Legal

Privacy Policy

Last Updated · June 2026

Healink, Inc. (“Healink,” “Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information. This Privacy Policy describes how we collect, use, disclose, retain, and otherwise process information relating to individuals who access or use our websites, patient portals, mobile applications, communications tools, artificial intelligence-enabled services, and related products and services (collectively, the “Services”).

Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

Important Notice

Regarding healthcare information

Healink provides software and technology services to dental practices, healthcare providers, and healthcare organizations (“Providers”). In many circumstances, Healink acts as a service provider, processor, contractor, vendor, or business associate to Providers.

When Healink processes information on behalf of a Provider:

  • The Provider controls the information;
  • The Provider determines how the information is used;
  • The Provider determines applicable retention periods;
  • The Provider is responsible for responding to requests relating to healthcare records; and
  • The Provider's Notice of Privacy Practices may govern the Provider's use and disclosure of healthcare information.

If you have questions regarding treatment information, healthcare records, Protected Health Information (“PHI”), or your Provider's privacy practices, please contact your Provider directly.

Information We Collect

We may collect the following categories of information.

Information you provide directly

When you utilize the Services, we may collect any information you provide to us, including:

  • Name
  • Email address
  • Telephone number
  • Mailing address
  • Username and password
  • Account credentials
  • Communications submitted through the Services
  • Customer support requests
  • Survey responses
  • Appointment requests
  • Information submitted through forms
  • Information voluntarily provided through the Services

Information received from Providers

When your Provider utilizes the Services, we may receive information including:

  • Patient identifiers
  • Appointment information
  • Treatment information
  • Treatment plans
  • Treatment acceptance information
  • Communication preferences
  • Provider-generated content
  • Payment-related information
  • Insurance-related information
  • Other information submitted by the Provider

Automatically collected information

When you access or use the Services, we may automatically collect:

  • IP addresses
  • Device identifiers
  • Browser information
  • Operating system information
  • Session information
  • Usage logs
  • Diagnostic information
  • Referring URLs
  • Interaction data
  • Clickstream information
  • Geolocation derived from IP address
  • Crash reports
  • Performance information

Cookies and similar technologies

We may use cookies, pixels, web beacons, tags, local storage technologies, and analytics technologies to operate, secure, maintain, and improve the Services.

How We Use Information

We may use information for purposes including:

  • Providing and operating the Services
  • Authenticating users
  • Facilitating communications
  • Delivering patient engagement functionality
  • Providing customer support
  • Processing transactions
  • Maintaining platform security
  • Monitoring performance
  • Preventing fraud and abuse
  • Enforcing agreements
  • Complying with legal obligations
  • Conducting analytics
  • Developing and improving products and services
  • Supporting artificial intelligence functionality
  • Creating de-identified and aggregated information

Artificial Intelligence, Machine Learning, and Analytics

Certain Services utilize artificial intelligence, machine learning, natural language processing, predictive technologies, and related tools (“AI Features”).

AI Features may process treatment information, communications, patient interactions, workflow information, and other information submitted through the Services in order to generate summaries, educational content, treatment-related communications, workflow recommendations, patient engagement content, and other outputs requested by Providers or users.

We may use information processed through AI Features to:

  • Operate AI-enabled functionality
  • Improve platform performance
  • Validate system outputs
  • Enhance user experiences
  • Improve AI Feature accuracy and effectiveness
  • Develop new products and functionality
  • Conduct quality assurance
  • Perform testing and validation
  • Maintain security and integrity

Where required by law, contractual obligations, or obligations to Providers, we will use de-identification, aggregation, or other privacy-enhancing measures before using information for product improvement purposes.

AI-generated outputs may contain inaccuracies, errors, omissions, or other limitations and should not be relied upon as medical, dental, legal, financial, or professional advice.

How We Disclose Information

We may disclose information in the following circumstances.

Healthcare Providers

To Providers and authorized personnel acting on behalf of Providers.

