Molaris (“we,” “us”) provides AI-assisted dental documentation to dental practices. This policy explains what we collect, why, and how it’s protected. The short version: your patients’ data belongs to your practice, we never sell it, and we never use it to train AI models.
We do not train AI on your data. Your recordings, transcripts, notes, and patient information are used only to produce your documents. They are never used to train or improve any AI model, ours or a provider’s, and are never sold or used for advertising. Our agreements with our AI processors prohibit training on your content.
We do not sell personal or patient information, and we do not use your patients’ health information to advertise to anyone.
If your dental office sends you intake forms or visit updates by text through Molaris, your mobile number is used only for that purpose. Mobile phone numbers and text-message opt-in consent are never shared with, or sold to, third parties or affiliates for marketing or promotional purposes. Message frequency varies and is low, typically one to three messages around a visit. Message and data rates may apply. Reply STOP to any message to opt out, or HELP for help.
Transcription and drafting are performed by third-party AI providers acting as our processors. Your content is sent for processing only; under our agreements it is not used to train their models. Every AI-generated draft requires review and explicit approval by a licensed provider before it is saved to a chart, Molaris never finalizes a clinical record on its own.
We use a small set of vendors to run the service. Each is bound by a data-protection agreement, and, where they handle PHI, a HIPAA Business Associate Agreement.
| Subprocessor | Purpose |
|---|---|
| OpenAI | Speech-to-text transcription of appointment audio |
| Anthropic | Drafting clinical notes, letters, and summaries |
| Supabase | Encrypted database & file storage (US region) |
| Stripe | Subscription billing (PCI-DSS compliant; no card data reaches us) |
| Resend | Transactional email (account & referral delivery) |
| Twilio | Text-message (SMS) delivery of form links and visit updates |
| Vercel | Application hosting |
We’ll keep this list current and give notice before adding a subprocessor that materially changes how PHI is handled.
When Molaris handles PHI on behalf of a practice, it does so as a business associate. Founder-led onboarding provides one electronic packet containing the Order Form, Software Subscription Agreement, and BAA. Production access remains inactive until both parties sign. Do not submit PHI before the packet is fully executed. Before an in-scope subprocessor receives PHI, the contract required by HIPAA must be in place.
No system is perfectly secure, but we hold ourselves to the standard a dental practice needs from a HIPAA business associate.
If we discover a breach of unsecured PHI, we will notify the affected practice without unreasonable delay and within the period stated in the executed BAA, with the information reasonably available about what happened and the response underway.
Your practice’s records are retained while your account is active. You can delete individual records in the app at any time. On account termination you may export your data for 30 days, after which we delete it from our systems, subject to legal record-keeping obligations that apply to your practice. Backups are purged on a rolling schedule.
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to opt out of sale (we never sell it). Practices can exercise most of these directly in the app; for anything else, email hello@getmolaris.com and we’ll respond within the time your law requires. We won’t discriminate against you for exercising these rights. Patient rights over their own PHI are handled by the treating practice (the data controller) under its own notice of privacy practices.
Molaris is a tool for dental professionals and is not directed to children. Where a practice documents care for a minor patient, that PHI is handled under the practice’s BAA and the consent the practice obtains from a parent or guardian, the same as any other patient record.
We use only essential cookies needed to keep you signed in and the service secure. We do not use advertising trackers. Any product analytics we use are privacy-preserving and never include patient health information.
Your practice’s data is stored and processed in the United States.
We may update this policy from time to time. We’ll post the new version here with an updated date and, for material changes affecting how PHI is handled, give reasonable advance notice.
Questions, or to exercise a privacy right: hello@getmolaris.com.