Privacy Policy

Effective Date: 2026  |   Last Updated: March 2026  |   Version: 2.0   |   Your Rights  ·  Do Not Sell My Information

1. Who We Are

Mi Smile Family Dental ("we," "our," or "us") is a dental practice located in Houston, TX. We operate the website at mismile.dental (the "Site"). As a dental healthcare provider, we are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and subject to the Texas Data Privacy and Security Act (TDPSA, effective July 1, 2024). We also recognize the rights of California residents under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Our Privacy Officer can be reached at privacy@mismile.dental or by calling 832-779-5522.

2. Information We Collect

2.1 Information You Provide Directly

• Appointment requests: When you email us at info@mismile.dental, you may share your name, phone number, email address, and the reason for your inquiry.
• Communications: Any information you share when contacting us by phone, email, or in person.

2.2 Information Collected Automatically

When you visit our Site, we automatically collect:

• Usage data: Pages visited, time on site, referring website, and links clicked — collected via Google Analytics 4 (GA4)
• Device & browser information: Browser type, operating system, screen resolution, language preference, and device type
• Approximate location: City and region derived from your IP address (not precise coordinates) — collected by GA4
• Cookies: Small text files stored on your device — see Section 4 for full details

2.3 Precise Location Data (With Your Explicit Consent Only)

If you grant permission through your browser's location prompt, we collect your precise geographic coordinates (latitude and longitude) solely to determine whether you are located within approximately 5 miles of our clinic. This data is described in full in Section 5. We never collect this data without your affirmative consent.

2.4 Device Characteristics (With Your Explicit Consent Only)

With your consent, we may collect non-identifying device characteristics including screen dimensions, browser type, operating system, color depth, language setting, and timezone. We use this information in aggregate to understand what devices our local patients use so we can optimize our website accordingly. We do not use this to identify you as an individual.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to appointment inquiries sent to info@mismile.dental
• Improving our website — understanding which pages are most helpful and how visitors navigate the site
• Understanding our local patient area — determining what percentage of website visitors are located near our Houston clinic (using only consented, precise location data)
• Analytics and measurement — measuring the effectiveness of our website through GA4 (aggregate, anonymized data only)
• Legal compliance — fulfilling our obligations under HIPAA, TDPSA, and other applicable laws
• Security — detecting and preventing fraudulent or harmful activity on our Site

We do not use your information for automated decision-making that produces legal or similarly significant effects, nor do we sell your personal information to third parties.

4. Cookies & Tracking Technologies TDPSA CCPA

4.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They allow the site to remember your preferences and measure how the site is used.

4.2 Cookies We Use

• Strictly necessary cookies: Required for the Site to function. These cannot be disabled. They include session cookies that expire when you close your browser.
• Analytics cookies (with consent): Google Analytics 4 places cookies (_ga, _ga_XXXXXXXXXX) that collect anonymized data about how visitors use our Site — pages viewed, session duration, and approximate location (city level only, from IP address). We anonymize IP addresses by default and do not pass precise location data to GA4.
• Functional cookies (with consent): We store your cookie consent preference so we do not ask you again on future visits.

We do not use advertising cookies, retargeting pixels, Facebook Pixel, or any third-party marketing trackers.

4.3 Managing Cookies

You can manage or withdraw your cookie consent at any time by clicking the "Cookie Preferences" link in our website footer. You may also configure your browser to refuse cookies — however, some features of the Site may not function correctly. Most browsers allow you to manage cookies through their settings (typically under Privacy or Security).

4.4 Google Analytics 4 and HIPAA

In accordance with the March 2024 U.S. Department of Health and Human Services (HHS) guidance on online tracking technologies, we have configured our analytics to ensure that no Protected Health Information (PHI) is transmitted to Google Analytics. Specifically:

• GA4 IP anonymization is enabled by default
• We do not pass any form field data, appointment details, or health-related information to GA4
• GA4 is not used on any page that displays patient account information
• We do not use GA4 data for targeted advertising purposes

5. Precise Location Data TDPSA Sensitive CCPA Sensitive

5.1 Why We Collect It

Mi Smile Family Dental serves the local Houston community within approximately a 5-mile radius of our clinic at 11834 Airline Drive. We collect precise location data solely to understand what proportion of our website visitors are located near our clinic. This helps us ensure our website content, hours, and services are relevant to our local patient base.

