This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information, including Protected Health Information (PHI), when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal Data and PHI to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy and, if applicable, a Business Associate Agreement (BAA).
Interpretation & Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.
Business Associate Agreement (BAA) means a contract between the Company and a covered entity (e.g., a dental practice) that governs the handling of Protected Health Information in compliance with HIPAA.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Xperience U, 1603 Haight Creek Drive, Kaysville, Utah 84037.
Cookies are small files placed on Your computer, mobile device, or any other device by a website, containing details of Your browsing history on that website among its many uses.
Country refers to: Utah, US
Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual, excluding Protected Health Information (PHI).
Protected Health Information (PHI) means individually identifiable health information, as defined by the Health Insurance Portability and Accountability Act (HIPAA), that is created, stored, transmitted, or received by the Service, such as patient names, contact details, or treatment information included in videos or tracking data.
Service refers to the plug-and-play video messaging system and library, including the Website, accessible from https://www.xperience-u.com/, designed for dental teams to create, send, and track personalized video messages to boost revenue, retention, and patient trust.
Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used, all in compliance with HIPAA when handling PHI.
Third-party Social Media Service refers to any website or social network website through which a User can log in or create an account to use the Service.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).
Website refers to Xperience U, accessible from https://www.xperience-u.com/.
You means the individual accessing or using the Service, or the company, or other legal entity (e.g., a dental practice) on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data and PHI
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Information about Your dental practice (e.g., practice name, size)

Protected Health Information (PHI)
If You are a covered entity (e.g., a dental practice), You may input or create PHI through the Service, such as patient names, contact details, appointment information, or treatment details included in videos or tracking analytics. PHI is handled in accordance with HIPAA and the BAA.
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. Usage Data may also include analytics related to video views or interactions, which may contain PHI and are protected accordingly.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.
Information from Third-Party Social Media Services
The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services:

Google
Facebook
Instagram
Twitter
LinkedIn

If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal Data that is already associated with Your Third-Party Social Media Service's account, such as Your name, Your email address, or Your activities associated with that account. Such data will not include PHI unless explicitly provided by You in accordance with HIPAA.
You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service's account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use and store it in a manner consistent with this Privacy Policy.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. All tracking involving PHI complies with HIPAA safeguards.
The technologies We use may include:

Cookies or Browser Cookies: A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless You have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (e.g., recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential CookiesType: Session CookiesAdministered by: UsPurpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering Your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter Your preferences every time You use the Website.

Tracking and Performance CookiesType: Persistent CookiesAdministered by: Third-PartiesPurpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify You as an individual visitor but will not include PHI unless explicitly provided. We may also use these Cookies to test new pages, features, or new functionality of the Website to see how our users react to them.


For more information about the cookies we use and Your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
Use of Your Personal Data and PHI
The Company may use Personal Data and PHI for the following purposes:

To provide and maintain our Service: Including to monitor the usage of our Service and ensure HIPAA-compliant handling of PHI in videos or analytics.
To manage Your Account: To manage Your registration as a user of the Service. The Personal Data and PHI You provide can give You access to different functionalities of the Service, such as video creation, sending, and tracking, available to You as a registered user.
For the performance of a contract: The development, compliance, and undertaking of the Subscription contract for the Service You have purchased or of any other contract with Us through the Service, including the BAA for PHI.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation. Communications containing PHI will comply with HIPAA.
To provide You with news, special offers, and general information: About other goods, services, and events which we offer that are similar to those that You have already purchased or enquired about, unless You have opted not to receive such information. Marketing communications will not include PHI without Your explicit consent and compliance with HIPAA’s authorization requirements.
To manage Your requests: To attend and manage Your requests to Us, including requests related to PHI access or deletion.
For business transfers: We may use Your information, including PHI, to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data or PHI held by Us about our Service users is among the assets transferred, subject to HIPAA-compliant safeguards.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and Your experience. Any use of PHI will comply with the BAA and HIPAA.

Retention of Your Personal Data and PHI
The Company will retain Your Personal Data and PHI only for as long as is necessary for the purposes set out in this Privacy Policy and the BAA. We will retain and use Your Personal Data and PHI to the extent necessary to comply with our legal obligations (e.g., HIPAA, state retention laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods. PHI within Usage Data (e.g., video view analytics) will be retained in accordance with HIPAA and the BAA.
Transfer of Your Personal Data and PHI
Your information, including Personal Data and PHI, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction.
Your consent to this Privacy Policy and, if applicable, the BAA, followed by Your submission of such information, represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your Personal Data and PHI are treated securely and in accordance with this Privacy Policy, the BAA, and HIPAA. No transfer of Your Personal Data or PHI will take place to an organization or a country unless there are adequate controls in place, including the security of Your data and other personal information, such as encryption and HIPAA-compliant agreements with Service Providers.
Delete Your Personal Data and PHI
You have the right to delete or request that We assist in deleting the Personal Data and PHI that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service, such as through account settings. For PHI, You may request deletion in accordance with HIPAA and the BAA.
You may update, amend, or delete Your information at any time by signing in to Your Account, if You have one, and visiting the account settings section that allows You to manage Your personal information. You may also contact Us to request access to, correct, or delete any Personal Data or PHI that You have provided to Us.
Please note, however, that We may need to retain certain information, including PHI, when we have a legal obligation or lawful basis to do so, such as compliance with HIPAA retention requirements or state healthcare laws.
Disclosure of Your Personal Data and PHI
Business Transactions
If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data and PHI may be transferred. We will provide notice before Your Personal Data or PHI is transferred and becomes subject to a different Privacy Policy. Any transfer of PHI will comply with HIPAA and the BAA.
Law Enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data or PHI if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). Disclosures of PHI will comply with HIPAA regulations.
Other Legal Requirements
The Company may disclose Your Personal Data or PHI in the good faith belief that such action is necessary to:

