Privacy Policy
AI transparency. You acknowledge and agree that your access to or use of the Site and Services involves your interaction with artificial intelligence technology, including the collection, use, and sharing of your personal information through artificial intelligence technology, which autonomously or partially autonomously processes your personal information through a genetic algorithm, a neural network, machine learning, large language models, or other techniques in order to generate content or make decisions, recommendations, or predictions for you.
HIPAA and patient information. When Mesio's Services are used by a dental practice (a “Customer Practice”) to record or process protected health information (“PHI”) about its patients, Mesio acts as a Business Associate as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). Our handling of patient PHI is governed by the Business Associate Agreement (“BAA”) executed between Mesio AI Inc. and the Customer Practice. This Privacy Policy does not govern patient PHI — the BAA does. Patients with questions about how their information is collected, used, or disclosed should contact their dental practice directly; the practice is the HIPAA-covered entity and the data controller for patient PHI.
This Privacy Policy covers the personal information of visitors to the Site and authorized users of the Services (e.g., dentists, hygienists, dental assistants, practice administrators, and other staff who hold accounts). Where the same information is also PHI, the BAA additionally applies.
- Personal Information We Collect and How We Collect It
- How We Use Your Personal Information
- How We Share Your Personal Information
- Your Choices Regarding Your Personal Information
- Security of Your Personal Information
- International Users
- Notice to European Users
- Notice to Canadian Users
- Notice to Australian and New Zealand Users
- Children
- Do Not Track
- Updates to This Privacy Policy
- Contact Us
1.Personal Information We Collect and How We Collect It
We collect personal information about you in a number of different ways:
Personal Information From Users of Our Services
When you use our Services, we collect personal information that you provide to us, which may include the following categories of personal information depending on how you use our Services and communicate with us:
- General identifiers, such as your full name, home or work address, zip code, telephone number, email address, job title, professional license information, and organizational affiliation (e.g., your dental practice or DSO).
- Online identifiers, such as your username and passwords for any of our Services, or information we automatically collect through cookies and similar technologies used on our Sites. This may include your computer or mobile device's operating system type and version number, manufacturer and model, browser type, screen resolution, internet protocol (IP) address, unique identifier, the websites you visited before and after browsing to our Site, and general location information such as city, state, or geographic area.
- Protected classification characteristics, such as any information that you choose to provide to us or that we collect in connection with providing our Services to you, including age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, physical or mental disability, sex, sexual orientation, or veteran or military status.
- Commercial information, such as the billing details we use to bill you for our Services, your billing and payment history, and any records of personal property that we collect in connection with providing our Services to you. We also collect information about your preferences regarding marketing communications.
- Audio, electronic, and visual information that we collect in connection with providing our Services to you, such as transcriptions and audio recordings of communications that you make with our Services. Where these recordings contain patient PHI, the BAA additionally applies.
- Professional or employment-related information that we collect in connection with providing our Services to you, such as your job title, employer information, and work history.
- Support and chat content, such as messages, attachments, and other content you send to us via in-app chat, our AI support bot, email, or other support channels.
- Other information you provide to us.
Information About Our Customers' Patients
We provide cloud-based AI scribe, transcription, and clinical-documentation services to dental practices to enable dental professionals to record office visits with their patients and have those recordings transcribed and structured into clinical notes and periodontal charts. Our customers are dental practices, dental service organizations (DSOs), and individual dental professionals. While we have a direct relationship with our customers and control our handling of their personal information, our relationship with the patients of those customers is indirect and based on our relationship with the practice. This Privacy Policy does not cover personal information or PHI of our customers' patients, which we handle as a Business Associate, on the practice's behalf, under the BAA. If you are a patient of one of our customer practices and have a question about how your personal information is collected, used, or disclosed, please contact the practice directly.
Personal Information We Get From Others
We may lawfully collect personal information about you from other sources. We may add this to information we collect from our Services.
Information We Collect Automatically
We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Services. For example, when visiting our Site or when using our applications, we may log your computer or device identification number, operating system type, browser type, browser language, the websites you visit before and after browsing to our Site, pages you viewed on our Site, how long you spent on a page, access times, and information about your use of and actions on our Site or in our applications. How much of this information we collect depends on the type and settings of the device you use to access the Services.
The technologies we use for this automatic data collection may include:
- Cookies. We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.
- Web beacons. Pages of the Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Site statistics (for example, recording the popularity of certain Site content and verifying system and server integrity).
- Device identifiers. When you access the Site by or through a mobile device (including but not limited to smartphones or tablets), we may access, collect, monitor, and/or remotely store one or more “device identifiers,” such as a universally unique identifier, which are small data files or similar data structures. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Website. Some features of the Website may not function properly if use or availability of device identifiers is impaired or disabled.
