Built for patient data from the ground up

HIPAA-Ready Infrastructure

ForgeDental is built on infrastructure that meets HIPAA technical safeguard requirements. Business Associate Agreements (BAAs) are available on Professional and Scale tiers.

Encrypted Storage

All patient data — call recordings, SMS threads, PMS-synced records — is encrypted at rest using AES-256. Data in transit uses TLS 1.2 or higher on every connection.

Tenant Isolation

Your practice's data is never mixed with another practice's data at the database level. Every tenant operates in a schema-isolated environment — a query from one practice cannot reach another's records.

Call Recordings

Every AI-handled call is recorded and stored encrypted. Playback is available through your account portal. Patients hear a recording disclosure at the start of each call. Recordings are retained for 90 days by default (configurable on Scale tier).

PMS Data Handling

We read patient and appointment data from your PMS to enable AI booking and Insights queries. We write back only to the appointment record when the AI books a visit. We do not store clinical notes, chart data, or treatment records.

SMS & Communications

Outbound SMS is handled via a 10DLC-registered number. All message threads are encrypted and tenant-isolated. We process opt-out (STOP) commands automatically and maintain opt-out records per TCPA requirements.

Access Controls

Role-based access at the practice level. ForgeDental engineers do not have routine access to patient records. Staff access to PHI requires documented justification and is logged with a timestamp and user identity.

Telephony

HIPAA-eligible voice provider with BAA in place. All call audio handled over encrypted connections.

SMS

10DLC-registered provider. STOP/HELP compliance handled automatically. BAA in place.

AI Processing

LLM inference handled on HIPAA-eligible infrastructure with BAA. Patient identifiers are minimized in prompts wherever possible.