Privacy Policy

Effective date: April 3, 2026

This Privacy Policy describes how D3 (“we,” “us,” or “our”) collects, uses, and discloses information when you use our website, application, and related services (collectively, the “Service”). By accessing or using the Service, you agree to this Privacy Policy.

1. Information We Collect

Account Information. When you create an account, we collect your email address, practice name, and self-reported practice profile (specialty, services offered, payer mix, and billing status).

Usage Data. We automatically collect information about how you interact with the Service, including pages visited, features used, and session duration.

Conversation Data. Questions submitted through Ask D3 and AI-generated responses are stored to provide and improve the Service.

Payment Information. Payment credentials are collected and processed exclusively by Stripe, Inc. We do not store credit card numbers or banking details on our servers.

2. Information We Do Not Collect

• We do not collect, store, or process protected health information (PHI), patient data, or medical records.
• We do not access or integrate with electronic health record (EHR) or practice management systems.
• We do not use advertising cookies or sell data to third-party advertisers.

3. How We Use Your Information

• To provide, maintain, and improve the Service, including personalized billing analysis and AI-powered responses.
• To communicate with you about your account, including transactional emails, billing alerts, and service updates.
• To monitor and analyze usage trends and improve user experience.
• To detect, prevent, and address fraud, abuse, or technical issues.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only with the following categories of service providers, solely to operate the Service:

• Supabase, Inc. — Database hosting and authentication (data encrypted at rest and in transit).
• Stripe, Inc. — Payment processing (PCI-DSS Level 1 compliant).
• Anthropic, PBC — AI model provider for Ask D3 responses.
• Resend, Inc. — Transactional email delivery.
• Vercel, Inc. — Application hosting and content delivery.

We may also disclose information if required by law, regulation, legal process, or governmental request.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your information for as long as your account is active or as needed to provide the Service. You may delete your account and all associated data at any time from Dashboard → Account. You may also request deletion by emailing support@d3rx.com. We will process deletion requests within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@d3rx.com.

8. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy, contact us at support@d3rx.com.