How we handle information.

Effective May 20, 2026 Last updated May 20, 2026 Operator · Karam Alfaisal, Philadelphia, PA

This Privacy Policy describes how DAI (Dental Avoidance Intelligence), operated by Karam Alfaisal as a sole proprietorship, handles information collected through this website and through engagements with participating dental practices. It is written to be read by a real person, not only by lawyers, but it is the binding policy for use of this site.

01Who this policy applies to

This policy applies to (a) visitors to dentalavoidance.com, and (b) dental practices that engage DAI as a Business Associate under HIPAA. Information from each group is handled differently and is described separately below.

02Information collected from visitors to this site

The dentalavoidance.com website is intentionally minimal. We do not use marketing trackers, advertising cookies, or third-party analytics that build behavioral profiles. Standard web server logs may record information such as IP address, browser type, and pages requested, retained only as long as necessary for security and troubleshooting.

If you choose to email DAI, we will receive the content of your message and the email address you sent it from. We use that information only to respond to you and to follow up on the conversation you initiated.

03Information received from dental practices (PHI)

When DAI engages with a dental practice, the practice may share patient records with us under a Business Associate Agreement. Information in those records is treated as Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA") and its implementing regulations.

Before any external processing, direct patient identifiers — name, date of birth, address, phone, email, and account or medical record number — are replaced with coded identifiers. The re-identification key is kept locally by the operator and is not transmitted to any third party. PHI is used only to perform the services described in the Business Associate Agreement with the practice that provided it.

04How information is protected

Full-disk encryption on the operating device.
Single-operator access with strong authentication and screen auto-lock.
TLS 1.2 or higher for all transmissions of practice information.
Zero-retention API endpoints are used where supported by the underlying provider.
No sharing of PHI with parties not covered by a Business Associate Agreement.

05Subcontractors and service providers

Where DAI relies on third-party providers (for example, a language model API used in processing) and the engagement involves PHI, a Business Associate Agreement is in place with that provider before any PHI is transmitted. DAI does not share PHI with any third party that has not executed an appropriate agreement.

06Retention and deletion

Visitor email correspondence is retained for as long as needed to maintain a continuing conversation, and is deleted on request. Patient information received under an engagement is governed by the Business Associate Agreement with the originating practice; DAI's standard commitment is return or secure destruction within sixty (60) days of the engagement ending.

07Your rights

If you are a visitor to this site and have sent email to DAI, you may request access to the email correspondence we hold from you, correction of any inaccuracies, or deletion. If you are a patient of a participating dental practice, your rights with respect to your information run through that practice — please contact the practice directly, and DAI will support the practice in responding.

08Changes to this policy

If this policy is updated, the effective date above will change and a brief summary of the change will be noted at the top of this page for at least thirty days.

09Contact

Questions about this policy, or about how DAI handles information in a specific case, can be sent to karam@dentalavoidance.com. Postal mail can be addressed to Karam Alfaisal, Philadelphia, PA.