Legal

Privacy Policy

Last updated: April 23, 2026 · Effective April 23, 2026

This Privacy Policy explains how Dentek, LLC ("Dentek," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with the Practice Composition Index service available at pci.team and app.pci.team (the "Service"). By using the Service you agree to this Policy.

On this page Information we collect How we use it When we share it Security Retention Your rights Children International transfers Changes Contact

1. Information we collect

1.1 Information you provide directly

Account information — name, email address, role (individual, practice owner, team member, administrator), and position/role within your dental practice.
Practice information — practice name, team member list, roles, candidate pipeline, and any notes you enter about members, candidates, or roles.
Assessment responses — the adjectives you select during the Practice Composition Index assessment, plus any demographic or role context you provide.
Support communications — the content of messages you send us via the in-app ticket system, email, or contact form.
Payment information — handled by our payment processor (Stripe). We do not receive or store full credit card numbers. Stripe provides us with a transaction identifier, last four digits, card brand, and billing email.

1.2 Information collected automatically

Log and device data — IP address, browser type, operating system, pages visited, timestamps, and referring URLs, used for security, debugging, and aggregate usage analytics.
Cookies and similar technologies — we use a small number of first-party cookies and localStorage entries strictly necessary for authentication (keeping you signed in) and session continuity. We do not use third-party advertising cookies.

1.3 Information from third parties

If your practice owner invites you to take an assessment, we receive your name, email, role, and (if shared) assessment results, with your consent captured at the start of the assessment.
We receive limited payment and subscription status information from Stripe to manage billing.

2. How we use information

We use the information we collect to:

Provide, operate, and improve the Service, including generating your trait profile, archetype match, and role-fit analysis.
Authenticate you via one-time magic links sent to your email address.
Process payments, send receipts, and manage subscriptions.
Send transactional messages such as assessment invitations, sign-in links, receipts, support replies, and service notices.
Respond to support requests and maintain audit trails of support interactions.
Detect, prevent, and respond to fraud, abuse, security incidents, or violations of our Terms of Service.
Comply with legal obligations and enforce our agreements.

We do not sell your personal information. We do not use assessment results for advertising. We do not share individual team members' responses with anyone outside your practice without the subject's consent.

3.1 Within your practice

If you take an assessment as a team member or candidate of a practice, and you consented to share your results with that practice, the practice owner and authorized managers will see your trait profile, archetype match, and role-fit summary. Individual adjective-level responses are never shown to owners or managers.

3.2 Service providers (processors)

We share information with vendors who process data on our behalf under confidentiality obligations, limited to what is necessary for them to perform their services:

Stripe, Inc. — payment processing, billing, and receipts. See Stripe's privacy policy.
Infrastructure providers — Vultr (server hosting) for application and database servers located in the United States.
Email delivery — for transactional emails (magic links, receipts, support replies) via Gmail/Google Workspace and our transactional email provider.

3.3 Legal and safety

We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with law or legal process, (b) protect the rights, safety, or property of Dentek, our users, or the public, or (c) detect or respond to fraud, security incidents, or technical issues.

3.4 Business transfers

If Dentek is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to the terms of this Policy.

4. How we protect your information

All data is transmitted over TLS 1.2+ (HTTPS). HTTP traffic is redirected to HTTPS.
Passwords are not used — the Service uses one-time magic-link authentication, reducing credential-theft risk.
Database access is restricted to authenticated application servers and operators with a legitimate need.
Payment card data never touches our servers — it is collected directly by Stripe's PCI-DSS-validated infrastructure.
We log administrative actions, apply least-privilege access controls, and review access periodically.
Backups are retained on encrypted storage.

No system is perfectly secure. If we learn of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

5. How long we keep information

Account and assessment data — kept for the life of your account, plus a short reasonable period afterward for audit, legal, and backup rotation purposes.
Payment records — retained as required by tax and financial regulations (typically 7 years).
Support tickets — kept for up to 3 years for quality and continuity of support.
Server and security logs — typically retained 30–90 days unless needed for an ongoing investigation.

You can request deletion of your account and personal data at any time (see Section 6).

6. Your rights and choices

Depending on where you live, you may have rights to:

Access — request a copy of the personal information we hold about you.
Correct — update inaccurate or incomplete information via your Account page or by emailing us.
Delete — request deletion of your account and personal data.
Port — receive your personal information in a portable format.
Object — object to or restrict certain processing.
Withdraw consent — if you previously consented to share assessment results with your practice, you can withdraw consent at any time (this will not undo prior sharing but will prevent future sharing).

To exercise any of these rights, email hello@pci.team. We will verify your identity and respond within 30 days.

If you are in California, the EU/UK, or another jurisdiction with specific privacy laws, you have additional rights under those laws, including the right to lodge a complaint with your supervisory authority.

7. Children

The Service is intended for adults working in or evaluating dental practices. We do not knowingly collect information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. International data transfers

The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. By using the Service you consent to this transfer. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

9. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email and/or by prominent notice within the Service, and we will update the "Last updated" date above. Your continued use of the Service after changes take effect means you accept the updated Policy.

10. How to contact us

If you have questions or concerns about this Policy or our privacy practices:

Email: hello@pci.team
Mail: Dentek, LLC · 4136 N Western Ave · Chicago, IL 60618 · USA