Comply with a legal obligation, including HIPAA
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Any disclosure of PHI will be made in accordance with HIPAA and the BAA.
Security of Your Personal Data and PHI
The security of Your Personal Data and PHI is important to Us. We implement administrative, physical, and technical safeguards to protect Your data, including:

Encryption: Electronic PHI (ePHI) is encrypted during transmission (e.g., via TLS/HTTPS) and at rest.
Access Controls: Role-based access and multi-factor authentication (MFA) limit access to authorized users only.
Audit Logging: We maintain logs of access to and actions involving PHI to ensure accountability.
Secure Infrastructure: Our servers and data storage comply with HIPAA requirements, such as using HIPAA-eligible cloud services.

While We strive to use commercially acceptable means to protect Your Personal Data and PHI, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but We are committed to maintaining HIPAA-compliant safeguards.
HIPAA Compliance
As a business associate under the Health Insurance Portability and Accountability Act (HIPAA), the Company is committed to protecting the privacy and security of PHI. Our HIPAA compliance measures include:

Business Associate Agreement (BAA): If You are a covered entity (e.g., a dental practice), You must execute a BAA with the Company before using the Service to create, store, or transmit PHI. The BAA outlines Our responsibilities to safeguard PHI and comply with HIPAA’s Privacy, Security, and Breach Notification Rules.
Safeguards for PHI: We implement administrative, physical, and technical safeguards, as described in the Security section above, to protect PHI in videos, analytics, and other Service features.
Use and Disclosure of PHI: We will only use or disclose PHI as permitted by the BAA, this Privacy Policy, or applicable law (e.g., for treatment, payment, or healthcare operations with Your consent). Use of PHI for marketing (e.g., patient testimonials) requires Your compliance with HIPAA’s patient authorization requirements.
Breach Notification: In the event of a breach of unsecured PHI, We will notify affected covered entities within 60 days, as required by HIPAA’s Breach Notification Rule, and cooperate in assessing and mitigating the breach.
Subcontractors: Any third-party Service Providers that handle PHI on Our behalf are bound by HIPAA-compliant agreements.
Your Responsibilities: You are responsible for ensuring that Your use of the Service complies with HIPAA, including obtaining patient authorizations for non-treatment-related uses of PHI, training Your staff on HIPAA-compliant use of the Service, and ensuring that any PHI entered into the Service is necessary and appropriate.

For questions about our HIPAA compliance or to request a BAA, please contact us at colt@xperience-u.com.
Detailed Information on the Processing of Your Personal Data and PHI
The Service Providers We use may have access to Your Personal Data and PHI. These third-party vendors collect, store, use, process, and transfer information about Your activity on Our Service in accordance with their Privacy Policies and, for PHI, in compliance with HIPAA and the BAA.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service. Any analytics involving PHI will be conducted in a HIPAA-compliant manner.

Google AnalyticsGoogle Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. Google may use the collected data to contextualize and personalize the ads of its own advertising network. PHI will not be shared with Google Analytics.You can opt-out of having made Your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout.For more information on the privacy practices of Google, please visit: https://policies.google.com/privacy

MatomoMatomo is a web analytics service. PHI will not be shared with Matomo.You can visit their Privacy Policy page here: https://matomo.org/privacy-policy


Email Marketing
We may use Your Personal Data to contact You with newsletters, marketing, or promotional materials and other information that may be of interest to You. PHI will not be used for marketing without Your explicit consent and compliance with HIPAA’s authorization requirements. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g., payment processors). Payment processors will not have access to PHI unless necessary for Service delivery and covered by the BAA.
We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover.

PayPalTheir Privacy Policy can be viewed at: https://www.paypal.com/webapps/mpp/ua/privacy-full

Authorize.netTheir Privacy Policy can be viewed at: https://www.authorize.net/company/privacy/


Behavioral Remarketing
The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You. Remarketing will not involve PHI unless explicitly authorized by You in compliance with HIPAA.
These third-party vendors collect, store, use, process, and transfer information about Your activity on Our Service in accordance with their Privacy Policies and to enable Us to:

Measure and analyze traffic and browsing activity on Our Service
Show advertisements for our products and/or services to You on third-party websites or apps
Measure and analyze the performance of Our advertising campaigns

Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:

The NAI's opt-out platform: http://www.networkadvertising.org/choices/
The EDAA's opt-out platform: http://www.youronlinechoices.com/
The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

You may opt-out of all personalized advertising by enabling privacy features on Your mobile device, such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.
The third-party vendors We use are:

Google Ads (AdWords)Google Ads (AdWords) remarketing service is provided by Google Inc. PHI will not be shared with Google Ads.You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting: http://www.google.com/settings/adsGoogle also recommends installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptoutFor more information: https://policies.google.com/privacy

FacebookFacebook remarketing service is provided by Facebook Inc. PHI will not be shared with Facebook.You can learn more about interest-based advertising from Facebook: https://www.facebook.com/help/516147308587266To opt-out from Facebook's interest-based ads: https://www.facebook.com/help/568137493302217For more information: https://www.facebook.com/privacy/explanation


Children's Policy
Our Service does not address anyone under the age of 13. We do not knowingly collect Personal Data or PHI from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data or PHI, please contact Us. If We become aware that We have collected Personal Data or PHI from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy and HIPAA compliance statements of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services, including their compliance with HIPAA.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective, and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy or our HIPAA compliance, You can contact us by email: colt@xperience-u.com