DentiphotoDentiphoto
HIPAA-Eligible Infrastructure

HIPAA Compliance

Last Updated: February 1, 2026

At Dentiphoto AI, we understand that dental professionals handle sensitive patient information. This page explains how we protect your data and maintain compliance with healthcare data protection standards.

Our Infrastructure

Dentiphoto AI is built on HIPAA-eligible infrastructure. We have signed a Business Associate Agreement (BAA) with Supabase, our database and hosting provider. Supabase operates on Amazon Web Services (AWS) infrastructure, which is also HIPAA-eligible.

This means your data is stored and processed on infrastructure that meets the technical and security requirements of the HIPAA Security Rule.

Security Measures

We implement the following security measures to protect your data:

Encryption

  • • All data encrypted at rest using AES-256
  • • All data in transit encrypted using TLS 1.2+

Access Controls

  • • Row Level Security (RLS) for data isolation
  • • Multi-factor authentication (MFA) available
  • • Automatic session timeout

Data Protection

  • • Signed URLs with expiration times
  • • Private storage buckets
  • • Regular backups with PITR

Monitoring

  • • Audit logging of data access
  • • SSL enforcement on all connections
  • • Network restrictions & monitoring

Data Location

Your data is stored on secure servers in the United States (AWS US East, Virginia) through our partnership with Supabase.

Your Responsibilities

While we provide HIPAA-eligible infrastructure, dental professionals using Dentiphoto AI are responsible for:

Patient Consent

Before uploading any patient photographs, you must obtain written consent from your patients. This consent should cover cloud storage, AI processing, and transfer to third-party image processing services. We provide a sample consent form template in our documentation.

Compliance

As a dental professional, you are the data controller for your patient data. You are responsible for ensuring your use of Dentiphoto AI complies with HIPAA and any other applicable healthcare data protection laws in your jurisdiction.

Account Security

You are responsible for maintaining the security of your account credentials and ensuring that only authorized personnel access your Dentiphoto AI account.

AI Processing

Our Service uses third-party AI services to process images, including Retouch4me, fal.ai, Anthropic (Claude), and Replicate. When you upload patient photographs for AI processing:

  • Your patients must have consented to AI processing by third-party services.
  • We do not use your images to train AI models.
  • Images are processed solely to deliver the requested service.

For more details about AI processing, please refer to our Privacy Policy.

What This Means for You

For US Dental Practices

Our HIPAA-eligible infrastructure provides the technical safeguards required by HIPAA. Combined with proper patient consent, you can use Dentiphoto AI as part of your HIPAA-compliant workflow.

For International Users

While HIPAA is a US regulation, our security measures meet international best practices for healthcare data protection. Users in the EU, UK, Canada, Australia, and other regions benefit from the same high level of data protection.

Questions

If you have questions about our security practices or HIPAA compliance, please contact us at:

Email: support@dentiphoto.ai

Note: This page describes our infrastructure and security practices. Dentiphoto AI provides HIPAA-eligible infrastructure but does not provide legal advice. Dental professionals are responsible for their own HIPAA compliance, including risk assessments, policies, and patient consent procedures. We recommend consulting with a healthcare compliance professional for guidance specific to your practice.