Privacy Policy

1. Overview

DentalFlow (“we”, “our”, “us”) is committed to protecting the privacy of your practice and your patients. This policy explains what data we collect, why, and how we handle it. By using DentalFlow, you agree to the practices described here.

2. Data We Collect

Account data: Name, email address, practice name, billing information, and login credentials when you register.

Patient data: Patient records, appointment history, clinical notes, billing records, and other healthcare data that you enter into the platform. You are the data controller for this information.

Usage data: Log files, IP addresses, browser type, pages visited, and actions taken within the application, used to improve performance and security.

Cookies: We use essential cookies for session management and locale preferences. No advertising or tracking cookies are used.

3. How We Use Your Data

We use your data to: (a) provide and operate the Service; (b) send transactional emails (confirmations, reminders, invoices); (c) respond to support requests; (d) detect and prevent security threats; and (e) comply with legal obligations. We do not use patient data to train AI models or for advertising purposes.

4. Data Sharing

We do not sell your data. We share data only with: (a) infrastructure providers (hosting, database) under strict data processing agreements; (b) payment processors to handle billing; and (c) authorities when required by law. All sub-processors are contractually bound to the same privacy standards.

5. Data Security

Patient data is encrypted at rest and in transit using AES-256 and TLS 1.3. Access to production data is restricted to authorized personnel only. We maintain audit logs of all data access. We conduct regular security reviews and penetration testing.

6. Data Retention

We retain account and patient data for as long as your account is active. After account termination, data is deleted within 30 days unless you request an export or applicable law requires longer retention. Backup copies may persist for up to 90 days after deletion.

7. Your Rights

Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal data; object to or restrict processing; and request a machine-readable export of your data. To exercise these rights, email hello@dentalflow.com. We will respond within 30 days.

8. International Transfers

DentalFlow is hosted in the European Union. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in compliance with GDPR Article 46.

9. Children’s Privacy

The Service is intended for healthcare professionals. We do not knowingly collect personal data from individuals under 16. Patient records for minor patients are handled under the responsibility of the practitioner as data controller.

10. Changes to this Policy

We may update this policy periodically. We will notify you by email at least 14 days before material changes take effect. The date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your rights, contact us at hello@dentalflow.com.