Trivexa AI

Privacy Policy

Last Updated: December 29, 2025

At Trivexa AI, we take your privacy seriously. This policy explains how we collect, use, protect, and share information in connection with our AI automation services for dental practices.

Data Protection

We implement industry-leading security measures to protect all patient and practice data.

Encryption

All data is encrypted in transit and at rest using AES-256 encryption standards.

Transparency

We are transparent about what data we collect and how we use it.

User Control

You maintain full control over your data and can request deletion at any time.

1. Information We Collect

Practice Information

We collect information including practice name, NPI number, address, contact details, and staff information necessary to configure and deliver our services.

Protected Health Information (PHI)

As a Business Associate, we process patient data on your behalf, including:

  • Demographics: Names, DOB, and contact details
  • Clinical/Administrative: Appointment histories and communication records
  • Insurance Data: Carrier names, member IDs, and eligibility status

Usage & Technical Data

We automatically collect IP addresses, device identifiers, and system logs (Audit Trails) required for HIPAA security compliance and operational monitoring.

2. How We Use Your Information

  • Service Delivery: To power the AI Front Desk, 24/7 Patient Response, and Intelligent Scheduling
  • Insurance Qualification: To automate the verification of patient benefits and eligibility
  • Audit Compliance: To maintain a legally required record of who accessed PHI and when
  • De-Identified Analytics: We may use "de-identified" data (data that cannot be traced back to a specific patient or practice) to improve our AI models and system performance in accordance with HIPAA's Safe Harbor Method
  • Security: To detect and prevent unauthorized access or data breaches

3. HIPAA & Data Security Safeguards

Trivexa AI acts as a Business Associate to dental practices. We have implemented the following safeguards in accordance with the HIPAA Security Rule:

Administrative

We conduct regular risk assessments, maintain a designated Privacy Officer, and execute Business Associate Agreements (BAAs) with all dental clients and sub-processors.

Technical

  • Encryption: All PHI is encrypted using AES-256 at rest and TLS 1.2+ in transit
  • Access Control: Unique user identification, Multi-Factor Authentication (MFA), and automatic session timeouts
  • Integrity: Protection against unauthorized PHI alteration or destruction

Physical

All data is stored in SOC 2 Type II compliant data centers located within the United States.

4. Communication Risks & Consent

Notice of Risk

While Trivexa AI provides secure platforms, communications sent via standard SMS or Email are not inherently encrypted. By using the service, the Practice acknowledges it is responsible for informing patients of these risks and obtaining appropriate consent.

TCPA Compliance

We adhere to the Telephone Consumer Protection Act; the Practice warrants that it has the legal right to contact patients via the information provided to our system.

5. Data Sharing and Disclosure

We do not sell practice or patient data. Disclosure is limited to:

  • Authorized Sub-processors: Trusted infrastructure partners (e.g., AWS, Twilio) who have signed BAAs with Trivexa AI
  • Legal Necessity: To comply with a court order, subpoena, or the Department of Health and Human Services (HHS) for compliance audits
  • Business Transfers: In the event of a merger or sale, the successor entity must adhere to the same HIPAA protections for all retained PHI

6. Data Retention and Destruction

Active Period

Data is retained for the duration of your service agreement.

Post-Termination

Upon termination, the Practice has 90 days to export data.

Secure Destruction

After the 90-day window, Trivexa AI will permanently purge PHI from all active databases and backup systems (backups purged within an additional 90-day cycle) in compliance with NIST Special Publication 800-88 standards for media sanitization.

7. Your Rights

Under HIPAA and various state laws (such as CCPA/CPRA where applicable), you have the right to:

Request an Accounting of Disclosures

See who your data was shared with for non-routine purposes

Access and Export

Receive a machine-readable copy of your practice data

Correction/Amendment

Request changes to inaccurate administrative records

8. Contact Us

For inquiries regarding HIPAA compliance or to report a suspected security incident:

Email: info@trivexaai.com