Brux
Run free audit

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy specifically governs the Brux Dental AI Ranking software platform ("the App") operated by Brux Dental Marketing LLC.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party.

App refers to Brux Dental AI Ranking, the software-as-a-service platform operated by Brux Dental Marketing LLC and accessible through Our domains and applications.

Audit means the AI Visibility Audit feature of the Service, which analyzes publicly available information about a dental practice including its website content, search engine presence, and review platform listings.

Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information.

CCPA and/or CPRA refers to the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020.

Company (referred to as either "the Company", "We", "Us", "Our", or "Brux" in this Agreement) refers to Brux Dental Marketing LLC, 3365 Burns Rd Ste 212, Palm Beach Gardens, FL 33410.

Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website.

Country refers to: Florida, United States.

Data Controller, for the purposes of the GDPR, refers to the Company.

Device means any device that can access the Service.

GDPR refers to EU General Data Protection Regulation.

Patient Data refers to information about patients of dental practices that use the Service. Brux is designed so that no patient identifiers enter our systems through the Testimonial Engine. Patients reach the Service via an anonymous link (bruxai.com/r/your-practice-slug) that practices distribute through their own channels. Brux retains only practice-scoped aggregate counts and the AI-drafted text the patient may choose to post; we do not store the form inputs, IP addresses, fingerprints, or any information that could identify the submitter. See the "Patient Data and the Testimonial Engine" section below for full detail.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the App, including the AI Visibility Audit, Brux Testimonial Engine, AI Ranking Tracker, dashboard, and all associated features.

Service Provider means any natural or legal person who processes the data on behalf of the Company.

Third-Party AI Service refers to AI platforms and APIs We integrate with, including but not limited to Anthropic, OpenAI, Google AI, and Perplexity, which We use to power audit analysis, testimonial generation, and ranking checks.

Usage Data refers to data collected automatically when using the Service.

Website refers to Brux Dental AI Ranking, accessible from our app domain at airank.bruxdentalmarketing.com and related subdomains.

You means the individual accessing or using the Service, or the dental practice or other legal entity on behalf of which such individual is accessing or using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Dental practice name
  • Practice address, city, state, ZIP/Postal code
  • Practice website URL
  • Names and credentials of dentists at Your practice
  • Payment and billing information (handled by Our payment processor)
  • Usage Data

Practice Information You Provide

To operate the Service effectively, You provide information about Your dental practice including practice details, services offered, brand voice preferences, and dentist names.

Information We Analyze From Public Sources

The AI Visibility Audit analyzes publicly available information about Your practice including:

  • Content from Your practice website
  • Your Google Business Profile (publicly available data)
  • Reviews and ratings on public review platforms
  • Citations and mentions on public directories

We do not access non-public information about Your practice for audit purposes.

Patient Data and the Testimonial Engine

The Brux Testimonial Engine is designed so that no patient identifiers ever enter Brux's systems. Patients reach the Testimonial Engine by visiting an anonymous link in the form of bruxai.com/r/your-practice-slug that practices distribute through their own channels (printed cards, signage, follow-up messages sent from the practice's own systems).

When a patient uses the Testimonial Engine, We:

  • Do not require login, account creation, or any patient identifier
  • Do not collect the patient's name, contact information, date of birth, medical record number, or any other identifier
  • Do not store the patient's IP address, device fingerprint, session ID, or geolocation
  • Do not store the patient's submitted form inputs (free-text descriptions of their visit, star rating)
  • Do not store the AI-generated draft testimonials returned to the patient
  • Do not log the request body of testimonial generation API calls

The only data persisted from a patient submission is an anonymous, aggregate count of (practice, event type, calendar date). For example, "Practice X received 14 testimonial drafts on 2026-05-29." These counts cannot be linked back to individual patients and are used to give the practice owner aggregate dashboard metrics.

Before any patient input is processed by AI, Brux runs an automated identifier filter that rejects submissions containing medical-record-number-like patterns, prompting the patient to revise and resubmit. Brux is not a HIPAA Business Associate (see "HIPAA Position" section).

Other Patient Information

Outside of the Testimonial Engine, Brux's other features (AI Visibility Audit, AI Ranking Tracker) operate on information about Your practice (public website content, business listings, services, dentist names) and not on information about Your patients. We do not collect or process patient health information for these features either.

