FewGoodApps Inc. — Legal Center

Legal documents for Profit Smiles

Privacy Policy

This Privacy Policy (“Policy”) describes how FewGoodApps Inc. (“Company,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards information when you use our software-as-a-service platform, Profit Smiles (the “Service”). By accessing or using the Service, you agree to this Policy.

1) Who We Are

FewGoodApps Inc. is a Texas corporation providing SaaS tools for dental practices, including PPO analysis, membership plan management, referral/NPS tracking, social media scheduling/analytics, payment scheduling, and inventory management.

2) Information We Collect

We collect the following categories of information:

  • Practice Information — Business name, user accounts, subscription selections, billing and payment references.
  • Patient Information (PHI) — First/last name, email, phone, and any treatment-related notes you enter. This may constitute Protected Health Information (PHI) under HIPAA.
  • Social Media Connection Data — Meta API tokens, account/page IDs, posting actions, and engagement metrics (likes, comments, impressions).
  • Technical & Analytics Data — Device/browser type, IP address, usage logs, performance telemetry, and aggregated analytics.

Sources: You provide data directly (account setup, forms, uploads), we collect it automatically (cookies/logs), and we receive data via authorized integrations (Facebook/Instagram APIs, Stripe, Twilio) solely to operate the Service.

3) How We Use Information

  • To provide, maintain, secure, and improve the Service
  • To process payments via Stripe
  • To authenticate, schedule, and post to your social media accounts (only with your authorization)
  • To provide analytics (e.g., engagement, NPS trends) and customer support
  • To comply with legal obligations (HIPAA, GDPR, CCPA, etc.)

We do not sell or rent personal information and do not use data for unrelated advertising.

4) Automated Processing & Analytics

We may use automated tools to generate insights (e.g., effective posting windows, engagement trends). These analytics are advisory; we do not make decisions affecting patients or practices solely through automated processing.

5) How We Share Information

We share information only as needed to operate the Service or as required by law:

  • Subprocessors: AWS (hosting), Stripe (payments), Twilio (communications), Meta (social posting). All are bound by contractual confidentiality and security commitments.
  • Regulators/Law Enforcement when legally required.
  • Affiliates/Contractors under confidentiality and least-privilege access controls.

A current list of subprocessors is available upon request.

6) Social Media Integrations (Meta APIs)

  • We use Meta APIs only to authenticate your accounts, schedule/post content you choose, and collect engagement analytics.
  • No scraping, resale, or unrelated use of social data.
  • You can disconnect anytime via the in-app “Disconnect from Facebook” button.
  • Upon disconnection, all Meta API connection data (tokens, IDs, permissions) is immediately and permanently deleted from our database.

7) Data Retention

  • Practice Data: Retained indefinitely in read-only mode after cancellation unless you request deletion.
  • Meta API Data: Deleted immediately upon disconnection.
  • Billing/Accounting: Deletable upon request; we will permanently erase it if you ask.
  • Audit/Security Logs: Maintained minimally for security, then purged on a rolling basis.

8) HIPAA Compliance

We act as a Business Associate and you act as the Covered Entity. We implement administrative, technical, and physical safeguards for PHI; use PHI only to provide the Service; notify you of any breach of unsecured PHI without unreasonable delay (no later than 30 days after discovery); and return or destroy PHI upon termination if requested and feasible.

9) GDPR & CCPA Rights

Where applicable, you may have rights to access, correct, delete, restrict, or port personal data. We do not sell or share personal information for cross-context behavioral advertising. International transfers are performed with contractual safeguards; data is hosted in the U.S. (AWS). Contact support@fewgoodapps.com to exercise these rights.

10) Security

We use encryption (in transit/at rest), least-privilege access, and AWS cloud safeguards. No method of transmission or storage is 100% secure.

11) Changes

We may update this Policy and will post the updated version with a revised “Effective Date.”

12) Contact

FewGoodApps Inc.support@fewgoodapps.com

Terms of Service

These Terms of Service (“Terms”) govern your access to and use of Profit Smiles, operated by FewGoodApps Inc. By using the Service, you agree to these Terms.

1) Eligibility & Accounts

  • You must be at least 18 and authorized to act on behalf of a dental practice or business entity.
  • Provide accurate information; safeguard credentials; you are responsible for all activity under your account.

2) Subscriptions & Fees

  • Monthly subscription; each tool is priced separately and billed in advance via Stripe.
  • Subscriptions auto-renew unless canceled. You can cancel anytime; no long-term contracts.
  • Feature Removal Remedy: If a core functionality (e.g., automated social posting) is materially removed and not restored within 60 days, you may request a pro-rata refund of fees associated with that functionality for the remaining term.

3) Acceptable Use

Use the Service only for lawful practice operations. Prohibited activities include reverse engineering, bypassing security limits, scraping, spamming, and misuse of social media integrations.

4) Data Ownership & License

  • You retain ownership of all practice/patient data you submit.
  • You grant us a limited, non-exclusive license to process data solely to operate and improve the Service.
  • Upon cancellation, your data remains available in read-only mode; you may request permanent deletion (including billing records).

