MouthMatch Privacy Policy
Effective date: 2026-06-21
Last updated: 2026-06-21
1. Introduction & Scope
This Privacy Policy explains how Martello Systems LLC ("Martello Systems," "we," "us," or "our") collects, uses, shares, and protects personal information when you use MouthMatch at mouthmatch.app and related applications and services (the "Service"). It applies to information we process about visitors, patients who submit match requests, and dental providers who claim listings or hold accounts.
MouthMatch is an informational directory and matching service — not a dental or medical provider. A listing does not imply we are affiliated with, endorse, or have verified any provider. This Policy describes how we handle personal information; it does not replace any provider's own privacy practices, which govern your direct interactions with that provider.
By using the Service, you agree to the practices described in this Policy. This Policy is incorporated into and subject to our Terms of Service. If you do not agree, please do not use the Service.
2. Information We Collect
- Patient match-request information. When you submit a free "get matched" request, we collect the information you provide — typically your name, email address, phone number, the city or service you are interested in, and any message or details you include.
- Provider account & listing information. When a provider claims a listing or creates an account, we collect business and professional details such as practice name, contact name, email, phone, website, address, services offered, pricing, hours, credentials, validators, awards, and any reviews the provider supplies.
- Public-registry data. We display provider information derived from the public NPPES / NPI Registry (such as name, NPI, taxonomy/specialty, and practice location). This is public data, not information you provide to us.
- Account & authentication data. Sign-in is handled by MartelloAuth; we and MartelloAuth collect your email, a hashed password (we never store passwords in plaintext), and authentication metadata.
- Payment information (providers, via Stripe). Subscription payments are processed by Stripe, Inc. We do not collect or store your full payment card numbers. We receive limited information such as a transaction or customer identifier, the last four digits and card brand, and subscription status.
- Usage, device, and log data. We automatically collect information such as IP address, browser and device type, pages and features used, referring URLs, timestamps, and diagnostic/log data.
- Cookies and analytics. We and our providers use cookies and similar technologies as described in Section 6.
- Communications. If you contact us (for example, at support@mouthmatch.app), we collect the content of your messages and our correspondence.
We do not intentionally collect special or sensitive categories of personal information, and we ask that you not submit them. Please do not include detailed health, diagnosis, or treatment information in a match request — describe only what is needed to be connected with a relevant provider.
3. How We Use Information
We use personal information to: operate and maintain the Service; display and organize provider listings; process patient match requests and connect patients with relevant providers; let providers claim, build, and manage their listings; generate the structured-data, `llms.txt`, and AEO assets providers subscribe to; process provider subscriptions, billing, and payments through Stripe; authenticate accounts through MartelloAuth; send transactional and service communications; provide customer support; monitor, secure, debug, and improve the Service; detect and prevent fraud, abuse, and security issues; and comply with legal obligations and enforce our agreements. We do not sell your personal information.
4. Legal Bases for Processing (EEA/UK)
Where the GDPR or UK GDPR applies, we process personal information on the bases of: performance of a contract (to provide the Service and process subscriptions); legitimate interests (to operate, secure, improve, and analyze the Service and prevent fraud, balanced against your rights); consent (for optional communications and certain cookies, which you may withdraw at any time); and legal obligation (to comply with applicable laws, including tax and recordkeeping requirements). The Service is primarily intended for U.S. users.
5. How We Share Information
We share personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- With providers, to fulfill match requests. When you submit a match request, we share the contact details and information you provide with the relevant dental provider(s) so they can follow up with you. Once a provider receives your information, that provider's own privacy practices apply to its handling of it.
- Service providers (processors). Stripe, Inc. (payment processing and subscription billing); MartelloAuth (account authentication); and our hosting, database (Neon / PostgreSQL), and infrastructure providers that operate the Service.
- Analytics. Where enabled, Google Analytics to measure traffic and feature usage in aggregate.
- Public sources. Provider directory information derived from the public NPPES / NPI Registry is, by nature, already public.
- Legal and safety. We may disclose information if required by law or legal process, or to protect the rights, property, or safety of Martello Systems, our users, or others, or to enforce our Terms.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
- With your direction. We share information when you ask us to or otherwise consent.
6. Cookies & Analytics
We use cookies and similar technologies to remember your preferences (such as light/dark theme), keep providers signed in, secure the Service, and understand how the Service is used. Where enabled, we use Google Analytics to measure traffic and feature usage in aggregate. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we will request your consent for non-essential cookies.
7. Data Retention
We retain personal information for as long as needed to provide the Service and for a reasonable period afterward to comply with legal, tax, accounting, and recordkeeping obligations, resolve disputes, and enforce our agreements. Patient match-request details are retained as needed to process and route the request and for a reasonable attribution and support window, after which we delete or anonymize them. Provider account and listing data is retained while the account/listing is active and for a reasonable period afterward. When information is no longer needed, we delete or anonymize it. You may request deletion as described in Section 9; certain records (such as billing records) may be retained where required by law.
8. Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, hashed passwords, access controls, and reputable infrastructure and payment providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Providers are responsible for keeping account credentials confidential. If we become aware of a breach affecting your personal information, we will notify you and authorities as required by law.
9. Your Privacy Rights
Depending on where you live, you may have rights to: access a copy of the personal information we hold; correct inaccurate information; delete your personal information; port/export your data; object to or restrict certain processing; withdraw consent where processing is based on consent; and non-discrimination for exercising your rights.
California residents (CCPA/CPRA). You have rights to know, access, correct, and delete personal information, and to opt out of any "sale" or "sharing" — note that we do not sell or share personal information as those terms are defined.
EEA/UK residents (GDPR/UK GDPR). You have the rights listed above and the right to lodge a complaint with your local data protection authority.
To exercise any right, email support@mouthmatch.app. We will verify your request and respond within the timeframes required by applicable law. If you are a patient and want us to stop sharing a pending match request, contact us promptly — once your details have been delivered to a provider, that provider controls its copy.
10. Children's Privacy
The Service is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us information, contact support@mouthmatch.app.
11. International Users
We operate in the United States, and the Service is intended primarily for U.S. users. If you access the Service from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country. By using the Service, you consent to this transfer and processing, subject to this Policy and applicable law.
12. Third-Party Providers & Links
A listing may include a provider's own website, phone number, or contact details. When you contact a provider or visit a provider's website, you leave MouthMatch, and that provider's or website's own privacy practices apply. We are not responsible for the privacy practices of any provider or third-party website.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
14. Contact
If you have questions or requests regarding this Privacy Policy or your personal information, contact Martello Systems LLC — MouthMatch, at support@mouthmatch.app (mouthmatch.app).