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. The technologies We use may include Browser Cookies and Web Beacons.

We use both Session and Persistent Cookies for the following purposes:

  • Necessary / Essential Cookies: Required to authenticate users and provide core Service functionality.
  • Functionality Cookies: Remember Your preferences and login state.
  • Analytics Cookies: Help Us understand how the Service is used so We can improve it.

We do not use targeting or advertising cookies within the App itself.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain Our Service, including to monitor usage.
  • To manage Your Account.
  • To process payments and subscriptions through Our third-party payment processor.
  • To run AI Visibility Audits by analyzing Your publicly available practice information using third-party AI services.
  • To generate testimonial drafts using third-party AI services. For the Testimonial Engine specifically, the inputs are entered by anonymous patients on their own devices via the public testimonial link. Brux does not enter those inputs on Your behalf or store the inputs after the draft is returned.
  • To run AI Ranking checks by querying third-party AI platforms with searches relevant to Your practice.
  • To send service-related communications such as account updates, billing notifications, audit completion notifications, and weekly insights.
  • To contact You by email, telephone, SMS, or push notifications for service updates or important account information.
  • To respond to support requests and manage Your inquiries.
  • To improve Our Service by analyzing usage patterns.
  • For legal compliance including responding to lawful requests and enforcing Our Terms.
  • For business transfers in the event of a merger, acquisition, or similar transaction.

We do not sell Your Personal Data. We do not share Your Personal Data with third parties for marketing purposes.

Third-Party AI Processing

To deliver Our Service, We send certain information to Third-Party AI Services including Anthropic (Claude), OpenAI (ChatGPT), Google AI (Gemini), and Perplexity. This may include:

  • Public content from Your practice website (sent for audit analysis)
  • Anonymous patient submission inputs from the Testimonial Engine (sent to Anthropic to generate a draft testimonial; not stored by Brux after the draft is returned)
  • Search queries about Your practice and area (sent for ranking checks)

We use these services solely to deliver Our functionality. The data sent to these services is governed by their respective privacy policies. We do not authorize these providers to use Your data to train their models, where opt-out is available.

You can review these providers' privacy practices here:

  • Anthropic: https://anthropic.com/legal/privacy
  • OpenAI: https://openai.com/policies/privacy-policy
  • Google AI: https://policies.google.com/privacy
  • Perplexity: https://perplexity.ai/legal/privacy

HIPAA Position

Brux is not a HIPAA Business Associate of any dental practice using the Service.

Under 45 CFR § 160.103, a Business Associate is an entity that handles Protected Health Information (PHI) on behalf of a covered entity. Brux does not handle PHI on behalf of dental practices because:

  • The Testimonial Engine is anonymous by design. Patients reach the link without creating an account, submit testimonials without providing identifiers, and the form inputs are not stored after the AI-drafted response is returned. The aggregate counts retained (submission counts, star-rating averages) cannot be linked back to individual patients.
  • The AI Visibility Audit and AI Ranking Tracker operate on public information about the practice: not information about the practice's patients.
  • An automated identifier filter rejects patient submissions containing medical-record-number-like patterns before any AI processing occurs.
  • Brux does not request, collect, or store patient names, contact information, dates of birth, medical record numbers, IP addresses, device fingerprints, session IDs, or geolocation in connection with the Testimonial Engine.

Because Brux does not handle PHI on behalf of a covered entity, no Business Associate Agreement (BAA) is required under 45 CFR § 164.502(e) to use the Service. We will not sign a BAA representing that we handle PHI when we have intentionally designed the Service so that we do not.

If You believe a particular use of the Service would cause PHI to flow into Brux's systems (for example, by entering patient names or identifiers in free-text fields, or by using the Testimonial Engine in a way that re-identifies anonymous submissions), You agree to stop that use and contact Us at privacy@bruxdentalmarketing.com before continuing.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

Specific retention practices:

  • Account data: retained while Your account is active
  • Audit results: retained for the life of Your account (paid plans); retained for 7 days for free audits
  • Testimonial generation history: retained for the life of Your account
  • Ranking snapshots: retained for 12 months in active storage, then archived
  • Billing records: retained as required by applicable tax and financial regulations
  • Support communications: retained for 24 months

If You delete Your account, We will delete Your Personal Data within 90 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. Information may be transferred to servers operated by Our infrastructure providers including Supabase, Vercel, and Amazon Web Services.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

