Opt-out Signals & Privacy Controls

1. Our Commitment to Privacy Signals

DentalVitals respects your privacy choices. As of January 1, 2026, we honor automated opt-out preference signals transmitted by your browser or device, including Global Privacy Control (GPC), as required by California Consumer Privacy Act (CCPA/CPRA) and other state privacy laws.

2. Global Privacy Control (GPC)

DentalVitals recognizes the Sec-GPC: 1 HTTP header as a valid, legally binding opt-out request under CCPA/CPRA Section 1798.135(b)(2). When we detect a GPC signal from your browser, we automatically:

✓ Disable non-essential analytics and tracking

✓ Opt you out of data sales and sharing (note: DentalVitals does not sell personal data)

✓ Limit data processing to essential service functionality only

✓ Apply your preference across all browsing sessions on the same device/browser

3. How to Enable GPC

GPC is a browser-level setting supported by privacy-focused browsers and extensions:

Browser Support: Brave, Firefox (with Privacy Badger), DuckDuckGo, Edge (via extension).

Browser Extensions: Install the official Global Privacy Control extension for Chrome, Safari, or Firefox from globalprivacycontrol.org.

Verification: Once enabled, visit this page and check your browser's developer tools (Network tab) to confirm the Sec-GPC: 1 header is being sent.

4. Do Not Track (DNT)

DentalVitals also respects the legacy Do Not Track (DNT) signal (DNT: 1), though it is not legally mandated. When DNT is detected, we disable third-party analytics scripts (e.g., Cloudflare Web Analytics personal identifiers).

Note: DNT does not prevent essential first-party cookies required for authentication, session management, or core platform functionality.

5. How Opt-Out Signals Are Processed

DentalVitals processes privacy signals at the edge using Cloudflare Workers:

Detection: When a request arrives, our server inspects the Sec-GPC and DNT headers.

Enforcement: If a signal is present, we set a persistent privacy-mode=1 cookie (HttpOnly, Secure, SameSite=Strict) that disables non-essential tracking.

Persistence: The opt-out preference persists for 1 year or until you clear your browser cookies, whichever comes first.

Cross-Device: Opt-out signals are device- and browser-specific. To apply your preference across multiple devices, enable GPC on each device.

6. What Opting Out Means

Disabled When Opted Out:

✗ Cloudflare Web Analytics (anonymized usage tracking)

✗ Feature usage telemetry (A/B testing, heatmaps)

✗ Third-party analytics integrations

✗ Cross-site tracking cookies

Still Active (Essential for Service):

✓ Authentication cookies (required for login)

✓ Session management (preserving your dashboard state)

✓ Security protections (CSRF tokens, rate limiting)

✓ Billing and transaction processing (Stripe secure checkout)

✓ Error logging for service reliability (no personal identifiers)

7. How to Verify Your Signal is Honored

To confirm DentalVitals is honoring your opt-out preference:

Step 1: Enable GPC in your browser (see Section 3).

Step 2: Visit dentalvitals.com and open your browser's Developer Tools (F12).

Step 3: Navigate to the Application or Storage tab and inspect cookies. You should see a cookie named privacy-mode with value 1.

Step 4: Check the Network tab. Cloudflare Web Analytics scripts should NOT be loaded when privacy mode is active.

If you do not see these changes, clear your cache and cookies, then reload the page.

8. Manual Opt-Out Options

If you cannot enable GPC (e.g., corporate-managed browser), you can manually opt out:

Email: Send a request to [email protected] with your account email and subject line "Opt-Out Request". We will disable analytics for your account within 7 days.

Account Settings: Log in to DentalVitals, navigate to Settings → Privacy & Data → Analytics Preferences, and toggle "Allow Analytics" to Off.

9. Applicable Regulations

DentalVitals' opt-out signal recognition complies with:

✓ California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — Cal. Civ. Code § 1798.135

✓ Colorado Privacy Act (CPA) — C.R.S. § 6-1-1306

✓ Connecticut Data Privacy Act (CTDPA) — Conn. Gen. Stat. § 42-520

✓ Virginia Consumer Data Protection Act (VCDPA) — Va. Code § 59.1-578

✓ Utah Consumer Privacy Act (UCPA) — Utah Code § 13-61-302

10. Data Sales and Sharing

DentalVitals does NOT sell or share personal data with third parties for advertising purposes, as defined by CCPA/CPRA. Therefore, enabling GPC primarily affects analytics tracking, not data sales (since we don't engage in data sales).

We only share data with service providers (Cloudflare, Stripe, Anthropic) under contractual data processing agreements, which is exempt from CCPA's "sale" definition.

11. Children's Privacy Signals

DentalVitals is not directed to individuals under 18. However, if we detect an opt-out signal from a minor (e.g., via parental controls), we apply the same privacy protections outlined above.

12. Contact

For questions about opt-out signals, manual opt-out requests, or privacy preferences, contact [email protected]. For general data practices, see our Privacy Policy.