5.2 How We Collect It

Only after you have (a) accepted our cookie consent banner AND (b) separately granted location permission through your browser's own permission dialog does your browser share coordinates with our Site. We use the browser's Geolocation API — we do not infer location from your IP address for this purpose.

5.3 What We Do With It

• We calculate the distance in miles between your location and our clinic
• We record whether you are within 5 miles (true/false) — we do not store your raw coordinates in GA4
• Your precise coordinates (latitude/longitude) are stored only in our own secure Google Cloud Storage bucket within our GCP project in Houston, not shared with any third party
• We send only the result (local: yes/no and approximate distance) to GA4 as an anonymized aggregate signal

5.4 Retention of Location Data

Precise location records are retained for no more than 90 days, after which they are automatically deleted from our storage systems.

5.5 Your Rights Regarding Location Data

You may withdraw location consent at any time by adjusting your browser's site permissions (typically under Site Settings or Privacy in your browser menu). You may also submit a deletion request at privacy@mismile.dental and we will delete any stored location records associated with your session within 10 business days.

6. HIPAA — Healthcare Privacy Notice HIPAA

Mi Smile Family Dental is a dental practice and a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act. This section serves as our Notice of Privacy Practices for Protected Health Information (PHI).

6.1 What Is PHI

Protected Health Information (PHI) includes any information we create or receive that relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or payment for that care — when combined with information that could identify you.

6.2 How We Use and Disclose PHI

We may use and disclose your PHI for the following purposes without your separate authorization:

• Treatment: To provide, coordinate, or manage your dental care
• Payment: To bill and collect payment for services rendered, including communications with your insurance carrier
• Healthcare operations: Quality assessment, training, accreditation, and administrative functions
• As required by law: Public health activities, law enforcement, and legal proceedings as required by applicable law

All other uses and disclosures of your PHI require your written authorization, which you may revoke at any time.

6.3 Your HIPAA Rights

• Right to access: Request a copy of your dental records and PHI
• Right to amend: Request corrections to your health information
• Right to an accounting of disclosures: Request a list of disclosures we have made of your PHI
• Right to request restrictions: Ask us to limit how we use or share your PHI
• Right to confidential communications: Request we contact you in a specific way or at a specific location
• Right to a paper copy: Receive a paper copy of this Notice upon request

6.4 Our Duties

We are required by law to maintain the privacy of your PHI, to provide you with this Notice, and to follow the terms of this Notice. We will notify you if there is a breach of your unsecured PHI. We may change the terms of this Notice at any time and the new terms will apply to all PHI we maintain.

6.5 Complaints

If you believe we have violated your HIPAA privacy rights, you may file a complaint with us at privacy@mismile.dental or with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.

7. Texas Resident Rights TDPSA — Effective July 1, 2024

Under the Texas Data Privacy and Security Act (Texas Business & Commerce Code, Chapter 541), Texas residents have the following rights regarding their personal data:

Sensitive Data — Explicit Consent Required

Under TDPSA, precise geolocation data (defined as any area smaller than 1 square mile) is classified as sensitive data. We obtain your explicit consent through a separate browser permission prompt before collecting any precise location data. You may withdraw this consent at any time through your browser's site settings.

How to Submit a Texas Rights Request

Email us at privacy@mismile.dental with the subject line "Texas Privacy Request." We will respond without undue delay, and within 45 days of receipt. We may extend this deadline by an additional 45 days where reasonably necessary, with notice to you.

If we deny your request, you may appeal by emailing us within 30 days of our denial. If your appeal is denied, you may submit a complaint to the Texas Attorney General at texasattorneygeneral.gov.

