Effective Date: May 27, 2026

SmileVerse Dental Clinic (“SmileVerse,” “we,” “us,” or “our”) is a privately owned family dental practice located in Friendswood, Texas. We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy describes how we collect, use, and protect information when you visit our website at https://www.smileverseclinic.com (the “Website”), contact us online, or schedule appointments.

This Privacy Policy covers non-clinical, website-based data collection. Your Protected Health Information (PHI) as a dental patient is governed separately by our HIPAA Notice of Privacy Practices (“NPP”), which is included as Part Two of this document and available at smileverseclinic.com/hipaa-notice.

1. HIPAA — Your Health Information is Protected

SmileVerse Dental Clinic is a HIPAA-covered entity. Federal law (HIPAA, 45 CFR Parts 160 & 164) requires us to maintain the privacy and security of your Protected Health Information (PHI) and to provide you with a formal Notice of Privacy Practices.

Our full HIPAA Notice of Privacy Practices:

• Is provided to you at your first appointment

• Is posted in our office waiting area

• Is included as Part Two of this document

• Is available at smileverseclinic.com/hipaa-notice

• Is available upon request by calling (281) 482-3331 or emailing info@smileverseclinic.com

In any conflict between this Privacy Policy and our HIPAA NPP, the HIPAA NPP controls for all PHI. This Privacy Policy applies only to non-clinical data collected through our Website.

2. Definitions

Company / SmileVerse — SmileVerse Dental Clinic, 221 E Edgewood Drive, Friendswood, TX 77546.

Website — The website located at https://www.smileverseclinic.com.

You / User — Any person who visits our Website.

Personal Information — Information that identifies or could reasonably be linked to you. Does not include PHI, which is governed by HIPAA separately.

PHI (Protected Health Information) — Health information as defined under HIPAA — including dental records, diagnoses, treatment history, X-rays, and billing information created or received in connection with your dental care.

Archy — Our practice management software (https://www.archy.com), used to manage appointments, patient records, and billing. All patient data in Archy is governed by a HIPAA Business Associate Agreement between Archy and SmileVerse.

Finix — The payment processing infrastructure integrated within Archy. Finix processes and stores payment card transactions on our behalf within Archy’s PCI-DSS compliant platform.

Google Ads — A paid advertising service provided by Google LLC. SmileVerse uses Google Ads solely for keyword-based brand visibility in search results. No patient data or personal information is used to target these ads.

Cookies — Small data files placed on your device that help our Website function properly.

3. What Information We Collect

3.1 Information You Provide Voluntarily

We collect only the information you choose to give us when you:

• Submit a contact or inquiry form on our Website

• Request an appointment online through our Website or Archy patient portal

• Call or email our office

• Submit a review or testimonial

This information may include your name, email address, phone number, and the reason for your inquiry. Patient intake information submitted through Archy is PHI and governed by our HIPAA NPP — not this Privacy Policy.

3.2 Basic Website Server Logs

Our web server automatically records basic technical data when you visit our Website, used solely to keep the site running properly:

• IP address (used to deliver web pages to your browser)

• Browser type and version

• Date and time of visit

• Pages visited

We do not use this data to identify you, track you across the internet, or build advertising profiles. Server logs are stored for up to 12 months for security and troubleshooting, then deleted.

3.3 Cookies and the Google Ads Conversion Tag

Our Website uses only strictly necessary cookies plus a basic Google Ads conversion tag. We do not use:

• Meta Pixel or any Facebook/Instagram tracking

• Google Analytics or behavioral analytics tools

• Retargeting or remarketing scripts of any kind

• Any cookie that tracks you across other websites

• Advertising cookies that build profiles for ad targeting

Google Ads Conversion Tag: Our Website includes a Google Ads tag that confirms when a Google ad click results in a Website visit. This allows us to measure whether our ads are reaching people — it does not collect personal information, does not use patient data, and does not track you for retargeting purposes.

Strictly necessary cookies keep Website features functional (e.g., contact form submissions) and are deleted when you close your browser. You may control cookies through your browser settings.

4. How We Use Your Information

Responding to inquiries  —  To answer your questions and follow up on contact form submissions.

Scheduling appointments  —  To confirm, remind, and follow up on appointment requests.

Patient communication  —  To communicate with you about your dental care via Archy.

Brand advertising  —  We run keyword-based Google Ads to make SmileVerse visible in local search results. These ads are targeted by search terms only (e.g., ‘dentist Friendswood TX’). No patient data, no personal information, and no website visitor data is used to target these ads.

Legal compliance  —  To comply with HIPAA, the Texas Data Privacy and Security Act (TDPSA), and all applicable federal and Texas law.

Security  —  To detect and prevent unauthorized access, fraud, or abuse of our Website.

We do not use your personal information to build advertising profiles, retarget you across other websites, or target ads based on your identity or browsing behavior.