Service providers

To vendors and service providers assisting with cloud hosting, infrastructure, security, analytics, customer support, communications, payment processing, and professional services.

Corporate transactions

In connection with mergers, acquisitions, financings, reorganizations, asset sales, and bankruptcy proceedings.

Legal compliance

To comply with law, respond to legal process, protect rights and safety, prevent fraud, protect the Services, and enforce agreements.

With consent

With your consent or at your direction.

De-Identified, Aggregated, and Derived Information

We may create, use, retain, disclose, analyze, commercialize, license, transfer, and otherwise exploit de-identified, anonymized, aggregated, benchmarking, statistical, operational, and derived information. Such information may be used for:

  • Research and development
  • Analytics
  • Product improvement
  • Service optimization
  • Benchmarking
  • Artificial intelligence development
  • Machine learning development
  • Security monitoring
  • Business operations
  • Commercial purposes
  • Other lawful purposes

Where required by law, de-identified information will be maintained in de-identified form and will not be re-identified except as permitted by applicable law. De-identified, aggregated, benchmarking, statistical, and derived information is not considered personal information where permitted by applicable law.

Data Retention

We retain information for as long as reasonably necessary to:

  • Provide the Services
  • Fulfill contractual obligations
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Protect security
  • Maintain backup and disaster recovery systems
  • Conduct legitimate business operations

Retention periods may vary depending on the nature of the information and applicable legal requirements.

Security

We maintain administrative, technical, organizational, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction.

However, no security measure is perfect and no method of transmission or storage is completely secure. Accordingly, we cannot guarantee absolute security.

Your Privacy Rights

Depending on applicable law and the type of data, you may have rights relating to personal information, including rights to:

  • Access
  • Correct
  • Delete
  • Restrict processing
  • Obtain portability
  • Object to certain processing activities
  • Appeal privacy rights decisions

If Healink processes information solely on behalf of a Provider, requests relating to healthcare records should generally be directed to the applicable Provider.

U.S. State Privacy Rights

Residents of California, Colorado, Connecticut, Texas, Virginia, Utah, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Minnesota, Rhode Island, and other jurisdictions with applicable privacy laws may have additional rights. Subject to applicable law, such rights may include:

  • Access
  • Correction
  • Deletion
  • Data portability
  • Opt-out rights
  • Appeal rights
  • Non-discrimination rights

We will honor applicable privacy rights requests as required by law.

Consumer Health Data Disclosures

Certain information processed through the Services may constitute Consumer Health Data or similar health-related information under applicable state privacy laws, including the Washington My Health My Data Act, Nevada consumer health privacy laws, and similar laws enacted from time to time.

Categories of Consumer Health Data

  • Health conditions
  • Dental conditions
  • Treatment information
  • Treatment recommendations
  • Healthcare appointment information
  • Provider information
  • Health-related communications
  • Information regarding healthcare services sought or received
  • Information reasonably capable of identifying an individual's healthcare status
  • Inferences derived from health-related information

Sources of Consumer Health Data

  • You
  • Your Provider
  • Authorized representatives
  • Devices and applications used to access the Services
  • Interactions with the Services
  • Third parties authorized by you or your Provider

Purposes of collection and use

  • Providing the Services
  • Operating patient portals
  • Facilitating communications
  • Delivering requested functionality
  • Customer support
  • Analytics
  • Product development
  • AI-enabled functionality
  • Security and fraud prevention
  • Compliance with law
  • Internal operations

Categories of recipients

  • Providers
  • Authorized Provider personnel
  • Service providers
  • Cloud hosting providers
  • Analytics providers
  • Security providers
  • Communication providers
  • Corporate transaction counterparties
  • Governmental authorities
  • Other parties with consent

Consumer Health Data rights

Depending upon applicable law, individuals may have rights relating to Consumer Health Data, including rights to access, delete, withdraw consent, obtain disclosure information, and appeal privacy decisions. Where Healink acts solely as a processor, contractor, service provider, vendor, or business associate to a Provider, requests may need to be directed to the Provider.