Additional Information
If you choose to interact on the Site or through the Services (such as by registering; using our Services; entering into agreements with us; or requesting information from us), we will collect the personal information that you provide. We may collect personal information about you that you provide through telephone, email, or other communications. If you provide us with personal information regarding another individual, please do not do so unless you have that person's consent to give us their personal information.
2.How We Use Your Personal Information
Generally, we may use your personal information in the following ways and as otherwise described in this Policy or to you at the time we collect the personal information from you:
To Provide the Services and Personalize Your Experience
We use personal information about you to provide the Services to you, including:
- To help establish and verify your identity;
- For the purposes for which you specifically provided it to us, including, without limitation, to enable us and our third-party service providers to process and fulfill your requests or provide the Services to you;
- To provide you with effective customer service;
- To provide you with a personalized experience when you use the Services or by delivering relevant content through the Services;
- To send you information about your relationship or transactions with us and to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- To otherwise contact you with information that we believe will be of interest to you, including marketing and promotional communications; and
- To enhance or develop features, products, or services.
Changes
We use your personal information to notify you about changes to any Services.
Research and Development
We may use your general identifiers, online identifiers, internet activity information, and commercial information for research and development purposes, including to analyze and improve the Services and our business. We will not use patient PHI to train or improve our AI models except as expressly permitted by the BAA. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect (in accordance with applicable law, including HIPAA's de-identification standards where the underlying data is PHI). We may use this anonymous data and share it with third parties for our lawful business purposes.
Creating Anonymous / De-identified Data
As part of our analytics, we may create aggregated, de-identified, or other anonymous data from your personal information we collect. We make your personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes as permitted by law.
Company Operations
We may use your personal information for our day-to-day operations, including for employment and administrative purposes, to evaluate potential candidates for employment, and for security, facilities access, company systems, compliance, and database use.
Marketing
We may use your personal information in connection with sending you marketing communications, including by mail and email, in each case as permitted by law. You may opt out of marketing communications from us and/or our third-party advertisers by following the unsubscribe instructions in the marketing communications or by emailing us at privacy@mesio.ai, as applicable.
Compliance and Protection
We may use any of the categories of personal information described above to:
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
- Protect our, your, and others' rights, privacy, safety, and property (including by making and defending legal claims).
- Audit our internal processes for compliance with legal and contractual requirements and internal policies.
- Enforce the terms and conditions that govern the Site and our Services.
- Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
We may also use personal information for other purposes consistent with this Privacy Policy or that are explained to you at the time of collection of your personal information.
With Your Consent
If you provide us with consent or instruct us to share your personal information with a third party, we may do so. We will not share such information with third parties without your express consent or instruction.
3.How We Share Your Personal Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose the categories of personal information described above with the following categories of third parties:
- Affiliates. We may share your personal information with our affiliates that operate shared infrastructure, systems, and technology or otherwise for purposes consistent with this Policy.
- Third party service providers. We may provide your personal information to third-party service providers that help us provide you with the Services and to operate our business, such as website and app hosting, data analysis, payment processing, support platform (for example, providers that power our in-app chat and AI support bot), provision of payment discounts (including providing your personal information to group purchasing organizations or DSOs that help facilitate such discounts for you), order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services. Where these service providers process patient PHI on our behalf, they do so as our subcontractors under HIPAA, subject to written agreements that flow down the same BAA protections.
- Professional advisors. We may provide your personal information to our lawyers, accountants, bankers, and other outside professional advisors in the course of the services they provide to us.
- Corporate restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires Mesio AI Inc., our business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information described in this Privacy Policy.
Other Disclosures
We may disclose your personal information if we believe in good faith that such disclosure is necessary for any of the following:
- In connection with any legal investigation;
- To comply with relevant laws or to respond to subpoenas or warrants served on Mesio;
- To protect or defend the rights or property of Mesio or users of the Services; and/or
- To investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.
We may also share personal information with other categories of third parties with your consent or as described to you at the time of collection of your personal information.
We do not sell your personal information.
Third Party Websites
Our Services may contain links to third-party websites or services. When you click on a link to any other website or location, you will leave our Services and go to another website, and another entity may collect your personal information from you. We have no control over, do not review, and cannot be responsible for these outside websites or their content, or any collection of your personal information after you click on links to such outside websites. The links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, websites, or privacy practices.
4.Your Choices Regarding Your Personal Information
You have several choices regarding the use of your personal information on the Site and our Services:
Email Communications
We may periodically send you free newsletters and emails that directly promote the use of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below). Despite your indicated email preferences, we may send you Service-related communications, including notices of any updates to our Privacy Policy or Terms of Use.
Cookies
If you decide at any time that you no longer wish to accept cookies from our Site for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser's technical information. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Services. If you have any questions about how to disable or modify cookies, visit allaboutcookies.org.