8. California Resident Rights CCPA/CPRA — Effective Jan 1, 2023

Under the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.), as amended by the California Privacy Rights Act, California residents have the following rights. These rights apply regardless of where our business is physically located.

Categories of Personal Information Collected (Last 12 Months)

• Identifiers: IP address (anonymized), browser cookie identifiers — collected automatically via GA4
• Internet or network activity: Pages visited, session duration, referring site — collected via GA4
• Geolocation data: City/region from IP address (GA4) and precise coordinates (only with your explicit consent, stored in our own systems)
• Device characteristics: Browser type, OS, screen size — collected with consent for local visitor analysis
• Communications: Name, phone, email shared when you contact us via email to arrange an appointment

We Do Not Sell or Share Your Personal Information

Mi Smile Family Dental does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. For more information, see our Do Not Sell or Share My Personal Information page.

How to Submit a California Rights Request

Email privacy@mismile.dental with the subject line "California Privacy Request." We will acknowledge within 10 days and respond within 45 days. We may extend to 90 days total where necessary, with notice. You may designate an authorized agent to make a request on your behalf.

Complaints may also be submitted to the California Privacy Protection Agency at cppa.ca.gov.

9. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

• Google Analytics 4: Anonymized, aggregate website usage data (no PHI, no precise location coordinates)
• Google Workspace: Appointment request emails sent to info@mismile.dental are received and stored in our Google Workspace account, governed by Google's Business Agreement and our BAA with Google where applicable
• Google Cloud Storage: Consented precise location data is stored in our own GCS bucket within our dedicated GCP project — not shared with Google for advertising purposes
• Legal requirements: We may disclose information if required by law, court order, or to protect our legal rights
• Business transfers: If our practice is acquired or merged, your information may be transferred as part of that transaction, subject to the same privacy commitments

10. Data Retention

• GA4 analytics data: 14 months (maximum allowed under our GA4 settings)
• BigQuery analytics export: 2 years, then automatically deleted
• Precise location data (GCS): 90 days, then automatically deleted
• Email communications: Retained in Google Workspace for 3 years for business continuity
• Cookie consent records: 13 months from date of consent
• Dental/medical records (PHI): Minimum 10 years from the date of service, or 3 years after a minor patient turns 18 — whichever is longer — per Texas Health & Safety Code §241.103

11. Security

We implement reasonable technical, administrative, and physical safeguards to protect your personal information, including:

• HTTPS encryption for all data transmitted between your browser and our Site
• Google Cloud Storage with uniform bucket-level access control for location data
• Google Workspace with two-factor authentication enabled for staff accounts
• Regular review of third-party services and data processing agreements
• Access to personal data limited to staff members who need it to perform their duties

No method of transmission over the Internet is 100% secure. If you believe your information has been compromised, please contact us immediately at privacy@mismile.dental.

12. Children's Privacy (COPPA)

Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@mismile.dental and we will promptly delete it.

Under TDPSA, we require verifiable parental or guardian consent before processing personal data of any individual under the age of 13.

13. Global Privacy Control (GPC) Required Jan 1, 2025

We honor the Global Privacy Control (GPC) signal. If your browser or browser extension sends a GPC signal when you visit our Site, we treat this as a valid opt-out request for the sale and sharing of your personal data and for targeted advertising, as required by the Texas Data Privacy and Security Act (effective January 1, 2025) and the California Consumer Privacy Act.

When we detect a GPC signal, analytics cookies and any non-essential tracking scripts are suppressed for your session. You can enable GPC in privacy-focused browsers (such as Firefox, Brave, or DuckDuckGo) or via browser extensions. Learn more at globalprivacycontrol.org.

14. Changes to This Policy

We review and update this Privacy Policy at least once every 12 months, or when there is a material change in our data practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically. Continued use of our Site after changes are posted constitutes acceptance of the updated Policy.

15. How to Contact Us