Privacy Policy

Last Updated: January 22, 2026

At Mala Group LLC ("Mala," "we," "us," or "our"), we are committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered dental support platform (the "Service").

This Privacy Policy applies to information we collect through our website, software applications, and services. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We collect several types of information from and about users of our Service, including:

1.1 Information You Provide Directly

Account Information: When you register for an account, we collect:

Name, email address, phone number
Practice name and business information
Billing and payment information (processed through third-party payment processors)
Professional credentials and license information

Communications Data: When you use our communication features, we collect:

SMS text messages sent and received through the Service
Email content and metadata
Call recordings and transcripts (with proper consent)
Chat messages and support tickets

Protected Health Information (PHI): As a Business Associate under HIPAA, we process PHI on your behalf, including:

Patient names, contact information, and demographic data
Appointment and scheduling information
Treatment-related communications and notes
Insurance and billing information
Any other PHI you choose to input into the Service

1.2 Information Collected Automatically

Usage Information: We automatically collect information about how you use the Service:

Log data (IP address, browser type, operating system, device information)
Pages viewed, features used, and actions taken
Date and time stamps of activities
Referring and exit pages
Clickstream data

Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to:

Maintain your session and remember your preferences
Analyze usage patterns and improve the Service
Provide personalized content and features
Measure the effectiveness of our marketing campaigns

1.3 Information from Third Parties

We may receive information from third-party sources, including:

Practice Management Systems (PMS) that integrate with our Service
Analytics providers and marketing partners
Public databases and social media platforms
Business partners and affiliates

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

Process and manage your account and subscription
Provide customer support and respond to inquiries
Facilitate patient communications via SMS, email, and calls
Enable scheduling and PMS integrations
Process payments and manage billing
Monitor and ensure the security of the Service

2.2 To Improve and Develop the Service

Analyze usage patterns and user behavior
Develop new features and functionality
Train and improve our AI models (using de-identified or aggregated data)
Conduct research and testing
Troubleshoot technical issues

2.3 To Communicate with You

Send service-related notifications and updates
Provide account and billing information
Respond to your requests and inquiries
Send marketing communications (with your consent)
Conduct surveys and request feedback

2.4 For Legal and Security Purposes

Comply with legal obligations and regulatory requirements
Enforce our Terms of Service
Protect against fraud, abuse, and security threats
Respond to legal requests and prevent harm

3. SMS and Email Communications

3.1 SMS Text Messaging

When you use our SMS features to communicate with patients:

Consent: You are responsible for obtaining proper consent from patients before sending them text messages.
Message Content: We store message content to provide the Service and for record-keeping purposes.
Opt-Out: Recipients can opt out of messages at any time. We process opt-out requests automatically.
Third-Party Providers: We use third-party SMS gateway providers to deliver messages. These providers have access to phone numbers and message content.
Compliance: We comply with TCPA regulations and carrier guidelines.

3.2 Email Communications

When you use our email features:

Email Content: We process and store email content to provide the Service.
Marketing Emails: You may receive promotional emails from us. You can opt out using the unsubscribe link in any marketing email.
Transactional Emails: We send transactional emails related to your account and use of the Service. You cannot opt out of these service-related emails.
CAN-SPAM Compliance: We comply with the CAN-SPAM Act and include proper sender identification and opt-out mechanisms.

4. HIPAA Compliance and PHI

4.1 Business Associate Relationship

We act as a "Business Associate" under the Health Insurance Portability and Accountability Act (HIPAA). We enter into a Business Associate Agreement (BAA) with each customer, which governs our handling of Protected Health Information (PHI).

4.2 Use and Disclosure of PHI

We use and disclose PHI only as permitted by the BAA and HIPAA regulations:

To provide the Service on your behalf
For proper management and administration of our business
To comply with legal obligations
As otherwise authorized by you or required by law

4.3 PHI Safeguards

We implement appropriate administrative, physical, and technical safeguards to protect PHI, including:

Encryption of data in transit and at rest
Access controls and authentication measures
Regular security audits and risk assessments
Employee training on HIPAA compliance
Incident response and breach notification procedures

5. How We Share Your Information

We do not sell your personal information or PHI. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Cloud hosting and infrastructure providers
SMS and email delivery services
Payment processors
Analytics and monitoring tools
Customer support platforms

These service providers are bound by contractual obligations to keep information confidential and use it only for the purposes we specify. Where applicable, we enter into BAAs with service providers who handle PHI.

5.2 Practice Management Systems

With your authorization, we integrate with and share data with your chosen PMS to provide scheduling and patient management functionality.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

5.4 Legal Requirements

We may disclose information if required to do so by law or in response to:

Court orders, subpoenas, or other legal processes
Requests from government authorities
Circumstances where disclosure is necessary to protect our rights, property, or safety, or that of our users or the public

5.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Type of Data	Retention Period
Account Information	Duration of account plus 7 years
PHI and Patient Communications	As required by HIPAA and state law (typically 6-7 years after last activity)
Billing and Payment Records	7 years from date of transaction
Usage and Log Data	90 days to 2 years depending on type
Marketing Communications	Until you opt out or close your account

After the retention period expires, we securely delete or anonymize your information. In some cases, we may retain aggregated or de-identified data indefinitely for analytical purposes.

7. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

Encryption: Data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption
Access Controls: Role-based access controls and multi-factor authentication
Network Security: Firewalls, intrusion detection systems, and regular security monitoring
Secure Development: Security testing and code reviews
Employee Training: Regular security and privacy training for all employees
Incident Response: Documented procedures for responding to security incidents
Third-Party Audits: Regular security audits and penetration testing

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to access and update your account information at any time through your account settings or by contacting us.

8.2 Data Portability

You can export your data from the Service at any time. We provide tools to download your information in common formats.

8.3 Deletion

You can request deletion of your account and associated data by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

8.4 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or adjusting your account settings. You cannot opt out of transactional or service-related communications.

8.5 Cookies and Tracking

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of the Service.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request information about the personal information we collect, use, and disclose about you.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out

You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

9.5 Exercising Your Rights

To exercise your California privacy rights, contact us at hellomalagroup@gmail.com. We will verify your identity before processing your request.

10. International Data Transfers

The Service is operated from the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

We implement appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.

Note: We may process PHI related to minor patients as part of providing services to dental practices, but this is done on behalf of the practice as a Business Associate under HIPAA.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Do Not Track Signals

Some browsers support "Do Not Track" signals. Currently, our Service does not respond to Do Not Track signals.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated Privacy Policy on our website
Updating the "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Mala Group LLC
Privacy Officer
1 West St, New York, NY 10004
Email: hellomalagroup@gmail.com

16. Your Consent

By using the Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

This Privacy Policy is effective as of the Last Updated date above. We are committed to protecting your privacy and handling your information with care and transparency.