Consent

Where required by law, Healink will obtain consent before collecting, using, or disclosing Consumer Health Data. Additional notices, authorizations, and consent mechanisms may be presented through the Services.

No sale of Consumer Health Data

Healink does not sell Consumer Health Data for monetary consideration. Healink does not knowingly share Consumer Health Data for cross-context behavioral advertising purposes.

Children's Privacy

The Services are not directed to children under thirteen (13) years of age. We do not knowingly collect personal information directly from children under thirteen except as authorized by a Provider, parent, guardian, or legal representative.

International Users

The Services are intended primarily for individuals located in the United States. Information may be processed and stored in the United States and other jurisdictions where our service providers operate.

Third-Party Websites

The Services may contain links to third-party websites or services. Healink is not responsible for the privacy practices of third parties.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will be posted through the Services. The “Last Updated” date will indicate the effective date of the most recent version.

HIPAA Notice

Providers using the Services may provide separate HIPAA Notices of Privacy Practices governing their use and disclosure of Protected Health Information. Please contact your Provider for additional information regarding its privacy practices.

Contact Us

Privacy Officer
Healink, Inc.
Brooklyn, NY

Individuals may submit privacy requests using the contact information above. Authorized agents may submit requests where permitted by applicable law and upon verification of authority.

Exhibit A

Consumer Health Data Privacy Addendum

Last Updated · June 2026

This Consumer Health Data Privacy Addendum ("Addendum") supplements the Healink Privacy Policy and applies solely to the extent required by applicable consumer health privacy laws, including the Washington My Health My Data Act, Nevada consumer health privacy laws, and similar laws enacted from time to time. To the extent of any conflict between this Addendum and the Privacy Policy, this Addendum shall control with respect to Consumer Health Data.

Scope

This Addendum applies to Consumer Health Data collected, processed, used, disclosed, or otherwise handled by Healink. Nothing in this Addendum expands Healink's obligations beyond those required by applicable law.

Consumer Health Data

"Consumer Health Data" means information that identifies a consumer's past, present, or future physical or mental health status, healthcare services, healthcare treatment, diagnosis, condition, or similar health-related information to the extent regulated by applicable law. Consumer Health Data may include:

  • Information regarding dental conditions
  • Treatment plans
  • Treatment recommendations
  • Healthcare appointments
  • Healthcare provider information
  • Communications regarding treatment
  • Healthcare service utilization
  • Insurance-related information
  • Information reasonably capable of identifying healthcare status
  • Inferences drawn from health-related information

Sources of Consumer Health Data

We may obtain Consumer Health Data from:

  • Consumers
  • Healthcare Providers
  • Authorized representatives
  • Communications submitted through the Services
  • Devices used to access the Services
  • Third parties authorized by consumers or Providers

Purposes of Processing

We may process Consumer Health Data to:

  • Provide and operate the Services
  • Facilitate communications between Providers and patients
  • Operate patient portals
  • Deliver requested functionality
  • Authenticate users
  • Maintain security
  • Prevent fraud
  • Respond to inquiries
  • Provide customer support
  • Conduct analytics
  • Improve products and services
  • Operate AI-enabled functionality
  • Develop new features
  • Comply with legal obligations

Disclosure of Consumer Health Data

Consumer Health Data may be disclosed to:

  • Healthcare Providers
  • Authorized Provider personnel
  • Cloud service providers
  • Hosting providers
  • Analytics providers
  • Security providers
  • Communication providers
  • Customer support providers
  • Professional advisors
  • Corporate transaction counterparties
  • Governmental authorities
  • Other parties with consent or as permitted by law

Consent

Where required by applicable law, Healink will obtain consent before collecting, using, or disclosing Consumer Health Data. Additional notices, authorizations, disclosures, or consent mechanisms may be presented through the Services.