5) Social Media Connections (Meta APIs)

  • You authorize us to use Meta APIs only to authenticate, schedule/post content you choose, and collect engagement analytics.
  • You can disconnect at any time in the app. Upon disconnection, all Meta API connection data (tokens, IDs, permissions) is immediately deleted.

6) Service Availability & Modifications

We strive for reliable service but do not guarantee uninterrupted uptime. We may modify features for technical, legal, or business reasons and will provide reasonable notice where feasible.

7) Security & Subprocessors

We implement industry safeguards and use trusted providers (AWS, Stripe, Twilio). Subprocessors are contractually bound to confidentiality and HIPAA/GDPR-equivalent protections. A current list is available upon request.

8) Disclaimers

The Service is provided “as is.” We disclaim warranties of merchantability, fitness for a particular purpose, and non-infringement to the fullest extent permitted by law.

9) Limitation of Liability

To the maximum extent permitted by law, we are not liable for indirect, incidental, or consequential damages. Our total liability for claims relating to the Service is limited to fees paid in the three (3) months before the event giving rise to the claim.

10) Indemnification

You agree to indemnify and hold FewGoodApps Inc. harmless from claims, damages, and expenses arising from your misuse of the Service or breach of these Terms.

11) Governing Law & Dispute Resolution

  • These Terms are governed by the laws of the State of Texas, excluding its conflicts of laws rules.
  • Disputes shall be resolved by binding arbitration in Texas (administered by a recognized arbitration body). Either party may bring an eligible claim in small claims court in Texas.
  • Class Action/Jury Waiver: You waive class actions and jury trials.

12) Termination

  • We may suspend or terminate your access for material violations.
  • Upon termination, data remains read-only unless you request permanent deletion.

13) Changes

We may update these Terms; continued use after updates constitutes acceptance.

14) Contact

FewGoodApps Inc.support@fewgoodapps.com

User Data Deletion Instructions

We respect your right to control your data. You can delete information in the following ways:

1) Social Media Data (Facebook & Instagram)

In your Profit Smiles account settings, click “Disconnect from Facebook”. When you disconnect, all Meta API connection data (access tokens, account/page IDs, permissions) is immediately and permanently deleted from our database.

2) Practice Data (General SaaS Data)

Your practice data remains available in read-only mode after subscription cancellation. To request permanent deletion of all practice data—including billing/accounting references—email support@fewgoodapps.com.

3) Patient Data (PHI)

Covered Entities may request deletion of PHI at any time. We will permanently erase PHI (including from backups where feasible) and confirm completion, in compliance with HIPAA, GDPR, and CCPA.

4) Contact

FewGoodApps Inc.support@fewgoodapps.com

Business Associate Agreement (BAA)

This Business Associate Agreement (“Agreement”) is entered into between FewGoodApps Inc. (“Business Associate”) and the subscribing dental practice (“Covered Entity”) and supplements the Terms of Service.

1) Definitions

  • PHI: Protected Health Information as defined by HIPAA.
  • Business Associate: FewGoodApps Inc.
  • Covered Entity: The subscribing dental practice.

2) Permitted Uses and Disclosures

Business Associate may use/disclose PHI solely to provide, maintain, and support the Profit Smiles Service, or as required by law. No use for marketing or resale without Covered Entity authorization.

3) Safeguards

Business Associate will implement administrative, physical, and technical safeguards, including encryption in transit/at rest, least-privilege access, staff training, monitoring, and vulnerability management.

4) Subcontractors

Business Associate may engage subprocessors (including AWS, Stripe, Twilio) only under written agreements requiring HIPAA-equivalent protections and confidentiality. A current list is available upon request.

5) Breach Notification

Business Associate will notify Covered Entity of any unauthorized access, disclosure, or breach of unsecured PHI without unreasonable delay and no later than 30 days after discovery, including (to the extent known) the nature of the incident, types of PHI involved, affected individuals, and mitigation steps.

6) Rights of Covered Entity

  • Access to PHI maintained by Business Associate (as applicable)
  • Amendment of PHI where inaccurate or incomplete
  • Accounting of disclosures (as required by HIPAA)

7) Audit Rights

Upon reasonable prior notice (no more than once per 12 months), Covered Entity may request an assessment/audit of Business Associate’s HIPAA compliance practices, subject to mutually agreed scope, confidentiality, and non-disruption of operations.

8) Termination

Either party may terminate for material breach if not cured within a reasonable period. Upon termination, Business Associate will return or securely destroy PHI. If return/destruction is infeasible, protections herein continue for as long as PHI is retained.

9) Data Deletion

  • Practice data remains available in read-only mode after service termination unless deletion is requested.
  • Upon Covered Entity’s request, Business Associate will permanently delete all PHI (including backups where feasible), unless retention is required by law.
  • Meta API connection data is always deleted immediately upon disconnection.

10) Miscellaneous

Governing law: Texas. This Agreement, together with the Terms of Service, constitutes the entire understanding regarding PHI handling and supersedes prior agreements on this subject.

Back to top ↑