You may delete Your Account at any time by:

  • Using the account deletion option in Your Brux dashboard
  • Emailing privacy@bruxdentalmarketing.com

Please note that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for sensitive data
  • Row-level security on database records
  • OAuth 2.0 for third-party integrations
  • Regular security audits

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Service Providers and Subprocessors

We use the following Service Providers to operate the Service:

  • Supabase (database and authentication): https://supabase.com/privacy
  • Vercel (application hosting): https://vercel.com/legal/privacy-policy
  • Amazon Web Services (infrastructure): https://aws.amazon.com/privacy
  • Stripe (payment processing): https://stripe.com/privacy
  • Anthropic (AI processing): https://anthropic.com/legal/privacy
  • OpenAI (AI processing): https://openai.com/policies/privacy-policy
  • Google AI (AI processing): https://policies.google.com/privacy
  • Perplexity (AI processing): https://perplexity.ai/legal/privacy
  • DataForSEO (search data): https://dataforseo.com/privacy
  • Resend (transactional email): https://resend.com/legal/privacy-policy
  • Google Analytics (usage analytics): https://policies.google.com/privacy

These Service Providers may have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You
  • Legal obligations: Processing is necessary for compliance with a legal obligation
  • Legitimate interests: Processing is necessary for the legitimate interests pursued by the Company

Your Rights under the GDPR

You have the right to:

  • Request access to Your Personal Data
  • Request correction of Your Personal Data
  • Object to processing of Your Personal Data
  • Request erasure of Your Personal Data
  • Request the transfer of Your Personal Data
  • Withdraw Your consent at any time

To exercise these rights, contact privacy@bruxdentalmarketing.com.

CCPA/CPRA Privacy Notice

This section supplements the information contained in Our Privacy Policy and applies solely to California residents.

Categories of Personal Information Collected

We collect personal information in the following categories defined by CCPA/CPRA:

  • Category A: Identifiers: Yes (name, email, phone, IP address)
  • Category B: California Customer Records categories: Yes (name, address, phone, payment information)
  • Category D: Commercial information: Yes (subscription history)
  • Category F: Internet activity: Yes (usage data)
  • Category L: Sensitive personal information: Yes (account login and password)

We do not collect Categories C, E, G, H, I, J, or K.

Sources of Personal Information

We obtain personal information from:

  • Directly from You
  • Indirectly from You (usage observation)
  • Automatically from You (cookies and similar technologies)
  • From Our Service Providers

Sale of Personal Information

We do not sell personal information as the term sell is commonly understood. Some sharing with our analytics and infrastructure providers may be deemed a "sale" under the broader CCPA/CPRA definition. You have the right to opt out. Contact privacy@bruxdentalmarketing.com.

Your CCPA/CPRA Rights

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Access personal information
  • Request deletion of personal information
  • Correct inaccurate personal information
  • Limit use of sensitive personal information
  • Non-discrimination for exercising privacy rights

To exercise these rights, contact privacy@bruxdentalmarketing.com.

"Do Not Track" Policy

Our Service does not respond to Do Not Track signals.

Children's Privacy

Our Service is intended for use by dental practices and is not directed to anyone under the age of 18. We do not knowingly collect personal information from anyone under the age of 18. If You become aware that a child has provided Us with Personal Data, please contact Us.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

SMS and Mobile Communications

Brux does not send SMS or any other patient-facing message on Your behalf. The Testimonial Engine works through an anonymous link that You distribute through Your own channels (printed cards, signage, QR codes, follow-up messages sent from Your own systems). Any patient communications You send using that link are governed by Your own compliance practices (TCPA, CAN-SPAM, and any state-level rules that apply), not by Brux.

Brux itself may send transactional SMS or push notifications to You (the practice operator) only when You opt in. You can opt out at any time by replying STOP.

Mobile opt-in data is never shared with third parties for marketing purposes.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For material changes, We will notify You via email and/or a prominent notice on Our Service prior to the change becoming effective.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

  • By email: privacy@bruxdentalmarketing.com
  • By visiting this page on our website: https://airank.bruxdentalmarketing.com/privacy
  • By phone: 561-202-3976
  • By mail: Brux Dental Marketing LLC, 3365 Burns Rd Ste 212, Palm Beach Gardens, FL 33410
Privacy Policy | Brux Dental AI Ranking