request complete account deletion by contacting support

Opt-Out Options

Disable notifications in extension settings
Choose not to use certain features
Control which data syncs with our backend

Permissions Explained

Our extension requests the following Chrome permissions:

sidePanel

Why: Opens the referral management interface alongside Dentrix Ascend

Data Access: None - only controls UI display

storage

Why: Saves authentication tokens and user preferences locally

Data Access: Only data our extension creates

declarativeNetRequest & webRequest

Why: Monitors Dentrix Ascend appointment data to provide real-time referral matching

Data Access: Only network requests to Dentrix Ascend and our API

activeTab

Why: Detects current patient context in Dentrix Ascend

Data Access: Only the currently active tab's URL and basic information

tabs

Why: Automatically opens side panel when you navigate to relevant Dentrix Ascend pages

Data Access: Tab URLs for Dentrix Ascend pages only

alarms

Why: Schedules automatic token refresh for security

Data Access: None - only triggers timed events

Host Permissions

https://cognito-idp.us-east-2.amazonaws.com/* and https://*.amazoncognito.com/*

Purpose: User authentication and secure login

Data: Authentication requests only

https://bs-api.getfurca.com/*

Purpose: Synchronize referral data with our backend

Data: Referral information, patient context

https://*.dentrixascend.com/*

Purpose: Integration with your practice management system

Data: Patient IDs, appointment data (only from pages you visit)

Data Retention

Active Data: Retained while your account is active
Authentication Tokens: Expire after 60 minutes, automatically refreshed
Cached Data: Cleared when you logout or uninstall
Account Deletion: All data permanently deleted within 30 days of request

Children's Privacy

Our service is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

International Data Transfers

Our services are hosted in the United States. By using our extension, you consent to the transfer of your data to the United States, which may have different data protection laws than your country.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes by:

Updating the "Last Updated" date
Displaying a notification in the extension
Sending email notifications for material changes

Continued use after changes indicates acceptance of the updated policy.

Your California Privacy Rights

If you are a California resident, you have additional rights under CCPA:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information (we do not sell data)
Right to deletion of personal information
Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@getfurca.com.

GDPR Rights (European Users)

If you are in the European Economic Area, you have rights under GDPR:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

To exercise these rights, contact us at support@getfurca.com.