Compliance & Patient Data
Last updated: June 2026
To run patient reactivation, Alfred works with lists of a practice's own patients. We treat that data as what it is: sensitive health-adjacent information that belongs to the practice and its patients, not to us. This page explains how we handle it in both the markets we serve.
United States — HIPAA
When Alfred handles protected health information (PHI) on behalf of a US dental practice, Alfred acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA).
- Before any patient data changes hands, we sign a Business Associate Agreement (BAA) with the practice.
- We use the minimum data necessary to run a reactivation campaign — typically name and contact details, not clinical records.
- Patient data is used solely to deliver the services the practice has engaged Alfred for. It is never sold, rented, or used to train third-party models.
- Data is transmitted and stored using encryption in transit and at rest, and access is limited to what is required to deliver the service.
- On request, or at the end of an engagement, we return or securely delete the patient data we hold.
Australia — Privacy Act 1988
For Australian dental practices, Alfred handles personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
- Personal information is collected and used only for the purpose the practice has engaged us for, consistent with the practice's own privacy obligations to its patients.
- The practice remains responsible for ensuring it has a lawful basis to contact the patients whose details it provides; Alfred acts on the practice's instruction.
- We do not disclose personal information to third parties for their own marketing, and we do not send it outside the engagement.
- Individuals may request access to or correction of their information via the practice, and we will support the practice in responding.
Patient Communications
Reactivation and outreach messages identify the practice, relate to the patient's existing relationship with that practice, and include a clear way to opt out. We do not cold-contact people who have no relationship with the practice.
Questions
If you need a BAA, a data-processing summary, or have any question about how patient data is handled, email [email protected] and we will respond promptly. See also our Privacy Policy and Terms of Service.
← Back to getalfred.llc