Skip to content

PRIVACY POLICY

PRIVACY POLICY

Z3 Holdings LLC dba RISEDDS

Last Modified: March 18, 2026

1. Introduction

This Privacy Policy ("Policy") describes the information practices of Z3 Holdings LLC dba RISEDDS ("Company," "we," "our," or "us") in connection with our websites, platforms, mobile applications, products, and services, including but not limited to the Rise DDS platform, Rise Recall, Rise Platform, and all related products and solutions (collectively, the "Services"). This Policy applies to all information collected through our Services, whether provided directly by you or collected automatically.

This Policy is incorporated into and subject to the Terms and Conditions governing your use of our Services (the "Terms"), available at risedds.com. Capitalized terms not defined in this Policy have the meanings given to them in the Terms. In the event of any conflict between this Policy and the Terms, the Terms shall control.

BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS POLICY, YOU MUST NOT ACCESS OR USE OUR SERVICES.

2. Scope and Applicability

This Policy applies to Customer Data and other information collected from Customers, Authorized Users, website visitors, and any other individuals who interact with our Services. This Policy does not apply to information collected by third parties, including any third-party websites, platforms, or services that may be linked to or integrated with our Services. We are not responsible for the privacy practices or content of any third parties, and your interactions with third parties are governed solely by their respective privacy policies.

This Policy does not govern the relationship between our Clients (medical and dental practices) and their patients. Our Clients are solely responsible for obtaining all necessary patient consents and authorizations required under applicable law, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), prior to disclosing any Protected Health Information ("PHI") to us.

3. Information We Collect

3.1 Customer Data. We collect information that you provide directly to us in connection with your use of our Services, including but not limited to: name, email address, phone number, business name, business address, billing information, account credentials, and any other information you submit through our Services.

3.2 Protected Health Information. In connection with the marketing attribution, patient mapping, and analytics services we provide to medical and dental practices, we access and process a strictly limited scope of PHI from our Clients' patient management systems and/or electronic health record ("EHR") systems. Consistent with our corporate Data Minimization Policy and the HIPAA Minimum Necessary Standard (45 CFR 164.502(b)), the PHI we collect is intentionally limited to the minimum data elements necessary to perform our Services, which may include: patient name, patient address, insurance type or carrier (category only, no policy numbers or claims data), and aggregate appointment financial data (total spend only, with no breakdown by treatment, procedure, or service line). We do not collect, store, or process Social Security numbers, dates of birth, medical diagnoses, treatment plans, clinical notes, procedure codes, prescription information, laboratory results, mental health records, substance abuse records, or detailed financial account information.

3.3 Call Analytics Data. We may analyze inbound telephone calls to our Clients' practices, primarily for new patient inquiries, for the sole purpose of marketing attribution — determining which marketing channel or campaign generated the call. Our call analysis focuses on marketing-relevant data points such as whether the caller is a new or existing patient, whether an appointment was scheduled, and the referral source. Our call analytics are not designed or intended to capture, extract, store, or analyze clinical content including diagnoses, symptoms, treatment discussions, or medical history.

3.4 Automatically Collected Information. When you access our Services, we may automatically collect certain technical information, including but not limited to: IP address, browser type and version, device type, operating system, referring URLs, pages visited, time and date of access, and general geographic location derived from IP address. This information is collected through cookies, web beacons, pixels, and similar tracking technologies.

3.5 Aggregated and De-Identified Data. We may de-identify and/or aggregate information collected through our Services in accordance with the HIPAA safe harbor method (45 CFR 164.514(b)). Once information has been de-identified in compliance with applicable law, it is no longer considered PHI or personal information, and we may use, disclose, and retain such de-identified or aggregated data without restriction for any lawful purpose, including product improvement, analytics, research, benchmarking, and publication of industry statistics.

4. How We Use Your Information

We use the information we collect for the following purposes:

(a) To provide, operate, maintain, and improve our Services;

(b) To process transactions and send related notices;

(c) To communicate with you, including responding to inquiries and providing support;

(d) To provide marketing attribution, patient mapping, demographic analysis, and related analytics services to our Clients;

(e) To compile Aggregated Statistics as described in the Terms;

(f) To de-identify and aggregate data for product improvement, research, and benchmarking;

(g) To comply with legal and regulatory requirements, including HIPAA and HITECH;

(h) To protect against fraud, error, unauthorized access, and other security threats;

(i) To enforce our Terms, this Policy, and other agreements;

(j) To conduct research and statistical analysis related to our Services;

(k) To market and advertise our Services, subject to applicable law; and

(l) For any other purpose disclosed to you at the time of collection or with your consent.

