Privacy Policy

Intertwine LLC ("Intertwine," "we," "our") operates the website at intertwinehq.com and provides marketing consulting, paid advertising management, and related services to dental service organizations and other clients ("Services"). This Privacy Policy describes how we collect, use, and share information across each of those activities.

This policy applies to visitors to our website, prospects who request a scoping call, and clients we engage with. It does not replace any separate data-protection terms in a signed engagement agreement, business associate agreement, or data processing addendum, which take precedence if there is a conflict.

Information you provide

• Contact information submitted through forms on this site (name, email address, phone number).
• Qualifying information such as the size of your practice portfolio, which we use to scope engagements.
• Scheduling information when you book a call through our embedded scheduling tool, including any availability or notes you provide.
• Communications such as emails, messages, and call notes exchanged with our team.
• Engagement materials shared by clients during onboarding or active work, including business information, marketing assets, vendor contracts, and access credentials to systems you authorize us to use.

Information collected automatically

• Usage data such as pages viewed, referring URLs, browser type, device type, approximate location derived from IP address, and timestamps.
• Cookies and similar technologies including first-party cookies for session continuity and third-party cookies for analytics and advertising. See Section 5.
• Advertising identifierswhen you arrive from a paid campaign, including ad click identifiers (e.g., Meta "fbclid", Google "gclid") we use for attribution.

Information from third parties

• Advertising platforms (Meta, Google, TikTok, LinkedIn) may share aggregated reporting, audience insights, and conversion data tied to campaigns we run.
• Customer relationship management tools such as GoHighLevel, where lead submissions are stored and synced.
• Client systems you authorize us to access during engagements, including practice management software (Denticon, Dentrix, Open Dental, etc.), email service providers, and analytics platforms.

• To respond to inquiries and schedule scoping calls.
• To deliver, support, and improve our Services and website.
• To build, manage, optimize, and report on paid advertising campaigns.
• To measure attribution from advertising spend to booked appointments and revenue.
• To audit, configure, and consolidate the technology stack of client portfolios.
• To produce creative assets (video, written copy, design) for use in campaigns and client-owned channels.
• To communicate updates, proposals, invoices, and contractual notices.
• To detect, prevent, and respond to fraud, abuse, and security incidents.
• To comply with legal obligations and enforce our agreements.

Service providers and subprocessors

We share information with vendors who help us run our business under contractual confidentiality and data-protection obligations. Categories include:

• Hosting and infrastructure providers (e.g., Vercel).
• Customer relationship management and marketing automation (e.g., GoHighLevel).
• Email, calendar, document, and communication tools.
• Analytics providers.
• Advertising and ad-tech platforms used to run campaigns.
• Payment processors when applicable to billing.

Advertising and analytics partners

When we run paid campaigns for ourselves or for clients, we share campaign-related data with the platforms hosting those campaigns, including pixel events that track conversions. This data may be used by those platforms to optimize ad delivery and measure performance.

Clients

When you contact us as a prospective customer, the information you submit is shared internally with our team. We do not share your prospect data with our clients.

Legal and safety

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of Intertwine, our clients, or others.

Business transfers

If Intertwine is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality obligations.

We do not sell personal informationin the conventional sense of the word. Some uses of advertising cookies may qualify as a "sale" or "sharing" under certain state privacy laws (e.g., California, Colorado, Connecticut, Virginia). See Section 8 for your opt-out rights.

We use cookies and similar technologies for three purposes:

• Strictly necessary cookies that enable basic site functions like form submission and scheduling.
• Analytics cookies that help us understand how the site is used and where to improve it.
• Advertising cookies and pixels (including Meta Pixel, Google Ads conversion tags, and similar) that measure ad performance and enable retargeting.

You can control cookies through your browser settings and through platform-level opt-outs (e.g., Meta's ad preferences, Google's ad settings, the Digital Advertising Alliance opt-out at optout.aboutads.info). Disabling certain cookies may affect site functionality.

During active engagements, clients may grant us access to systems that contain sensitive information, including practice management software used by dental service organizations. We approach client data with the following principles:

• Data minimization. We request access only to the systems and records necessary for the engagement. We do not extract or replicate patient health information for our own use.
• Aggregate marketing data only. Our work focuses on de-identified, aggregate operational and marketing data (appointment volume, channel attribution, vendor spend, configuration audits). We do not need patient names, diagnoses, treatment histories, or any other protected health information ("PHI") as defined by HIPAA to deliver our Services.
• HIPAA. If an engagement requires access to PHI, we will execute a Business Associate Agreement (BAA) with the client before any PHI is accessed, and we will limit access to personnel with a documented business need.
• Access controls. Credentials provided to us are stored in encrypted password management tools, scoped to least-privilege roles where possible, and revoked at engagement end.

We retain information for as long as we have an ongoing relationship with you or as needed to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Prospect contact data is retained for up to 36 months from last contact, then archived or deleted.
• Active client engagement records are retained for the duration of the engagement plus 7 years for tax, accounting, and contractual purposes.
• Anonymous and aggregated analytics may be retained indefinitely.
• Backups are retained for up to 90 days after deletion from primary systems.

Depending on where you live, you may have rights to:

• Access, correct, or delete personal information we hold about you.
• Object to or restrict certain processing.
• Opt out of targeted advertising and certain disclosures.
• Withdraw consent where processing is based on consent.
• Receive a copy of your personal information in a portable format.
• Lodge a complaint with a data-protection authority.

To exercise any of these rights, contact us using the details in Section 13. We may need to verify your identity before fulfilling certain requests. Authorized agents may submit requests on your behalf where permitted by law.

Marketing email opt-out. You can unsubscribe from marketing emails using the link at the bottom of any message. Transactional and engagement communications continue regardless.

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information, including encrypted transport (TLS), restricted access to production systems, password managers for shared credentials, and routine review of subprocessor security practices. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

We are based in the United States and our systems are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to, stored in, and processed in the United States, which may have different data-protection laws than your jurisdiction. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

Our Services are directed to businesses and professionals, not children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the latest revision. For material changes we will provide reasonable notice, such as a banner on the site or an email to clients.

Questions, requests, or complaints about this policy can be sent to:

Intertwine LLC
Attn: Privacy
support@intertwinehq.com