5. How We Share Your Information

We share your information only in the following limited circumstances:

5.1 Archy — Practice Management Software

Patient appointment requests and records are managed through Archy, our HIPAA-compliant practice management platform. Archy stores patient data under a Business Associate Agreement (BAA) with SmileVerse. Archy does not use your data for advertising purposes.

Archy Privacy Policy: https://www.archy.com/privacy-policy

5.2 Finix — Payment Processing (via Archy)

Payment card transactions are processed through Finix, integrated within Archy’s platform. Your payment card information is stored within Archy’s PCI-DSS compliant environment. SmileVerse does not maintain payment card data on its own servers. We share only the minimum information necessary to process your payment and do not disclose dental records, diagnoses, or clinical notes to any payment processor. We do not share your health data with credit card networks beyond what is technically required to settle a transaction.

Finix Privacy Policy: https://finix.com/privacy-policy

5.3 Google — Brand Advertising Only

We use Google Ads to display SmileVerse advertisements in search results. Google places a basic conversion tag on our Website. We do not share patient information, dental records, personal data, or website visitor profiles with Google. No customer lists are uploaded. No retargeting is used. Our ads are keyword-based only.

Google Privacy Policy: https://policies.google.com/privacy

We may disclose your information when required by law, valid court order, or government subpoena, or when necessary to protect the safety, rights, or property of SmileVerse, its staff, or the public.

5.5 Business Successors

In the event of a merger, acquisition, or sale of our practice, records may be transferred to the successor entity. Any transfer of PHI will comply with HIPAA requirements, including execution of appropriate Business Associate Agreements.

For any purpose not described above, we will obtain your explicit consent before sharing your information.

We do NOT share your information with:  Meta (Facebook/Instagram), data brokers, insurance companies (except as authorized by you under HIPAA), employers, collection agencies, or credit card companies. We do not provide patient names, records, or personal data to Google for ad targeting.

6. Data Retention

Contact / Inquiry Data  —  Up to 24 months from date of inquiry, then deleted.

Website Server Logs  —  Up to 12 months for security purposes, then deleted.

Appointment Request Data  —  Up to 24 months, or transferred to Archy upon patient onboarding.

Marketing / Email List  —  Until you unsubscribe or request deletion.

Payment / Transaction Records  —  Transaction records retained up to 10 years for tax and accounting compliance. Payment card data is stored within Archy’s PCI-DSS compliant platform.

PHI / Dental Records (via Archy)  —  Minimum 7 years from last treatment date per Texas law (22 Tex. Admin. Code § 108.8), or until age 25 for patients treated as minors.

7. Data Security

We take the following measures to protect your personal information:

• HTTPS encryption for all data transmitted to and from our Website

• Access controls: only authorized SmileVerse staff access patient data in Archy

• HIPAA Security Rule safeguards for all electronic PHI stored in Archy

• Business Associate Agreement (BAA) with Archy covering all PHI

• Staff training on privacy and data security practices

No internet transmission is 100% secure. If you believe your data has been compromised, contact us immediately at info@smileverseclinic.com or (281) 482-3331. In the event of a reportable PHI breach, we will notify affected individuals and the U.S. Department of Health and Human Services as required by the HIPAA Breach Notification Rule.

8. Your Privacy Rights — Texas Residents

Effective July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) grants Texas residents the following rights regarding non-PHI personal data:

• Right to Know whether we process your personal data

• Right to Access a copy of personal data we hold about you

• Right to Correct inaccurate personal data

• Right to Delete personal data you provided, subject to legal exceptions

• Right to Data Portability in a machine-readable format

• Right to Opt Out of sale of personal data or targeted advertising

SmileVerse does not sell personal data and does not conduct targeted advertising using personal data. You may still exercise any of the above rights by contacting us at info@smileverseclinic.com or (281) 482-3331. We will respond within 45 days. We will not discriminate against you for exercising these rights.

Your PHI rights as a patient are governed separately by HIPAA and described in Part Two of this document.

9. Children’s Privacy

Our Website is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent, in compliance with COPPA (Children’s Online Privacy Protection Act). If you believe a child under 13 has submitted information through our Website, contact us at info@smileverseclinic.com and we will promptly delete it.

Minor Patients (Under 18): SmileVerse treats minor patients as part of our family practice. PHI for minor patients is governed by our HIPAA NPP and Texas law, and requires parental or guardian authorization. Parents and guardians have the right to access their child’s dental records and authorize or restrict PHI disclosure, subject to applicable Texas law.

10. Third-Party Links

Our Website may contain links to the Archy patient portal, social media pages, and review platforms. These operate under their own privacy policies. We have no control over and assume no responsibility for the privacy practices of any third-party site.

11. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the “Last Updated” date, post a notice on our Website, and notify you directly where required by law. Continued use of the Website following any changes constitutes acceptance of the revised policy.

12. Contact Us — Privacy Questions

SmileVerse Dental Clinic

221 E Edgewood Drive, Friendswood, TX 77546

Email: info@smileverseclinic.com

Phone: (281) 482-3331

Website: smileverseclinic.com/contact

Privacy Policy