5. How We Share Your Information

We may share your information under the following circumstances:

(a) Service Providers and Subcontractors. We engage independent contractors, subcontractors, vendors, and other third-party service providers to perform functions on our behalf in connection with the Services. These service providers may access Customer Data and PHI only as necessary to perform their functions and are contractually obligated to protect such information through written agreements imposing obligations no less protective than those set forth in this Policy and our Business Associate Agreement.

(b) Legal Compliance and Protection. We may disclose your information when we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, court order, subpoena, or legal process; protect the rights, property, or safety of Company, our Clients, or others; enforce our Terms or other agreements; or investigate potential violations of applicable law or our policies.

(c) Business Transfers. In the event of a merger, acquisition, divestiture, reorganization, dissolution, asset sale, or similar transaction, your information may be transferred as part of such transaction. We will provide notice of any such transfer as required by applicable law.

(d) With Your Consent. We may share your information for any other purpose with your explicit consent.

(e) De-Identified and Aggregated Data. We may share de-identified and aggregated data with third parties without restriction, as such data does not constitute PHI or personal information under applicable law.

WE DO NOT SELL PERSONAL INFORMATION OR PROTECTED HEALTH INFORMATION TO THIRD PARTIES FOR MONETARY CONSIDERATION.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect information about your use of our Services. These technologies help us analyze trends, administer our Services, track user activity, and gather demographic information.

Types of cookies we use:

(a) Essential Cookies: Required for the operation of our Services and cannot be disabled.

(b) Analytics Cookies: Help us understand how users interact with our Services and improve functionality.

(c) Advertising Cookies: Used to deliver relevant advertisements and track advertising campaign performance.

You may control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services. By continuing to use our Services, you consent to the use of cookies as described in this Section.

7. Data Security

We implement commercially reasonable administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your information, consistent with industry standards and the requirements of the HIPAA Security Rule (45 CFR Part 164, Subpart C). These safeguards include, but are not limited to: encryption of data in transit and at rest, access controls and role-based permissions, workforce training on data protection and HIPAA compliance, incident response and breach notification procedures, and regular review of security practices.

NOTWITHSTANDING THE FOREGOING, NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR SECURITY SYSTEM IS COMPLETELY SECURE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. YOUR USE OF OUR SERVICES CONSTITUTES YOUR ACKNOWLEDGMENT AND ACCEPTANCE OF THIS INHERENT RISK. COMPANY SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, USE OF, OR DISCLOSURE OF YOUR INFORMATION RESULTING FROM CIRCUMSTANCES BEYOND COMPANY'S REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO CRIMINAL ACTS OF THIRD PARTIES, CYBERATTACKS, OR FORCE MAJEURE EVENTS, PROVIDED THAT COMPANY MAINTAINED COMMERCIALLY REASONABLE SAFEGUARDS AT THE TIME OF SUCH EVENT.

8. Data Retention

We retain information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. The specific retention period for your information will be determined based on: the duration of your relationship with us, including any active Service Agreement; applicable legal, tax, and regulatory retention requirements; whether the information is necessary to protect our legal interests; and our corporate Data Minimization and Data Retention policies.

Upon expiration of the applicable retention period, information will be securely de-identified or destroyed in accordance with our policies. We reserve the unilateral right to de-identify or destroy PHI that is no longer necessary for active service delivery without prior notice to or consent from you, as described in our Terms. De-identified data may be retained indefinitely.

9. HIPAA Compliance

Company operates as a Business Associate under HIPAA with respect to PHI received from its Clients. Our handling of PHI is governed by the Business Associate Agreement Addendum incorporated into our Terms and Conditions (the "BAA Addendum"), which is available at risedds.com.

Our data collection practices are designed to comply with and exceed the HIPAA Minimum Necessary Standard (45 CFR 164.502(b)). As described in Section 3.2 of this Policy, we intentionally limit the categories and volume of PHI we collect to the minimum necessary for our marketing attribution and patient mapping services. This data minimization approach is a foundational design principle of our platform architecture, not a reactive compliance measure.

We require all workforce members, independent contractors, subcontractors, and vendors who access PHI to enter into written agreements imposing privacy, security, and confidentiality obligations consistent with HIPAA requirements prior to being granted access to PHI.

In the event of a Breach of Unsecured PHI (as defined in 45 CFR 164.402), we will comply with the breach notification requirements set forth in the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) and our BAA Addendum.

In the event of any inconsistency between this Policy and the mandatory provisions of HIPAA or our BAA Addendum, the provisions of HIPAA and the BAA Addendum shall prevail.

10. Protection of Minors

Our Services are designed for use by medical and dental practices and their authorized business representatives. Our Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a minor, we will take commercially reasonable steps to delete such information promptly. If you believe a minor has provided us with personal information, please contact us immediately.

