Legal

Privacy Policy

How CaseLink collects, uses, and protects personal information when you visit caselink.net or use the CaseLink referral and clinical communication platform.

Effective: 18 May 2026

CaseLink, Inc. (“CaseLink,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy (the “Policy”) explains how we collect, use, share, and protect personal information when you visit our website at caselink.net (the “Website”) or use the CaseLink referral and clinical communication platform (the “Service”).

1. Scope of This Policy

This Policy applies to:

  • visitors to the Website,
  • account holders and authorized users of the Service, and
  • individuals who contact us, sign up for marketing communications, or request a demonstration of the Service.

This Policy does not apply to:

  • Protected Health Information (“PHI”) that CaseLink processes on behalf of a dental practice or other Covered Entity. PHI is governed by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and by the Business Associate Agreement (the “BAA”) executed between CaseLink and the Covered Entity. In the event of any conflict between this Policy and an executed BAA with respect to PHI, the BAA prevails.
  • third-party websites or services linked from the Website or the Service. Their practices are governed by their own policies.

2. Information We Collect

2.1 Information You Provide

We collect information you submit directly to us, including:

  • Account and practice information. Name, email address, phone number, practice name, role, specialty, National Provider Identifier (NPI), Tax ID, and practice address.
  • Marketing and contact information. Information submitted through demonstration requests, contact forms, newsletter signups, or similar interactions on the Website.
  • Payment information. When you subscribe to a paid plan, billing details such as billing address and the last four digits of your card. Full payment card information is collected and processed by our payment processor and is not stored by CaseLink.
  • Support and communications. Information you provide when you contact our support team or correspond with us.

2.2 Information Collected Automatically

When you visit the Website or use the Service, we and our service providers may automatically collect:

  • Device and connection data. IP address, browser type, operating system, device identifiers, and language settings.
  • Usage data. Pages viewed, features used, links clicked, time spent in the Service, and referral source.
  • Log data. Access logs, error logs, and similar records used for security and troubleshooting.

2.3 Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Website and the Service. See Section 6 for details and your choices.

2.4 Information from Third Parties

We may receive information about you from third parties, including:

  • practices that invite you to join the Service,
  • marketing partners, conference organizers, or list providers, where permitted by law, and
  • public sources, such as state dental board directories or NPI registry data.

3. How We Use Information

We use personal information to:

  • provide and operate the Website and the Service,
  • create, manage, and authenticate accounts,
  • process payments and manage subscriptions,
  • send transactional messages such as referral notifications, account confirmations, and password resets,
  • provide customer support and respond to inquiries,
  • improve the Service, including measuring usage and developing new features,
  • send marketing communications about CaseLink, where permitted by law and subject to your preferences,
  • detect, investigate, and prevent fraud, abuse, security incidents, and violations of any applicable terms,
  • comply with applicable law and respond to lawful requests, and
  • generate de-identified or aggregated information, which is no longer personal information and may be used for any lawful purpose.
What we do not do. CaseLink does not sell personal information. CaseLink does not use personal information for advertising directed at individuals on the basis of their health information.

4. How We Share Information

We share information only as described in this Section.

4.1 Within Your Practice and Network

When you use the Service to send a referral, share a case, or send a message, the information you submit is shared with the recipient practice and its authorized users. Your practice profile, including name, specialty, and address, may also appear in the Service’s network directory unless you opt out in Practice Settings.

4.2 With Service Providers and Subprocessors

We share information with third-party service providers that help us operate the Website and the Service, including providers of:

  • cloud hosting and platform infrastructure,
  • email and notification delivery,
  • payment processing,
  • customer support tooling,
  • analytics and product monitoring, and
  • security and fraud prevention.

These providers act on our instructions and are bound by confidentiality and security obligations. A current list of subprocessors with access to PHI is available on request and is referenced in the BAA where one has been executed.

4.3 For Legal Reasons

We may disclose information when we believe in good faith that disclosure is necessary to:

  • comply with applicable law, court orders, subpoenas, or other legal process,
  • protect the rights, property, or safety of CaseLink, our users, or others,
  • enforce our agreements or this Policy, or
  • investigate suspected fraud or violations.

4.4 Business Transfers

If CaseLink is involved in a merger, acquisition, financing, or sale of all or part of its business, personal information may be transferred as part of that transaction. We will notify affected users where required by law.

