Back to Home

Privacy Policy

Last Updated: February 25, 2026

At Practice ROI (formerly Referral Retriever), we take your privacy seriously. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our marketing and referral tracking platform designed for orthodontists and dental specialists.

By using Practice ROI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

HIPAA Compliance: Practice ROI is committed to maintaining HIPAA compliance for all Protected Health Information (PHI). We enter into Business Associate Agreements (BAAs) with all customers who process PHI through our platform.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes:
  • Account information (name, email address, phone number, practice name)
  • Practice information (specialty, location, business details)
  • Payment information (processed securely through third-party payment processors)
  • Patient data you choose to store in our system (referral information, contact details)
  • Communication preferences and settings
  • Any other information you choose to provide

1.2 Automatically Collected Information

When you use our services, we automatically collect certain information, including:

  • Usage data (features accessed, time spent, actions taken)
  • Device information (IP address, browser type, operating system)
  • Log data (access times, pages viewed, errors encountered)
  • Cookies and similar tracking technologies

1.3 Information from Third Parties

We may receive information from third-party services you connect to Practice ROI, such as:
  • Google Business Profile data
  • Social media platforms (Facebook, Instagram, LinkedIn)
  • Email service providers
  • Calendar applications
  • Payment processors

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Communicate with you about products, services, offers, and events
  • Monitor and analyze trends, usage, and activities
  • Detect, prevent, and address technical issues and fraudulent activity
  • Personalize and improve your experience
  • Facilitate referral tracking and marketing automation
  • Generate analytics and reports for your practice

3. HIPAA Compliance

Practice ROI is committed to HIPAA compliance for all Protected Health Information (PHI):

  • We sign Business Associate Agreements (BAAs) with all customers who process PHI
  • All PHI is encrypted in transit and at rest using industry-standard encryption
  • Access to PHI is restricted to authorized personnel only
  • We maintain comprehensive audit logs of all PHI access
  • Regular security assessments and penetration testing are conducted
  • Our infrastructure meets HIPAA Security Rule requirements
  • We have incident response procedures in place for any potential breaches
  • Staff receive regular HIPAA training

4. Information Sharing and Disclosure

4.1 We May Share Information:

With your consent or at your direction
  • With your consent or at your direction
  • With vendors, consultants, and service providers who need access to perform services for us
  • To comply with laws or respond to lawful requests and legal processes
  • To protect the rights and property of Practice ROI, our users, and the public
  • In connection with a merger, acquisition, or sale of assets
  • In aggregated or de-identified form that cannot reasonably be used to identify you

4.2 We Do NOT:

  • Sell your personal information to third parties
  • Share PHI without proper authorization or BAA in place
  • Use your data for purposes unrelated to providing our services
  • Share your patient data with other practices without your explicit consent

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Industry-standard encryption (TLS 1.3 for data in transit, AES-256 for data at rest)
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure data centers with physical security measures
  • Regular backups and disaster recovery procedures
  • Employee training on security best practices
  • Incident response and breach notification procedures

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active account data is retained for the duration of your subscription
  • After account closure, data is retained for 90 days for recovery purposes
  • Backup data may be retained for up to 1 year for disaster recovery
  • Financial records are retained for 7 years to comply with tax regulations
  • You may request deletion of your data at any time (subject to legal requirements)

7. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Restriction: Request restriction of processing of your information
  • Objection: Object to processing of your information for certain purposes
  • Withdraw Consent: Withdraw consent for processing where we rely on consent
To exercise these rights, contact us at privacy@practiceroi.com

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Understand how you use our services
  • Improve our services and user experience
  • Provide security features
  • Analyze trends and measure marketing effectiveness
You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

9. Third-Party Services

Our services integrate with third-party services that have their own privacy policies:

  • Google (Google Business Profile, Google Ads, Google Calendar)
  • Facebook and Instagram (social media management)
  • Twilio (call tracking and SMS)
  • Stripe (payment processing)
  • Canva (design tools)
We encourage you to review the privacy policies of any third-party services you use.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected information from a child under 16, we will take steps to delete it promptly.

10. International Data Transfers

Practice ROI is based in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

We take appropriate safeguards to ensure your information receives adequate protection in accordance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if changes are material
  • Post a notice on our website
  • Require your acceptance of the new policy for continued use
Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@practiceroi.com
  • Phone: (719) 985-3535
  • Mail: Practice ROI, 6660 Delmonico Drive, Suite D-200, Colorado Springs, CO 80919
  • Data Protection Officer: dpo@practiceroi.com

14. State-Specific Rights

14.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell your information)
  • Right to non-discrimination for exercising your CCPA rights

14.2 Virginia, Colorado, and Connecticut Residents

Residents of these states have similar rights under their respective state privacy laws. Contact us to exercise these rights.

Questions About Your Privacy?

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, we're here to help.

Contact UsEmail Privacy Team