Legal

Privacy Policy

Last updated: March 26, 2026

Book a DemoSee Pricing

1. Introduction

Dental Spaces LLC, doing business as Ayla (“Ayla,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website at tryayla.com (“Website”) or use the Ayla dental practice management software (“Service”).

By using our Website or Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Website or Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Demo Request Information: name, email address, phone number, practice name, role, number of providers, current software, and areas of interest when you submit a demo request form.
  • Waitlist Information: email address when you join our waitlist.
  • Account Information: name, email, practice name, and billing information when you create an Ayla account.
  • Communications: any information you provide when contacting us via email at hello@tryayla.com.

2.2 Information Collected Automatically

When you visit our Website, we may automatically collect:

  • Usage Data: pages visited, time spent on pages, links clicked, and referring pages.
  • Device Information: browser type, operating system, screen resolution, and device type.
  • IP Address: your internet protocol address, which may indicate your general geographic location.
  • Cookies: small data files stored on your device to remember preferences (such as announcement bar dismissal state). See Section 7 for details.

2.3 Protected Health Information (PHI)

When dental practices use the Ayla Service, patient data including protected health information (PHI) as defined by HIPAA is stored and processed within the Service. Our handling of PHI is governed by our Business Associate Agreement (BAA) with each subscribing practice and by HIPAA regulations. See Section 5 for details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiries: processing demo requests, waitlist signups, and general inquiries.
  • To provide the Service: operating, maintaining, and improving the Ayla platform for subscribing practices.
  • To communicate with you: sending confirmation emails, service updates, and responding to support requests.
  • To improve our Website: analyzing usage patterns to improve content, navigation, and user experience.
  • To ensure security: detecting, preventing, and addressing technical issues and security threats.
  • To comply with legal obligations: fulfilling our legal and regulatory requirements.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use patient data or PHI for any purpose other than providing the Service as described in our BAA.

4. How We Share Your Information

We may share your information only in the following circumstances:

  • Service Providers: we use trusted third-party services to operate our business, including Amazon Web Services (AWS) for hosting and infrastructure, Amazon Simple Email Service (SES) for transactional emails, Stripe for payment processing, and Stedi for insurance claim submission. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
  • Legal Requirements: we may disclose information if required by law, court order, subpoena, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not share personal information with third parties for their own marketing purposes.

5. HIPAA Compliance and Protected Health Information

Ayla is designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. When a dental practice subscribes to the Ayla Service:

  • We execute a Business Associate Agreement (BAA) with every subscribing practice.
  • All PHI is encrypted with AES-256 encryption at rest and TLS encryption in transit.
  • PHI is stored exclusively on AWS servers in the United States.
  • Access to PHI is governed by role-based access controls configured by the subscribing practice.
  • We maintain audit logs of all access to PHI.
  • Automatic daily backups with point-in-time recovery protect against data loss.
  • We implement breach notification procedures in compliance with HIPAA requirements.

The subscribing dental practice is the Covered Entity under HIPAA and is responsible for obtaining any required patient consents and ensuring their use of the Service complies with HIPAA and applicable state privacy laws.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: AES-256 encryption at rest and TLS encryption in transit for all data.
  • Infrastructure: hosted on Amazon Web Services (AWS) with SOC 2 compliant hosting, automatic failover, and multi-region redundancy.
  • Authentication: two-factor authentication (2FA) available for all accounts. Biometric login (Face ID, Touch ID) available on the mobile app.
  • Access Controls: role-based access control limits data access to authorized users only.
  • Monitoring: failed login attempt monitoring, session timeout settings, and comprehensive audit logging.
  • Backups: automatic daily backups with point-in-time recovery.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using commercially reasonable safeguards.

7. Cookies and Tracking Technologies

Our Website uses the following cookies and tracking technologies:

  • Essential Cookies: used to remember your preferences, such as whether you have dismissed the announcement bar. These are stored in your browser’s localStorage.
  • Analytics (optional): if configured, we use Google Analytics (GA4) to understand how visitors use our Website. Google Analytics collects anonymized usage data including pages visited, session duration, and traffic sources. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use cookies for advertising, retargeting, or cross-site tracking purposes.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy:

  • Demo request and waitlist data: retained for up to 24 months after submission, or until you request deletion.
  • Account and practice data: retained for the duration of your subscription. Upon cancellation, data is available for export for 90 days, after which it may be permanently deleted.
  • Website usage data: anonymized analytics data may be retained indefinitely for trend analysis.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete personal information.
  • Deletion: request deletion of your personal information, subject to legal and contractual obligations.
  • Data Portability: request your data in a portable, machine-readable format.
  • Opt-Out: opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.

To exercise any of these rights, contact us at hello@tryayla.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. You have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at hello@tryayla.com.

11. Children’s Privacy

Our Website and Service are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. The Ayla Service may store records of minor patients as part of a dental practice’s clinical operations — this data is managed by the subscribing practice as the Covered Entity under HIPAA and is subject to parental consent requirements as determined by the practice.

12. Third-Party Links

Our Website may contain links to third-party websites, including review platforms (Capterra, G2, Software Advice), competitor websites referenced in comparison pages, and source citations. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any website you visit.

13. International Users

The Ayla Service is designed for use by dental practices in the United States. All data is stored on AWS servers in the United States. If you access our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date at the top of this page. For material changes that affect how we handle PHI, we will provide notice to subscribing practices via email. Your continued use of the Website or Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy, your personal information, or our privacy practices, please contact us:

Dental Spaces LLC (dba Ayla)
Email: hello@tryayla.com
Website: tryayla.com

For HIPAA-related inquiries or to report a potential data breach, please contact us immediately at hello@tryayla.com with the subject line “HIPAA Inquiry.”