Accessing and Correcting Your Information
You may send us an email at privacy@mesio.ai to request access to, correct, or delete any personal information that you have provided to us. If we delete your personal information, we may also have to delete your user account, if any, and your transcriptions, and we are not responsible for any loss of data as a result. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Where the personal information you are asking about is also PHI, your rights of access, amendment, and accounting of disclosures are provided to you by your dental practice (the HIPAA-covered entity) under the BAA and applicable HIPAA regulations — please contact your practice directly for those requests.
Residents of certain states, such as California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Tennessee, Texas, Utah, and Virginia may have additional personal information rights and choices. If you believe that you are entitled to those rights and choices under this Privacy Policy, please email us at privacy@mesio.ai.
5.Security of Your Personal Information
Mesio is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. With respect to patient PHI, our administrative, technical, and physical safeguards are designed to meet HIPAA Security Rule requirements and are further described in the BAA. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.
6.International Users
Please note that our Services are provided in the United States. As such, they are governed by the laws of the United States. If you use our Services, your personal information will be subject to United States law and processed in the United States or in other countries.
7.Notice to European Users
The information provided in this “Notice to European Users” section applies only to individuals in Europe, including the United Kingdom and Switzerland.
Personal information
References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller
We are the controller of your personal information covered by this Privacy Policy for the purposes of European data protection legislation, except to the extent that we process your personal information on behalf of our customer, including personal information (and PHI) that we process on behalf of our Customer Practices, in which case our customer is the controller of your personal information, and we are the processor (and, with respect to PHI, the Business Associate under HIPAA).
We have appointed a Data Protection Officer, whose contact information is:
Michael Fedor, Mesio AI Inc., 2120 University Ave Suite 236, Berkeley, CA 94704, privacy@mesio.ai.
Legal bases for processing
We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
| Processing Purpose | Legal basis |
|---|---|
| To operate the Services | Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request. |
| To personalize the Sites and the Services; to improve content and functionality of the Sites and Services; to promote the Services; to provide Service-related communications; to provide security; for compliance, fraud prevention, and safety; to create anonymous data | These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted to by law). |
| To comply with law | Processing is necessary to comply with our legal obligations. |
| With your consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it at any time in the manner indicated when you consent or in the Services. |
Use for new purposes
We may use your personal information for reasons not described in this Privacy Policy, where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information
We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services, or otherwise to us, except as required for the legitimate provision of dental care via your Customer Practice's use of the Services and as governed by the BAA.
If you provide us with any sensitive personal information when you use the Services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through the Services.
Automated Decision-Making and Profiling
We do not use automated decision-making and/or profiling in regard to your personal information in connection with the Services.
Retention
We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. Retention of PHI is additionally governed by the BAA and by the Customer Practice's record-retention obligations under HIPAA and applicable state law.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Your rights
European data protection laws give you certain rights regarding your personal information. If you are located within the European Economic Area or Switzerland, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to a third party of your choice.
- Restrict. Restrict processing of your personal information.
- Object. Object to our reliance on our legitimate interests as a legal basis of our processing of your personal information that impacts your rights.
You may submit these requests by email to privacy@mesio.ai or our postal address provided below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.
Cross-Border Data Transfer
If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:
- Pursuant to the recipient's compliance with standard contractual clauses or Binding Corporate Rules;
- Pursuant to the consent of the individual to whom the personal information pertains; or
- As otherwise permitted by applicable European requirements.
You may contact us at privacy@mesio.ai or via our contact information below if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.
8.Notice to Canadian Users
The information provided in this “Notice to Canadian Users” section applies only to individuals in Canada. Individuals located in Canada have certain rights pursuant to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable substantially similar provincial legislation (“Canadian data protection legislation”).
Personal information
References to “personal information” in this Privacy Policy are equivalent to “personal information” governed by Canadian data protection legislation.
Consent
By using the Services and providing personal information to us, you are consenting to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not consent to the processing of your personal information in accordance with this Privacy Policy, please do not access or continue to use the Services or otherwise provide any personal information to us.
Your rights
You have certain rights with respect to your personal information under Canadian data protection legislation. Subject to certain exceptions and limitations, and depending upon the province where you reside, such rights may include:
- To withdraw consent. The right to withdraw your consent to the collection, use, or disclosure of your personal information.
- To be informed. The right to be informed of the existence, use, and disclosure of your personal information, and to be provided with an account of the use that has been made or is being made of this information as well as the third parties to which it has been disclosed (including a list of organizations to which your information may have been disclosed).
- To correct. The right to challenge the accuracy and completeness of your personal information, and have it amended, updated, or rectified as appropriate.
- To challenge. The right to challenge our compliance with the applicable Canadian data protection legislation.