Consumer Health Data Rights

Depending on applicable law, consumers may have rights to:

  • Access Consumer Health Data
  • Delete Consumer Health Data
  • Withdraw consent
  • Receive information regarding disclosures
  • Appeal decisions regarding privacy rights requests

Consumers may submit requests using the contact information listed below. Where Healink acts solely as a processor, service provider, contractor, vendor, or business associate to a healthcare Provider, requests may need to be directed to the applicable Provider.

No Sale of Consumer Health Data

Healink does not sell Consumer Health Data for monetary consideration. Healink does not knowingly share Consumer Health Data for cross-context behavioral advertising purposes.

De-Identified Information

Healink may create, use, retain, disclose, analyze, license, commercialize, and otherwise use de-identified, aggregated, anonymized, statistical, benchmarking, operational, and derived information in accordance with applicable law. Such information is not Consumer Health Data where permitted by law.

Contact Information

Privacy Officer
Healink, Inc.
Brooklyn, NY

Consumers may submit Consumer Health Data requests using the contact information above.

Exhibit B

SMS / Text Messaging Terms and Consent

Last Updated · June 2026

Please read these SMS/Text Messaging Terms carefully. By opting in to receive text messages through the Healink platform, you agree to these SMS/Text Messaging Terms and Consent ("SMS Terms").

Program Description

Healink may facilitate text messages on behalf of healthcare Providers regarding:

  • Appointment reminders
  • Appointment confirmations
  • Appointment scheduling
  • Treatment-related communications
  • Patient engagement activities
  • Account notifications
  • Service-related updates
  • Other communications authorized by your healthcare Provider

Healink generally sends such messages as a technology service provider acting on behalf of your healthcare Provider.

Consent to Receive Text Messages

By providing your mobile telephone number and opting into SMS communications, you expressly consent to receive recurring text messages using automated technology, including autodialing technology where permitted by law. Your consent is not a condition of receiving healthcare services. Message frequency will vary.

Message and Data Rates

Message and data rates may apply. You are solely responsible for any fees charged by your wireless carrier.

Opting Out

You may opt out of receiving SMS messages at any time by replying STOP to any text message. After opting out, you may receive one final message confirming your opt-out request. Certain legally required or operational messages may still be sent where permitted by law.

Help

For assistance, reply HELP to any text message or contact privacy@healink.ai.

Supported Carriers

Supported carriers may change from time to time. Wireless carriers are not liable for delayed or undelivered messages.

Message Delivery

Message delivery is subject to:

  • Wireless carrier availability
  • Network availability
  • Device compatibility
  • Service interruptions
  • Technical limitations

Healink does not guarantee message delivery.

Healthcare Information

Text messages may contain healthcare-related information. SMS and text messaging may not be secure. By consenting to receive text messages, you acknowledge and accept the risks associated with electronic communications, including the possibility that unauthorized individuals may gain access to information transmitted through text messaging. If you are concerned about privacy, you should discuss alternative communication methods with your healthcare Provider.

Changes to Mobile Number

You agree to promptly notify your healthcare Provider if your mobile telephone number changes.

Disclaimer

SMS communications are provided "AS IS" and "AS AVAILABLE." Healink does not warrant delivery, accuracy, availability, timeliness, or error-free operation.

Limitation of Liability

To the maximum extent permitted by law, Healink shall not be liable for:

  • Delayed messages
  • Undelivered messages
  • Misdirected messages
  • Carrier failures
  • Service interruptions
  • Technical failures

Any liability arising from SMS communications shall remain subject to the limitations of liability contained in the applicable Terms of Service.

Modifications

Healink may modify these SMS Terms at any time. Updated versions shall become effective upon posting or other notice. Continued participation in SMS communications constitutes acceptance of the revised SMS Terms.

Contact Information

Healink, Inc.
Brooklyn, NY