← Back to LoginComplianceDDS

Privacy Policy

Last updated: March 2026

ComplianceDDS Inc. (“we,” “us,” or “our”) operates the ComplianceDDS platform, a compliance management solution for dental practices in Ontario and across Canada. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our services.

We are committed to protecting your privacy and complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

1. Information We Collect

1.1 Account and Practice Information

When you register for ComplianceDDS, we collect information necessary to set up and manage your account, including:

  • Practice name, address, and contact details
  • Account holder name and email address
  • Billing information (processed securely through our payment provider)
  • Practice type, size, and regulatory jurisdiction

1.2 Staff and Credential Information

To facilitate compliance tracking, you may enter information about your practice staff, including:

  • Staff names, roles, and contact information
  • Professional licence and registration numbers
  • Certification records and expiry dates (e.g., CPR, WHMIS, radiation safety)
  • Training completion records

1.3 Compliance and Operational Records

We store compliance-related data that you enter into the platform, such as:

  • Equipment maintenance and inspection logs
  • IPAC (Infection Prevention and Control) audit records
  • Radiation safety and dosimetry records
  • Water quality testing results
  • Emergency preparedness documentation
  • Policy and procedure documents

1.4 Uploaded Documents

You may upload files such as certificates, inspection reports, equipment manuals, and policy documents. These files are stored securely and associated with your practice account.

1.5 Usage and Technical Data

We automatically collect certain technical information when you use the platform, including browser type, IP address, pages visited, and interaction patterns. This data is used to improve the platform and ensure security.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Compliance Tracking: To monitor regulatory deadlines, certification expiries, and inspection schedules for your practice.
  • Notifications and Alerts: To send email and in-app reminders about upcoming deadlines, expiring credentials, and required actions.
  • Reporting: To generate compliance reports, audit summaries, and dashboards for your practice.
  • Billing and Account Management: To process subscription payments and manage your account.
  • Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve the platform.
  • Customer Support: To respond to your inquiries and provide assistance.

3. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted using AES-256 encryption.
  • Our infrastructure is hosted in Canada and the United States with reputable cloud providers.
  • Access to production systems is restricted and monitored.
  • We perform regular security assessments and maintain access controls based on the principle of least privilege.

4. Third-Party Services

We use the following third-party services to operate the platform. Each provider has their own privacy policy governing how they handle data:

  • Lemon Squeezy: Payment processing and subscription billing. We do not store your full credit card details; payment information is handled directly by Lemon Squeezy.
  • Resend: Transactional email delivery for notifications, alerts, and account communications.
  • Vercel Blob Storage: Secure object storage for uploaded documents and files.
  • Neon: PostgreSQL database hosting for application data storage.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide our services. Specifically:

  • Active account data is retained for the duration of your subscription.
  • Upon account cancellation, your data is retained for 90 days to allow for reactivation, after which it is scheduled for permanent deletion.
  • Billing records may be retained for up to 7 years as required by tax and accounting regulations.
  • You may request earlier deletion of your data at any time by contacting us.

6. Your Rights Under PIPEDA

As a user of ComplianceDDS, you have the following rights regarding your personal information:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right of Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right of Deletion: You may request that we delete your personal information, subject to legal retention requirements.
  • Right to Withdraw Consent: You may withdraw your consent for certain data processing activities, though this may affect your ability to use the platform.

To exercise any of these rights, please contact our Privacy Officer, Adam Blackburn, at privacy@compliancedds.com. We will respond to your request within 30 days.

7. Ontario Personal Health Information Protection Act (PHIPA)

ComplianceDDS is designed for dental practices in Ontario, which may handle personal health information as defined under the Personal Health Information Protection Act, 2004 (PHIPA). While ComplianceDDS is a compliance management tool and is not itself a health information custodian, we recognize that data entered into the platform by dental practices may include references to patient health information (e.g., infection control logs, sterilization records, or radiation safety documentation).

To support our users’ obligations under PHIPA, we:

  • Implement administrative, technical, and physical safeguards consistent with PHIPA requirements for the protection of personal health information.
  • Restrict access to practice data to authorized users within the practice’s account.
  • Store and process data within infrastructure that meets or exceeds the security standards expected of agents of health information custodians.
  • Support practices in fulfilling their PHIPA obligations, including data access requests and breach notification.

Dental practices using ComplianceDDS remain responsible for ensuring their own compliance with PHIPA, including obtaining appropriate consent and managing their obligations as health information custodians.

8. Data Breach Notification

In accordance with PIPEDA’s mandatory breach notification requirements and PHIPA’s breach reporting obligations, ComplianceDDS Inc. maintains procedures to respond to any breach of security safeguards involving personal information.

In the event of a breach that creates a real risk of significant harm to individuals, we will:

  • Notify the Office of the Privacy Commissioner of Canada as required under PIPEDA.
  • Notify the Information and Privacy Commissioner of Ontario if the breach involves personal health information subject to PHIPA.
  • Notify affected individuals as soon as feasible, providing details about the breach, the information involved, the steps we are taking, and actions individuals can take to protect themselves.
  • Notify the affected dental practice(s) so they may fulfill their own notification obligations as health information custodians.
  • Maintain records of all breaches of security safeguards, regardless of whether notification is required, for a minimum of 24 months.

If you believe your data may have been compromised, please contact our Privacy Officer, Adam Blackburn, immediately at privacy@compliancedds.com or by phone at 647-948-4346.

9. Cookies and Tracking

ComplianceDDS uses essential cookies to maintain your session and authenticate your access. We do not use third-party advertising or tracking cookies. Analytics data, where collected, is aggregated and anonymized.

10. Children’s Privacy

ComplianceDDS is designed for use by dental professionals and practice administrators. We do not knowingly collect personal information from individuals under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by email. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Officer:

  • Privacy Officer: Adam Blackburn
  • Email: privacy@compliancedds.com
  • Phone: 647-948-4346
  • Address: ComplianceDDS Inc., 10 Navy Wharf Court, Toronto, ON M5V 3V2, Canada

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Terms of Service | Sign In