- To be forgotten. The right to restrict the dissemination of your personal information in certain circumstances if such dissemination contravenes a law or court order or otherwise causes serious injury to your reputation or privacy.
- Data portability. The right to receive computerized personal information in a structured, commonly-used, and technological format, or to have such personal information transferred directly to any person or body authorized by law to collect such personal information.
Automated Decision-Making
We do not use automated decision-making in regard to your personal information in connection with the Services.
Complaints
The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) advises individuals to file an objection or challenge with the relevant company before lodging a formal complaint with a regulatory authority. If you are dissatisfied with our response to an objection or inquiry, or if you wish to file a complaint with a regulatory authority first, you may file a complaint with the Office of the Privacy Commissioner of Canada. Depending upon the province where you live, you may also (or instead) have the right to file a complaint with the applicable provincial privacy commissioner/regulator.
9.Notice to Australian and New Zealand Users
Information about Mesio
This Privacy Policy protects all the personal information that we collect and helps ensure that personal information is handled properly, including in accordance with the Australian Privacy Act and the New Zealand Privacy Act 2020. The below statements, together with the statements in the remainder of the Privacy Policy, explain our practices for personal information subject to the Australian Privacy Principles (the “APPs”) and the New Zealand Information Privacy Principles (the “IPPs”).
The Purposes for Collecting Personal Information
In addition to the purposes for collecting your personal information that we have set forth above in the How We Use Your Personal Information section, we will collect your personal information for purposes as permitted by the APPs or the IPPs (as applicable), such as when the use or disclosure is needed to protect you, us, or others from threats (such as security threats or fraud) or cheating, and to comply with the laws that are applicable to us around the world.
Whether Collection of your Personal Information is Required by Law
In most cases, you are not required by law to provide any personal information to Mesio. You are required to provide certain personal information to enable us to provide you with the Services. We indicate which data elements are required for the provision of the Services. If you do not provide these data elements, we cannot provide the Services to you.
Exercising your Privacy Rights — ANZ Opt Out
In addition to the rights described throughout this Privacy Policy, you may elect not to receive future communications from us by sending an email stating your wishes to privacy@mesio.ai or by following the unsubscribe link in any of such communications. We will respond to your privacy rights requests in accordance with applicable law.
Cross-border Disclosures from Australia
We may generally disclose your personal information to our affiliates and service providers and others, and these entities may be located outside of Australia. We take reasonable steps to ensure that any overseas recipient complies with the APPs with respect to your personal information and remain accountable to you for compliance in accordance with APP 8.
Cross-border Disclosures from New Zealand
We may generally disclose your personal information to our affiliates and service providers and others, and these entities may be located outside of New Zealand. We only make cross-border disclosures of your personal information to those entities that are: (i) subject to the Privacy Act 2020, (ii) subject to a privacy law that provides a comparable level of protection, (iii) is contractually obligated to protect the information appropriately, using model contracts, or (iv) where the disclosure is otherwise permitted by IPP 12.
Complaints
Australian Residents: If you believe that we have violated any of the Australian Privacy Principles, you can contact us at privacy@mesio.ai. We will investigate your complaint and try to resolve any issue to your satisfaction. If we do not adequately answer your concerns, you will have the right to make a complaint in writing to the Office of the Australian Information Commissioner, oaic.gov.au.
New Zealand Residents: If you believe that we have violated the Privacy Act 2020, you can contact us at privacy@mesio.ai. We will investigate your complaint and try to resolve any issue to your satisfaction. If we do not adequately answer your concerns, you will have the right to make a complaint in writing to the Office of the Privacy Commissioner, privacy.org.nz.
10.Children
Our Services are not intended for children under 18 years of age, and you must be at least 18 years old to have our permission to use the Services. We do not knowingly collect, use, or disclose personally identifiable information from children under the age of 13. If you believe that we have collected, used, or disclosed personally identifiable information of a child under the age of 13, please contact us using the contact information below so that we can take appropriate action.
Residents of certain jurisdictions under 13, 16, or 18 years of age may have additional rights regarding the collection and use of their personal information.
Note: this Privacy Policy applies to use of the Services by authorized account holders (dental professionals and staff). Information about pediatric dental patients that flows through the Services as part of clinical care is PHI governed by the BAA between Mesio and the patient's dental practice, not this Privacy Policy.
11.Do Not Track
We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit allaboutdnt.com.
12.Updates to This Privacy Policy
We reserve the right to change this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will post the revised version to our website and update the “Effective Date” at the top of this Privacy Policy. Except as otherwise indicated, any changes will become effective when we post the revised Privacy Policy on our website.
13.Contact Us
Our contact information is as follows:
Mesio AI Inc.
2120 University Ave Suite 236
Berkeley, CA 94704
Telephone: +1 (510) 224-3507
Email: privacy@mesio.ai