11. User Rights

Users may have certain rights regarding their information under applicable law. To the extent required by applicable law, we will honor the following requests:

(a) Access. You may request access to the categories and specific pieces of personal information we have collected about you.

(b) Correction. You may request correction of inaccurate personal information we maintain about you.

(c) Deletion. You may request deletion of personal information we have collected about you, subject to applicable legal exceptions and retention requirements.

Any request under this Section must be submitted in writing to the contact information provided in Section 16 of this Policy. We will respond to verified requests within the timeframe required by applicable law, or within forty-five (45) calendar days of receipt if no specific timeframe is prescribed by law. We reserve the right to verify your identity before processing any request and to decline requests that are manifestly unfounded, excessive, repetitive, or where compliance would conflict with our legal obligations, including HIPAA.

WE ARE NOT REQUIRED TO DELETE INFORMATION THAT IS: (i) NECESSARY FOR COMPLIANCE WITH A LEGAL OBLIGATION; (ii) NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS; (iii) NECESSARY TO PERFORM OUR CONTRACTUAL OBLIGATIONS; (iv) DE-IDENTIFIED OR AGGREGATED; OR (v) OTHERWISE EXEMPT FROM DELETION UNDER APPLICABLE LAW, INCLUDING HIPAA.

12. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). To the extent applicable:

(a) You may request that we disclose what personal information we collect, use, disclose, and share about you.

(b) You may request deletion of your personal information, subject to applicable legal exceptions.

(c) You may opt out of the sale or sharing of your personal information. We do not sell personal information in the traditional sense. To the extent that certain data-sharing arrangements may constitute a "sale" or "sharing" under California law, you may opt out by contacting us at the information provided in Section 16.

(d) We will not discriminate against you for exercising your rights under California law.

(e) To the extent that HIPAA applies to the information at issue, such information is exempt from the CCPA/CPRA pursuant to California Civil Code §1798.145(c)(1)(A). PHI governed by HIPAA is not subject to the CCPA/CPRA, and requests regarding such information will be handled in accordance with HIPAA and our BAA Addendum.

13. Other State Privacy Laws

We monitor and comply with applicable state privacy laws as they take effect. If you are a resident of a state with an applicable consumer privacy law (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and Florida), you may have rights similar to those described in Sections 11 and 12 of this Policy. To exercise any such rights, please contact us using the information provided in Section 16. To the extent any state privacy law exempts information that is subject to HIPAA, such exemption shall apply.

14. Third-Party Links and Services

Our Services may contain links to third-party websites, platforms, or services that are not operated or controlled by us. This Policy does not apply to any third-party websites, platforms, or services. We are not responsible for the privacy practices, content, or security of any third party. We encourage you to review the privacy policies of any third-party websites or services before providing any personal information. YOUR INTERACTION WITH ANY THIRD-PARTY WEBSITE OR SERVICE IS AT YOUR OWN RISK, AND WE SHALL HAVE NO LIABILITY FOR ANY LOSS, DAMAGE, OR HARM ARISING FROM SUCH INTERACTION.

15. Changes to This Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time in our sole discretion. Material changes will be communicated by email to the address associated with your account and/or by posting a notice on our website at least thirty (30) days prior to the effective date of such changes. Your continued use of our Services following the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you must discontinue use of our Services. It is your responsibility to review this Policy periodically.

16. Contact Information

If you have questions about this Privacy Policy, wish to exercise any rights described herein, or have concerns about our information practices, please contact us at:

Z3 Holdings LLC dba RISEDDS Privacy Inquiries Email: [email protected] Mailing Address: Slusher & Rosenblum, P.A., 444 W Railroad Ave Ste 470, West Palm Beach, FL 33401

All written requests must identify the specific right being exercised and provide sufficient information to verify your identity. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive, to the extent permitted by applicable law.

17. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, COMPANY SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO THE COLLECTION, USE, DISCLOSURE, OR SECURITY OF YOUR INFORMATION UNDER THIS POLICY, INCLUDING BUT NOT LIMITED TO ANY UNAUTHORIZED ACCESS TO, USE OF, OR DISCLOSURE OF YOUR INFORMATION. COMPANY'S TOTAL LIABILITY ARISING FROM OR RELATED TO THIS POLICY SHALL BE SUBJECT TO THE LIMITATIONS SET FORTH IN THE TERMS AND CONDITIONS.

18. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws principles. Any dispute arising out of or related to this Policy shall be resolved in accordance with the Dispute Resolution provisions set forth in the Terms and Conditions.

This Privacy Policy is incorporated into and subject to the Terms and Conditions available at risedds.com. Please review the Terms and Conditions for additional provisions governing your use of our Services, including the Business Associate Agreement Addendum (Exhibit A).