This Privacy Policy describes how Bucktooth Marketing Inc. ("Nurtura", "we", "us", "our") collects, uses, and discloses information when you visit nurtura.bucktoothmarketing.com or use the Nurtura platform (collectively, the "Service").

Information We Collect

Information you provide

When you sign up for or use Nurtura, we collect:

• Account details: name, email, phone number, business name, billing address
• Payment information processed by our payment provider, Stripe — we do not store full card details on our servers
• Practice information: services offered, locations, monthly marketing spend, target patient goals
• Configuration data: brand assets, logo, custom voice samples, calendar availability
• Content you create: ad copy, message templates, AI-conversation transcripts

Information collected automatically

• Usage data: pages viewed, features used, click patterns
• Device data: IP address, browser type, operating system
• Cookies and similar technologies (see Cookies below)
• Marketing-attribution parameters (utm_source, gclid, fbclid, ttclid, etc.) when you arrive from an ad or referral

Information about your patients (PHI)

Nurtura processes Protected Health Information ("PHI") on behalf of our dental-practice customers. We act as a HIPAA Business Associate. PHI handling is governed by the Business Associate Agreement (BAA) signed with every paying practice. We do not use PHI for any purpose other than providing the Service.

How We Use Information

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Communicate with you about your account, support requests, and product changes
• Detect, prevent, and address fraud, abuse, or security incidents
• Comply with legal obligations

We do not sell your personal information.

How We Share Information

• Service providers that help us operate the Service (Stripe for payments, GoHighLevel for CRM infrastructure, Cloudflare and Netlify for hosting and CDN)
• Aggregated or de-identified data for product analytics, benchmarking, and research — never tied back to individuals
• Legal compliance when required by law, subpoena, or court order
• Business transfers in the event of merger, acquisition, or sale of assets
• With your consent for any other purpose

HIPAA Safeguards

For PHI processed on behalf of dental-practice customers, we adhere to the HIPAA Security Rule and the terms of our BAA. Specific protections include:

• Encryption of PHI at rest (AES-256) and in transit (TLS 1.2+)
• Role-based access controls and audit logging
• Defined breach notification procedures
• AI training is fenced against PHI exposure — we do not use PHI to train general models
• SOC 2 Type II audited annually

Cookies

We use cookies and similar technologies to maintain your session, remember preferences, analyze usage, and track marketing attribution. You can disable cookies in your browser settings — some features of the Service may not work as intended without them.

Data Retention

We retain account data for as long as you have an active subscription, plus 90 days after cancellation. You may request earlier deletion at any time. PHI retention follows the terms of our BAA, typically a minimum of 6 years to comply with HIPAA.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Restrict or object to processing
• Request a portable copy of your data

To exercise these rights, email info@bucktoothmarketing.com.

Security

We use industry-standard safeguards including encryption, role-based access controls, regular security audits, and employee training. No system is 100% secure — we cannot guarantee absolute security and you provide your information at your own risk.

Children

The Service is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided information to us, contact us and we will delete it.

International Users

If you access the Service from outside the United States, your information may be transferred to and processed in the U.S. We comply with applicable data-transfer regulations.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new effective date. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Contact