Privacy Policy

Heavyclick is a dental web studio and patient acquisition agency. We build patient acquisition systems, websites, and digital marketing infrastructure for dental practices in the United States. Our registered contact email is info@heavyclicks.space and our website is heavyclicks.space.

For the purposes of data protection law, Heavyclick acts as a data processor with respect to patient data provided by our Clients (dental practices), and as a data controller with respect to information collected directly from website visitors and prospects.

We collect information in the following ways:

Information you provide directly:

• Name, email address, and practice name when you complete the Chairfill Zone Assessment or submit a contact form
• Practice details (address, phone, doctor name, business hours) submitted via the onboarding intake form
• Electronic signature details (name, timestamp) when you accept a service agreement
• Payment information — collected and processed by Flutterwave; we do not store card details

Information collected automatically:

• IP address and approximate location at the time of form submission or agreement signing
• Browser type, device type, and operating system (via standard web server logs)
• Pages visited, time on site, and referral source (via analytics tools)

Patient data provided by Clients:

• Patient name, mobile phone number, and email address — provided by dental practice Clients for the purpose of sending automated review requests via SMS
• This data is processed strictly as a service to our Clients and only for the stated purpose

We use collected information to:

• Deliver the services described in the signed service agreement
• Send your Chairfill Zone diagnosis and any follow-up educational communications you consented to by completing the assessment
• Process payments via Flutterwave
• Communicate with you regarding your project, deliverables, and account
• Record and enforce signed service agreements
• Improve our services, website, and onboarding processes
• Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We do not use your information to run paid advertising campaigns targeting you or your staff on any platform.

Heavyclick executes a Business Associate Agreement (BAA) with each Client prior to receiving any patient data. The BAA governs our obligations as a business associate under HIPAA and HITECH.

What we receive: Patient name, mobile phone number, and email address only. We do not receive, request, or store Protected Health Information (PHI) such as diagnoses, treatment history, insurance information, or appointment details.

How it is used: Patient contact information is imported into our review automation system solely to send a single SMS review request following an appointment, as directed by the Client.

Security: All patient data is encrypted in transit and at rest. Access is restricted to authorised Heavyclick personnel directly involved in service delivery.

Deletion: Patient data is securely deleted from Heavyclick systems within 90 days of the conclusion of the Client engagement, or upon written request by the Client — whichever is earlier.

Patients who receive SMS review requests may reply STOP at any time to opt out of further messages. Opt-out requests are processed within 24 hours.

We use the following third-party services to deliver our work. Each has its own privacy policy and data practices:

We only share data with third parties to the extent necessary to deliver the agreed services. We do not authorise any third-party service to use your data for their own marketing purposes.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

• Prospect and lead data (quiz completions, contact forms): retained for up to 24 months from collection, or until you request deletion
• Client account and agreement data: retained for 7 years from the end of the engagement for legal and accounting purposes
• Patient data: deleted within 90 days of engagement conclusion or upon Client request
• Payment records: retained as required by applicable tax and financial regulations

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Objection: Object to our use of your data for marketing or communications purposes
• Portability: Request your data in a machine-readable format
• Opt-out of communications: Unsubscribe from emails at any time by replying "unsubscribe" to any email from us, or by emailing info@heavyclicks.space

To exercise any of these rights, email info@heavyclicks.space with your request. We will respond within 10 business days.

heavyclicks.space uses cookies and similar tracking technologies for the following purposes:

• Essential cookies: Required for the website to function (session management, form state)
• Analytics cookies: Used to understand how visitors interact with our website (page views, session duration, referral source) — anonymised and aggregated

We do not use advertising cookies or retargeting pixels. We do not track visitors across other websites.

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

Heavyclick implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encryption in transit (HTTPS/TLS) for all data transmitted to and from our website and services
• Encryption at rest for all stored personal data and patient contact information
• Access controls limiting data access to authorised personnel on a need-to-know basis
• Regular review of security practices and third-party service configurations

No transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach.

Our services are directed exclusively at dental practice owners and business professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active Clients via email. Your continued use of our website or services after any changes constitutes acceptance of the updated Policy.

For privacy-related questions, data requests, or to report a concern:

We aim to respond to all privacy inquiries within 2 business days.