4.5 With Your Direction

We share information at your direction or with your consent, including when you choose to integrate the Service with a third-party tool.

5. PHI and HIPAA

Where the Service is used to transmit Protected Health Information, that information is handled in accordance with HIPAA and the BAA between CaseLink and the Covered Entity. This Policy does not modify the protections, rights, or remedies available under HIPAA or any executed BAA. Patient rights regarding PHI, including access, amendment, and accounting of disclosures, are addressed through the Covered Entity in accordance with HIPAA.

6. Cookies and Your Choices

The Website and the Service use the following categories of cookies and similar technologies:

  • Strictly necessary. Required for authentication, session management, and core functionality, including the hCaptcha challenge cookies that protect our contact form from automated abuse. These cannot be disabled.
  • Embedded scheduling.When you open the Calendly booking widget on the Website, Calendly sets cookies to manage your scheduling session. Calendly’s privacy practices apply to those cookies.
  • Analytics. Help us understand how the Website and the Service are used so we can improve them.
  • Preference. Remember your settings, such as language or interface preferences.

You may control cookies through your browser settings, including blocking or deleting cookies. Disabling certain cookies may affect the functionality of the Website or the Service. Where we use analytics from a third-party provider, you may also opt out through that provider’s tools where available.

7. Data Security

We implement administrative, physical, and technical safeguards designed to protect personal information, including:

  • Transport Layer Security for data in transit,
  • industry-standard encryption for data at rest,
  • role-based access controls,
  • activity logging and audit trails, and
  • workforce training on privacy and security.

No method of transmission or storage is completely secure. We cannot guarantee absolute security but we work continuously to maintain and improve our safeguards.

8. Data Retention

We retain personal information for as long as needed to provide the Website and the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods depend on the type of information and the context, including:

  • account information is retained for the duration of your account plus a reasonable period afterward for legal, accounting, and security purposes,
  • Customer Content held in the Service is retained for the term of your subscription. After termination, the retention and deletion rules in any executed BAA apply,
  • marketing information is retained until you opt out or for a reasonable period after your last interaction, and
  • log and security data is retained for limited periods consistent with our security needs.

9. Your Rights and Choices

9.1 Access and Update

You can access and update most account information directly in the Service. If you need help, contact us at support@caselink.net.

9.2 Marketing Communications

You may opt out of marketing emails by clicking the unsubscribe link in any marketing message or by contacting us. Transactional and account-related messages, such as referral notifications and security alerts, will continue.

9.3 Cookie Choices

You can control cookies as described in Section 6.

9.4 State Privacy Rights

Residents of certain U.S. states may have additional rights under state privacy laws, including the right to:

  • know what personal information we have collected about them,
  • request correction or deletion of personal information,
  • opt out of the sale or sharing of personal information (CaseLink does not sell personal information),
  • limit the use of sensitive personal information, and
  • not be discriminated against for exercising these rights.

To exercise these rights, contact us at support@caselink.net. We may need to verify your identity before completing your request. You may also designate an authorized agent to act on your behalf where permitted by law.

9.5 HIPAA Rights

Rights regarding PHI are addressed through your healthcare provider in accordance with HIPAA and the BAA between CaseLink and the Covered Entity.

10. Children’s Privacy

The Website and the Service are intended for licensed dental professionals and their authorized staff. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete it promptly. PHI relating to pediatric patients that is processed on behalf of a dental practice is handled under HIPAA and the BAA.

11. International Users

CaseLink is based in the United States. If you access the Website or the Service from outside the United States, your information will be transferred to, processed, and stored in the United States. By using the Website or the Service, you understand that your information may be processed in the United States, which may have data protection laws that differ from those in your country.

12. Third-Party Links

The Website and the Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services before providing them with personal information.

13. Changes to This Policy

We may update this Policy from time to time. If a change is material, we will provide reasonable notice by posting an updated effective date at the top of this Policy and, where appropriate, by notifying you through the Website, the Service, or by email. Your continued use of the Website or the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

If you have questions about this Policy or our privacy practices, contact us at:

CaseLink, Inc.

124 S Wise St

Arlington, VA 22204

support@caselink.net

www.caselink.net