Privacy Policy

Orion CRM Software
Orion, LLC

Effective Date: 02/01/2019
Last Updated: 02/15/2026

1. Introduction

Orion, LLC (“Orion,” “we,” “us,” or “our”) operates the Orion CRM platform (the “Service”), a cloud-based CRM software solution designed to help dental practices manage patient records, appointments, billing, and communications. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service through our website at https://www.oriontech3d.com or any associated applications.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Definitions

  • “Practice” refers to the dental clinic or office that subscribes to the Service.
  • “Practice User” refers to authorized staff members of a Practice who access the Service (dentists, hygienists, administrative staff, etc.).
  • “Patient” refers to individuals whose personal and health information is managed within the Service by a Practice.
  • “Personal Information” refers to any information that identifies or can be used to identify an individual.
  • “Protected Health Information” (PHI) refers to individually identifiable health information as defined under applicable law.

3. Information We Collect

3.1 Practice and Practice User Information

When a Practice registers for and uses the Service, we collect:

  • Account Information: Practice name, email address, phone number, physical address, and tax identification details.
  • User Credentials: Name, email address, and encrypted password for each Practice User.
  • Profile Information: Profile pictures, role assignments, and access level configurations.
  • Billing Information: Subscription plan details and payment information processed through our payment provider (Stripe).
  • Preferences: Language, date format, currency, calendar settings, and notification preferences.

3.2 Patient Information

Practices use the Service to store and manage patient data, which may include:

  • Identification: Name, date of birth, gender, marital status, government-issued identification numbers, and patient file numbers.
  • Contact Information: Email address, phone numbers, and physical address.
  • Medical and Dental Records: Dental charts, treatment plans, procedure history, medical background questionnaires, vital signs, clinical notes, and exam notes.
  • Financial Information: Account balances, payment history, invoices, and billing records.
  • Communication Records: Appointment reminders, notifications, and other messages sent via email, SMS, or WhatsApp.
  • Family Information: Emergency contact details and family relationships.
  • Images and Documents: Profile photos, dental imaging, scanned documents, and consent forms.
  • Consent Records: Signed consent forms, treatment plan acceptance records, and digital signatures.

3.3 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Usage Data: Interaction logs such as pages viewed, features used, and actions taken within the platform.
  • Device Information: Browser type, operating system, and device identifiers.
  • Error Reports: Technical error data to help us improve the Service.

4. How We Use Information

We use the information we collect to:

  • Provide the Service: Enable patient record management, appointment scheduling, treatment planning, billing, and practice communications.
  • Process Payments: Manage subscription billing and payment processing.
  • Send Communications: Deliver appointment reminders, billing notifications, birthday/holiday greetings, and continuing care reminders via email, SMS, or WhatsApp, based on Practice and Patient preferences.
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features.
  • Provide Support: Respond to inquiries, troubleshoot issues, and deliver training to Practice Users.
  • Ensure Security: Monitor for unauthorized access, protect against fraud, and maintain the integrity of the Service.
  • Comply with Legal Obligations: Meet applicable regulatory and legal requirements.

5. How We Share Information

We do not sell Personal Information or Protected Health Information. We may share information with the following categories of recipients:

5.1 Service Providers

We use trusted third-party service providers to operate the Service. These providers are contractually obligated to protect the information they process on our behalf and may include:

  • Cloud infrastructure providers for hosting, data storage, and file management.
  • Payment processors (Stripe) for subscription billing.
  • Communication providers for delivering email, SMS, and WhatsApp messages.
  • Error monitoring services for tracking and resolving technical issues (no PHI is shared with these services).

5.2 Optional Integrations

If a Practice chooses to enable third-party integrations (such as calendar synchronization or contact syncing), relevant data may be shared with those third-party services as configured by the Practice.

5.3 Other Disclosures

We may disclose information:

  • With Practice Consent: When the Practice authorizes the disclosure.
  • For Legal Compliance: To comply with applicable laws, regulations, court orders, or governmental requests.
  • To Protect Rights: To enforce our terms of service, protect our rights or safety, or protect the rights, safety, or property of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

6. Data Retention

We retain information as follows:

  • Patient Records: Retained for the duration of the Practice’s subscription and as required by applicable healthcare record retention laws.
  • Communication Logs: Automated messages and delivery records are retained for a limited period and then automatically deleted. Manually created notes are retained indefinitely.
  • Usage Data: Automatically deleted after a limited retention period.
  • Account Data: Retained for the duration of the Practice’s subscription and for a reasonable period thereafter to comply with legal obligations.

Upon termination of a subscription, Practices may request export or deletion of their data by contacting us at the address provided in Section 13.

7. Data Security

We implement industry-standard technical and organizational measures to protect information, including:

  • Encryption: Passwords are securely hashed. Data is encrypted in transit and at rest.
  • Access Controls: Role-based access controls limit Practice User access to authorized data. Patient records are isolated per Practice.
  • Audit Trails: The Service maintains records of data creation, modification, and deletion, including the identity of the user who performed each action.
  • Backups: Data is backed up periodically to protect against data loss.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Patient Rights and Choices

8.1 For Patients

Patients whose information is managed within the Service should contact their dental Practice directly to:

  • Access their personal and health information.
  • Request corrections to inaccurate data.
  • Request deletion of their information (subject to legal record retention requirements).
  • Opt out of specific communication categories (e.g., promotional messages, birthday cards, or appointment reminders).

8.2 For Practice Users

Practice Users may update their profile information, change their password, and manage notification preferences through the Service.

9. Patient Portal

We offer a Patient Portal that allows patients limited access to their information. Portal access is granted via secure, time-limited links and does not require a traditional username/password login. The portal provides patients with access to selected records as configured by their Practice.

10. International Data Transfers

The Service is hosted on cloud infrastructure that may process and store data in locations outside of the country where the Practice operates. By using the Service, Practices acknowledge and consent to the transfer of data to these locations. We take reasonable steps to ensure that data transfers comply with applicable data protection laws.

11. Children’s Privacy

The Service is intended for use by dental Practices and their authorized staff. While Practices may store records for minor patients as part of their dental care, we do not knowingly collect personal information directly from children. The management of minor patient data is the responsibility of the Practice in compliance with applicable laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify Practices of material changes by posting the updated policy on our website and updating the “Last Updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Orion Tech 3D, LLC
Email: ventas@oriontech3d.com
Phone: +1 346-677-2542
Website: https://www.oriontech3d.com

14. Additional Disclosures

14.1 For Practices in the United States (HIPAA)

To the extent that the Service processes Protected Health Information (PHI) on behalf of a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), Orion acts as a Business Associate. Practices subject to HIPAA should contact us to execute a Business Associate Agreement (BAA) prior to storing PHI in the Service.

14.2 For Practices in the European Economic Area (GDPR)

For Practices subject to the General Data Protection Regulation (GDPR), Orion acts as a Data Processor on behalf of the Practice (Data Controller). Practices are responsible for obtaining appropriate patient consent and providing privacy notices as required by GDPR. Individuals in the EEA may have additional rights including the right to access, rectification, erasure, data portability, and the right to lodge a complaint with a supervisory authority.

14.3 For Practices in Latin America

Orion complies with applicable data protection laws in the jurisdictions where our Practices operate. Practices are responsible for complying with local data protection requirements, including obtaining necessary patient consents.

This Privacy Policy is provided in English. A Spanish-language version may be made available upon request.

Recent Comments